Common use of Security Policy Requirements Clause in Contracts

Security Policy Requirements. The Recipient shall comply with the requirements for the protection of the various classifications of information set out in the following documents: IPPR01-TAC09 - “Information Security Responsibilities for Contractors Handling ‘OFFICIAL’ Information outside NDA Premises” IPPR01-TAC10 - "Cyber Essentials in the NDA" IPPR01-TAC11 - "Contractors working in non-NDA locations" SCP03 - "Information Security Policy" SCP04 - "Clear Desk Policy" SCP07 - "Business Travel and Working With NDA Issued Equipment in Overseas Locations" SCP08 – “Mobile and Remote Working Policy” Further information on security markings is available from: xxxxx://xxx.xxx.xx/government/publications/government-security-classifications Legal Requirements The Recipient must comply with their legal obligations, including those defined in: The Data Protection Act 2018 (alongside EU GDPR) Computer Misuse Act 1990

Security Policy Requirements. The In the performance of the Services under the contract, the Recipient and any sub-contractor shall comply with the requirements for the protection of the various classifications of information set out in the following documents: IPPR01-TAC09 - “Information Security Responsibilities for Contractors Handling ‘OFFICIAL’ Information outside NDA Premises” IPPR01-TAC10 - "Cyber Essentials in the NDA" IPPR01-TAC11 - "Contractors working in non-NDA locations" SCP03 - "Information Security Policy" SCP04 - "Clear Desk Policy" SCP07 - "Business Travel and Working With NDA Issued Equipment in Overseas Locations" SCP08 – “Mobile and Remote Working Policy” Further information on security markings is available from: xxxxx://xxx.xxx.xx/government/publications/government-security-classifications Legal Requirements The Recipient and their sub-contractors must comply with their legal obligations, including those defined in: The Data Protection Act 2018 Xxx 0000 (alongside EU GDPR) Computer Misuse Act 1990Xxxxxx Xxx 0000

Security Policy Requirements. The Recipient shall comply with the requirements for the protection of the various classifications of information set out in the following documents: IPPR01-TAC09 - “Information Security Responsibilities for Contractors Handling ‘OFFICIAL’ Information outside NDA Premises” IPPR01-TAC10 - "Cyber Essentials in the NDA" IPPR01-TAC11 - "Contractors working in non-NDA locations" SCP03 - "Information Security Policy" SCP04 - "Clear Desk Policy" SCP07 - "Business Travel and Working With NDA Issued Equipment in Overseas Locations" SCP08 – “Mobile and Remote Working Policy” Further information on security markings is available from: xxxxx://xxx.xxx.xx/government/publications/government-security-classifications Legal Requirements The Recipient must comply with their legal obligations, including those defined in: The Data Protection Act 2018 Xxx 0000 (alongside EU UK GDPR) Computer Misuse Act 1990Xxxxxx Xxx 0000

Security Policy Requirements. The Recipient shall comply with the requirements for the protection of the various classifications of information set out in the following documents: IPPR01-TAC09 - “Information Security Responsibilities for Contractors Handling ‘OFFICIAL’ Information outside NDA Premises” IPPR01-TAC10 - "Cyber Essentials in the NDA" IPPR01-TAC11 - "Contractors working in non-NDA locations" SCP03 - "Information Security Policy" SCP04 - "Clear Desk Policy" SCP07 - "Business Travel and Working With NDA Issued Equipment in Overseas Locations" SCP08 – “Mobile and Remote Working Policy” Further information on security markings is available from: xxxxx://xxx.xxx.xx/government/publications/government-security-classifications Legal Requirements The Recipient must comply with their legal obligations, including those defined in: The Data Protection Act 2018 Xxx 0000 (alongside EU GDPR) Computer Misuse Act 1990Xxxxxx Xxx 0000