Common use of Security Standards Clause in Contracts

Security Standards. 9.2.1. It is expected that partners of this agreement will have in place baseline security measures compliant with or be equivalent to BS17799: 2005 and ISO/IEC 27001:2013 and HMG standards in relation to information security. Partners are at liberty to request copies of each other’s: a) Information Security Policy b) Records Management Policy c) Data Protection Policy 9.2.2. Each partner will implement and maintain appropriate technical and organisational measures to: • Prevent: i. unauthorised or unlawful processing of the Personal Data; and ii. the accidental loss or destruction of, or damage to, the Shared Personal Data; and • ensure a level of security appropriate to: i. the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and ii. the nature of the Shared Personal Data to be protected. 9.2.3. Any further specific security measures sought by one party shall be notified to the other party from time to time, which shall implement them where reasonably practicable. The parties shall keep such security measures under review and shall carry out updates as they agree are appropriate throughout the Term. 9.2.4. It is the responsibility of each party to ensure that its staff members are appropriately trained to handle and process the Shared Personal Data in accordance with the technical and organisational security measures together with any other applicable data protection laws and guidance, and have entered into confidentiality agreements relating to the processing of personal data. 9.2.5. Each partner will ensure that employees or agents who have access to personal data have undergone appropriate data protection training to be competent to comply with the terms of this agreement.

Security Standards. 9.2.1. It is expected that partners 9.2.1 Parties of this agreement Call-off Contract will have in place baseline security measures compliant with or be equivalent to BS17799: 2005 and ISO/IEC 27001:2013 and HMG standards in relation to information security. Partners are at liberty to request copies of each other’s: a) Information Security Policy b) Records Management Policy c) Data Protection Policy 9.2.2. 9.2.2 Each partner party will implement and maintain appropriate technical and organisational measures to: • Prevent: i. unauthorised or unlawful processing of the Personal Data; and ii. the accidental loss or destruction of, or damage to, the Shared Personal Data; and • ensure a level of security appropriate to: i. the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and ii. the nature of the Shared Personal Data to be protected. 9.2.3. 9.2.3 Any further specific security measures sought by one party shall be notified to the other party from time to time, which shall implement them where reasonably practicable. The parties shall keep such security measures under review and shall carry out updates as they agree are appropriate throughout the Term. 9.2.4. 9.2.4 It is the responsibility of each party to ensure that its staff members are appropriately trained to handle and process the Shared Personal Data in accordance with the technical and organisational security measures together with any other applicable data protection laws and guidance, and have entered into confidentiality agreements relating to the processing of personal data. 9.2.5. Each partner will ensure that employees or agents who have access to personal data have undergone appropriate data protection training to be competent to comply with the terms of this agreement.

Security Standards. 9.2.110.2.1. It is expected that partners of this agreement will have in place baseline security measures compliant with or be equivalent to BS17799: 2005 and ISO/IEC 27001:2013 and HMG standards in relation to information security. Partners are at liberty to request copies of each other’s: a) Information Security Policy b) Records Management Policy c) Data Protection Policy 9.2.210.2.2. Each partner will implement and maintain appropriate technical and organisational measures to: • Prevent: i. unauthorised or unlawful processing of the Personal Data; and ii. the accidental loss or destruction of, or damage to, the Shared Personal Data; and • ensure a level of security appropriate to: i. the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and ii. the nature of the Shared Personal Data to be protected. 9.2.310.2.3. Any further specific security measures sought by one party shall be notified to the other party from time to time, which shall implement them where reasonably practicable. The parties shall keep such security measures under review and shall carry out updates as they agree are appropriate throughout the Term. 9.2.410.2.4. It is the responsibility of each party to ensure that its staff members are appropriately trained to handle and process the Shared Personal Data in accordance with the technical and organisational security measures together with any other applicable data protection laws and guidance, and have entered into confidentiality agreements relating to the processing of personal data. 9.2.510.2.5. Each partner will ensure that employees or agents who have access to personal data have undergone appropriate data protection training to be competent to comply with the terms of this agreement.

Security Standards. 9.2.18.2.1. It is expected that partners of this agreement will have in place baseline security measures compliant with or be equivalent to BS17799: 2005 and ISO/IEC 27001:2013 and HMG standards in relation to information security. Partners are at liberty to request copies of each other’s: a) Information Security Policy b) Records Management Policy c) Data Protection Policy 9.2.28.2.2. Each partner will implement and maintain appropriate technical and organisational measures to: •  Prevent: i. unauthorised or unlawful processing of the Personal Data; and ii. the accidental loss or destruction of, or damage to, the Shared Personal Data; and •  ensure a level of security appropriate to: i. the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and ii. the nature of the Shared Personal Data to be protected. 9.2.38.2.3. Any further specific security measures sought by one party shall be notified to the other party from time to time, which shall implement them where reasonably practicable. The parties shall keep such security measures under review and shall carry out updates as they agree are appropriate throughout the Term. 9.2.48.2.4. It is the responsibility of each party to ensure that its staff members are appropriately trained to handle and process the Shared Personal Data in accordance with the technical and organisational security measures together with any other applicable data protection laws and guidance, and have entered into confidentiality agreements relating to the processing of personal data. 9.2.58.2.5. Each partner will ensure that employees or agents who have access to personal data have undergone appropriate data protection training to be competent to comply with the terms of this agreement.

Security Standards. 9.2.16.2.1. It is expected that partners of this agreement will have in place baseline security measures compliant with or be equivalent to BS17799: 2005 and ISO/IEC 27001:2013 and HMG standards in relation to information security. Partners are at liberty to request copies of each other’s: a) Information Security Policy b) Records Management Policy c) Data Protection Policy 9.2.26.2.2. Each partner will implement and maintain appropriate technical and organisational measures to: • Prevent: i. unauthorised or unlawful processing of the Personal Data; and ii. the accidental loss or destruction of, or damage to, the Shared Personal Data; and • ensure a level of security appropriate to: i. the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and ii. the nature of the Shared Personal Data to be protected. 9.2.36.2.3. Any further specific security measures sought by one party shall be notified to the other party from time to time, which shall implement them where reasonably practicable. The parties shall keep such security measures under review and shall carry out updates as they agree are appropriate throughout the Term. 9.2.46.2.4. It is the responsibility of each party to ensure that its staff members are appropriately trained to handle and process the Shared Personal Data in accordance with the technical and organisational security measures together with any other applicable data protection laws and guidance, and have entered into confidentiality agreements relating to the processing of personal data. 9.2.56.2.5. Each partner will ensure that employees or agents who have access to personal data have undergone appropriate data protection training to be competent to comply with the terms of this agreement.

Security Standards. 9.2.18.2.1. It is expected that partners of this agreement will have in place baseline security measures compliant with or be equivalent to BS17799: 2005 and ISO/IEC 27001:2013 and HMG standards in relation to information security. Partners are at liberty to request copies of each other’s: a) Information Security Policy b) Records Management Policy c) Data Protection Policy 9.2.28.2.2. Each partner will implement and maintain appropriate technical and organisational measures to: • Prevent: i. unauthorised or unlawful processing of the Personal Data; and ii. the accidental loss or destruction of, or damage to, the Shared Personal Data; and • ensure a level of security appropriate to: i. the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and ii. the nature of the Shared Personal Data to be protected. 9.2.38.2.3. Any further specific security measures sought by one party shall be notified to the other party from time to time, which shall implement them where reasonably practicable. The parties shall keep such security measures under review and shall carry out updates as they agree are appropriate throughout the Term. 9.2.48.2.4. It is the responsibility of each party to ensure that its staff members are appropriately trained to handle and process the Shared Personal Data in accordance with the technical and organisational security measures together with any other applicable data protection laws and guidance, and have entered into confidentiality agreements relating to the processing of personal data. 9.2.58.2.5. Each partner will ensure that employees or agents who have access to personal data have undergone appropriate data protection training to be competent to comply with the terms of this agreement.

Security Standards. 9.2.17.2.1. It is expected that partners of this agreement will have in place baseline security measures compliant with or be equivalent to BS17799: 2005 and ISO/IEC 27001:2013 and HMG standards in relation to information security. Partners are at liberty to request copies of each other’s: a) Information Security Policy b) Records Management Policy c) Data Protection Policy 9.2.27.2.2. Each partner will implement and maintain appropriate technical and organisational measures to: • Prevent: i. unauthorised or unlawful processing of the Personal Data; and ii. the accidental loss or destruction of, or damage to, the Shared Personal Data; and • ensure a level of security appropriate to: i. the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and ii. the nature of the Shared Personal Data to be protected. 9.2.37.2.3. Any further specific security measures sought by one party shall be notified to the other party from time to time, which shall implement them where reasonably practicable. The parties shall keep such security measures under review and shall carry out updates as they agree are appropriate throughout the Term. 9.2.47.2.4. It is the responsibility of each party to ensure that its staff members are appropriately trained to handle and process the Shared Personal Data in accordance with the technical and organisational security measures together with any other applicable data protection laws and guidance, and have entered into confidentiality agreements relating to the processing of personal data. 9.2.57.2.5. Each partner will ensure that employees or agents who have access to personal data have undergone appropriate data protection training to be competent to comply with the terms of this agreement.

Security Standards. 9.2.110.2.1. It is expected that partners of this agreement will have in place baseline security measures compliant with or be equivalent to BS17799: 2005 and ISO/IEC 27001:2013 and HMG standards in relation to information security. Partners are at liberty to request copies of each other’s: a) Information Security Policy b) Records Management Policy c) Data Protection Policy 9.2.210.2.2. Each partner will implement and maintain appropriate technical and organisational measures to: • Prevent: i. unauthorised or unlawful processing of the Personal Data; and ii. the accidental loss or destruction of, or damage to, the Shared Personal Data; and • ensure a level of security appropriate to: i. the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and ii. the nature of the Shared Personal Data to be protected. 9.2.310.2.3. Any further specific security measures sought by one party shall be notified to the other party from time to time, which shall implement them where reasonably practicable. The parties shall keep such security measures under review and shall carry out updates as they agree are appropriate throughout the Term. 9.2.410.2.4. It is the responsibility of each party to ensure that its staff members are appropriately trained to handle and process the Shared Personal Data in accordance with the technical and organisational security measures together with any other applicable data protection laws and guidance, and have entered into confidentiality agreements relating to the processing of personal data. 9.2.510.2.5. Each partner will ensure that employees or agents who have access to personal data have undergone appropriate data protection training to be competent to comply with the terms of this agreement.