Spark security requirements. Without limiting clause 20.1 Supplier must protect the Data against unauthorised access, use, modification, deletion or disclosure by: (a) implementing and maintaining an effective information security policy and management framework in accordance with Good Industry Practice, and including reasonable personnel, physical, system and data controls; (b) complying with all security standards relevant to the Deliverables (e.g. COBIT, ISO/IEC 27001, ISO/IEC 3100, PCI DSS, NZISM, SSAE 16); (c) providing appropriate specialist training for personnel involved in information security as relevant to the Deliverables (e.g. CISSP, CISM, PCI ISA, SANS GIAC); (d) creating and encouraging a proactive, security-centric culture that recognises the importance of people in protecting information and systems; (e) monitoring and following current globally-accepted security guidelines (e.g. OWASP Top Ten, SANS Critical Security Controls for Effective Cyber Defense, ASD Strategies to Mitigate Targeted Cyber Intrusions; (f) proactively and regularly testing services for security vulnerabilities, including remediating all findings that are critical, high severity or expose the service to unnecessary risk; and (h) complying with any other reasonable security requirements notified by Spark to Supplier from time to time.
Appears in 3 contracts
Samples: www.sparknz.co.nz, www.sparknz.co.nz, www.sparknz.co.nz
Spark security requirements. Without limiting clause 20.1 Supplier must protect the Data against unauthorised access, use, modification, deletion or disclosure by: (a) implementing and maintaining an effective information security policy and management framework in accordance with Good Industry Practice, and including reasonable personnel, physical, system and data controls; (b) complying with all security standards relevant to the Deliverables (e.g. COBIT, ISO/IEC 27001, ISO/IEC 3100, PCI DSS, NZISM, SSAE 16); (c) providing appropriate specialist training for personnel involved in information security as relevant to the Deliverables (e.g. CISSP, CISM, PCI ISA, SANS GIAC); (d) creating and encouraging a proactive, security-centric culture that recognises the importance of people in protecting information and systems; (e) monitoring and following current globally-accepted security guidelines (e.g. OWASP Top Ten, SANS Critical Security Controls for Effective Cyber Defense, ASD Strategies to Mitigate Targeted Cyber Intrusions; (f) proactively and regularly testing services for security vulnerabilities, including remediating all findings that are critical, high severity or expose the service to unnecessary risk; and (h) complying with any other reasonable security requirements notified by Spark to Supplier from time to time.
Appears in 2 contracts
Samples: www.sparknz.co.nz, www.sparknz.co.nz
