Common use of Subcontractor Management Clause in Contracts

Subcontractor Management. This Information Security Standard shall apply to all subcontractors utilized by the Third Party/Supplier that handle Information belonging to or entrusted to Lilly resides outside Lilly’s environment and/or when the Third Party/Supplier has remote access connection to Lilly’s environment. It is the responsibility of the Third Party/Supplier to ensure the Information Security Standard is communicated to and complied with by each subcontractor. For the avoidance of doubt, subcontractors include, but not limited to; reprographics third pa rties/suppliers, off-site storage third party/supplier, software developers, cloud hosting facilities and data center facilities. Formal contracts between Third Party/Supplier and subcontractors must be executed that outline the controls to be provided, including co ntrols to maintain the confidentiality, availability, and integrity of Information. Initial and on-going assessments must be conducted to ensure subcontractors are adhering to the Information Security Standard and security incidents and problems are managed appropriately. Third Party/Supplier must inform Lilly and obtain wri tten approval prior to the use of subcontractors who will either handle Information or have access to Third Party/Supplier or Lilly systems in which such Information resides, as well as the country lo cation(s) where any Information will be handled.

Subcontractor Management. This Information Security Standard shall apply to all subcontractors utilized by the Third Party/Supplier that handle Information belonging to or entrusted to Lilly resides outside oxxxxxe Lilly’s environment and/or when the Third Party/Supplier has remote access connection to Lilly’s environment. It is the responsibility of the Third Party/Supplier to ensure the Information Security Standard is communicated to and complied with by each subcontractor. For the avoidance of doubt, subcontractors include, but not limited to; reprographics third pa rties/suppliers, off-site storage third party/supplier, software developers, cloud hosting facilities and data center facilities. Formal contracts between Third Party/Supplier and subcontractors must be executed that outline the controls to be provided, including co ntrols to maintain the confidentiality, availability, and integrity of Information. Initial and on-going assessments must be conducted to ensure subcontractors are adhering to the Information Security Standard and security incidents and problems are managed appropriately. Third Party/Supplier must inform Lilly and obtain wri obtaix xxx tten approval prior to the use of subcontractors who will either handle Information or have access to Third Party/Supplier or Lilly systems in which such Information resides, as well as the country lo cation(s) where any Information will be handled.

Subcontractor Management. This Information Security Standard shall apply to all subcontractors utilized by the Third Party/Supplier that handle Information belonging to or entrusted to Lilly Xxxxx resides outside Lilly’s environment and/or when the Third Party/Supplier has remote access connection to Lilly’s environment. It is the responsibility of the Third Party/Supplier to ensure the Information Security Standard is communicated to and complied with by each subcontractor. For the avoidance of doubt, subcontractors include, but not limited to; reprographics third pa rtiesparties/suppliers, off-site storage third party/supplier, software developers, cloud hosting facilities and data center facilities. Formal contracts between Third Party/Supplier and subcontractors must be executed that outline the controls to be provided, including co ntrols controls to maintain the confidentiality, availability, and integrity of Information. Initial and on-going assessments must be conducted to ensure subcontractors are adhering to the Information Security Standard and security incidents and problems are managed appropriately. Third Party/Supplier must inform Lilly Xxxxx and obtain wri tten written approval prior to the use of subcontractors who will either handle Information or have access to Third Party/Supplier or Lilly systems in which such Information resides, as well as the country lo cation(slocation(s) where any Information will be handled.