Written Information Security Policy Clause Samples
A Written Information Security Policy clause requires an organization to formally document its approach to protecting sensitive information. This policy typically outlines the procedures, controls, and responsibilities for safeguarding data, including access controls, incident response, and employee training. By mandating a written policy, the clause ensures that security measures are clearly communicated and consistently applied, reducing the risk of data breaches and demonstrating compliance with legal or regulatory requirements.
Written Information Security Policy. Contractor shall establish and maintain a formal, documented, mandated, company-wide information security program, including security policies, standards, and procedures (collectively “Information Security Policy”), and communicate the Information Security Policy to all of its respective employees and contractors in a relevant, accessible, and understandable form. Contractor shall regularly review and evaluate the Information Security Policy to ensure its operational effectiveness, compliance with all applicable laws and regulations, and to address new threats and risks. Upon execution of this Agreement and thereafter within three (3) business days of City’s request, Contractor shall make available for City’s review Contractor’s Information Security Policy and any related SOC audits, information security certifications, or other evidence that Contractor has in place appropriate policies and procedures regarding information protection and security.