1Introduction. 3.1. 1The Supplier shall develop, implement, operate, maintain and continuously improve and maintain (and ensure that all Supplier Staff and Sub-Suppliers implement and comply with) an ISMS which will, without prejudice to paragraph 2.2, be approved, by the Authority, tested in accordance with schedule 4, periodically updated and audited in accordance with ISO/IEC 27001. 3.1. 2The Supplier shall develop and maintain a Security Management Plan in accordance with this schedule to apply during the Contract Period. 3.1. 3The Supplier shall comply with its obligations set out in the Security Management Plan and the other elements of this Framework Agreement relevant to security (including the security requirements). 3.1. 4Both the ISMS and the Security Management Plan shall, unless otherwise specified by the Authority, aim to protect all aspects of the Services and all processes associated with the delivery of the Services, including the Supplier System and any ICT, information and data (including the Authority Confidential Information and the Authority Data) to the extent used by the Authority or the Supplier in connection with this Framework Agreement. 3.1. 5A draft Security Plan provided by the Supplier as part of its bid is set out in Appendix B. 3.1. 6The Supplier is responsible for monitoring and ensuring that it is aware of changes to the Security Policy. The Supplier shall keep the Security Plan up-to-date with the Security Policy as amended from time to time.
Appears in 2 contracts