1Introduction. 3.1. 1The SERVICE PROVIDER shall develop, implement, operate, maintain and continuously improve and maintain an ISMS which will, without prejudice to paragraph 2.2 of this Schedule, be approved, by the CUSTOMER, tested in accordance with this Schedule, periodically updated and audited in accordance with ISO/IEC 27001. 3.1. 2The SERVICE PROVIDER shall develop and maintain a Security Management Plan in accordance with this Schedule to apply during the Term. 3.1. 3The SERVICE PROVIDER shall comply with its obligations set out in the Security Management Plan. 3.1. 4Both the ISMS and the Security Management Plan shall, unless otherwise specified by the CUSTOMER, aim to protect all aspects of the Ordered Software Application Solutions and all processes associated with the delivery of the Ordered Software Application Solutions, including the CUSTOMER Premises, the Sites, the SERVICE PROVIDER System and any ICT, information and data (including the CUSTOMER Confidential Information and the CUSTOMER Data) to the extent used by the CUSTOMER or the SERVICE PROVIDER in connection with this Contract.
Appears in 2 contracts
Sources: Software Application Solutions Framework Agreement, Software Application Solutions Framework Agreement