Common use of Breach of Security Clause in Contracts

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.1, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off Schedule, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Schedule 8, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.195.1, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleSchedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Schedule 87, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.195.1, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleContract Schedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Contract Schedule 87, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.195.1, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleSchedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Schedule 87, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.194.1, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off Schedule, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Schedule 8, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.177.1, the Supplier Service Provider shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleSchedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO ANNEX 1: Security Policy 12/08/2013 ANNEX 2: SECURITY MANAGEMENT PLAN CALL OFF SCHEDULE 8] : BUSINESS CONTINUITY AND DISASTER RECOVERY DEFINITIONS In this Call Off Schedule 8, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.13.12, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleSchedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Schedule 87, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.19.1, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleSchedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Schedule 87, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.176.12, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleContract Schedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Contract Schedule 87, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.177.1, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleSchedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Schedule 87, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.14.12, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleSchedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Schedule 87, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.197.1, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleSchedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Schedule 87, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.15.1, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods Products and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleSchedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Schedule 87, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.195.1, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or and Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off Schedule, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Schedule 8, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.13.12, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleLease Agreement Schedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Lease Agreement Schedule 87, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.19.1, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleSchedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO ANNEX 1: SECURITY POLICY 12/08/2013 ANNEX 2: SECURITY MANAGEMENT PLAN CALL OFF SCHEDULE 8] : BUSINESS CONTINUITY AND DISASTER RECOVERY DEFINITIONS In this Call Off Schedule 8, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.13.12, the Supplier shall: immediately take all reasonable steps(which steps (which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services and delivery of purchased Goods to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleSchedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM 12/08/2013 ANNEX 1: SECURITY POLICY 12/08/2013 ANNEX 2: SECURITY MANAGEMENT PLAN CALL OFF SCHEDULE 8 – PARAGRAPHS 1 TO 8] NOT USED 12/08/2013 CALL OFF SCHEDULE 9: EXIT MANAGEMENT DEFINITIONS In this Call Off Schedule 89, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.125.1, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleSchedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Schedule 87, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.181.12, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleSchedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Schedule 87, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.195.1, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleSchedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO ANNEX 1: SECURITY POLICY 12/08/2013 ANNEX 2: SECURITY MANAGEMENT PLAN CALL OFF SCHEDULE 8] : BUSINESS CONTINUITY AND DISASTER RECOVERY DEFINITIONS In this Call Off Schedule 8, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.189.12, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Call-Off Schedule, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 ANNEX 1: SECURITY POLICY [ ] 12/08/2013 ANNEX 2: SECURITY MANAGEMENT PLAN [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Schedule 8, the following definitions shall apply:CALL-OFF SCHEDULE 9: BUSINESS CONTINUITY AND DISASTER RECOVERY]

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.15.1, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleContract Schedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Schedule 8, the following definitions shall apply:.

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.188.1, the Supplier shall: immediately take all reasonable steps(which steps (which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off Schedule, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Schedule 8, the following definitions shall apply:

Breach of Security. Either party shall notify the other in accordance with the agreed security incident management process (as detailed in the Security Management Plan if one exists) upon becoming aware of any Breach of Security or any potential or attempted Breach of Security. Without prejudice to the security incident management process, upon becoming aware of any of the circumstances referred to in paragraph 98.1100.1, the Supplier shall: immediately take all reasonable steps(which shall include any action or changes reasonably required by the Customer) necessary to: minimise the extent of actual or potential harm caused by any Breach of Security; remedy such Breach of Security to the extent possible and protect the integrity of the Customer and the provision of the Goods Products and/or Services to the extent within its control against any such Breach of Security or attempted Breach of Security; prevent an equivalent breach in the future exploiting the same root cause failure; and as soon as reasonably practicable provide to the Customer, where the Customer so requests, full details (using the reporting mechanism defined by the Security Management Plan if one exists) of the Breach of Security or attempted Breach of Security, including a root cause analysis where required by the Customer. In the event that any action is taken in response to a Breach of Security or potential or attempted Breach of Security that demonstrates non-compliance of the Security Management Plan with the Security policy or the requirements of this Call Off ScheduleSchedule 7, then any required change to the Security Management Plan shall be at no cost to the Customer. 12/08/2013 [LONG FORM – PARAGRAPHS 1 TO 8] DEFINITIONS In this Call Off Schedule 87, the following definitions shall apply: