Common use of Buyer Data Clause in Contracts

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Legislation. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Legislation. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Legislation. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection LegislationAct. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection LegislationAct. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the this Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, occurred then the Supplier will re-re- submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will (at its own cost where such corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier or its representatives) comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, provide at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection LegislationAct (to the extent arising under and/or in connection with the Framework Agreement and this Call-Off Contract). The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection LegislationAct. This is an absolute obligation and is not qualified by any other provision of the this Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15 shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● • the government security policy framework and information assurance policy; ● • guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● • the relevant government information assurance standard(s). 15.7 Where the duration of the this Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, occurred then the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, provide at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection LegislationAct. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection LegislationAct. This is an absolute obligation and is not qualified by any other provision of the this Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the this Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, occurred then the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will (at its own cost where such corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier or its representatives) comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, provide at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection LegislationAct (to the extent arising under and/or in connection with the Framework Agreement and this Call-Off Contract). The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection LegislationAct. This is an absolute obligation and is not qualified by any other provision of the this Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15 shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Legislation. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. Digital Outcomes and Specialists 4 Framework Agreement Call-Off Contract v2 ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇/government/publications/digital-outcomes-and-specialists-4-call-off-contract 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Legislation. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection LegislationAct. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection LegislationAct. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Legislation. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly Digital Outcomes and Specialists 4 Framework Agreement Call-Off Contract v2 ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇/government/publications/digital-outcomes-and-specialists-4-call-off-contract degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Legislation. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 14.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 14.2 The Supplier will not store or use Buyer Data except where necessary to fulfil fulfill its obligations. 15.3 14.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 14.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 14.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed described by the Buyer. 15.6 14.6 The Supplier will ensure that any system on which the Supplier holds any Buyer Data which is protectively marked Buyer Data will be accredited as specific to specified by the Buyer and will comply with: ● : 14.6.1 the government security policy framework and information assurance policy; ● 14.6.2 guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● 14.6.3 the relevant government information assurance standard(s). 15.7 14.7 Where the duration of the this Call-Off Contract exceeds one year, the Supplier will review the this accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, occurred then the Supplier will re-submit resubmit such system for accreditation. 15.8 14.8 If at any time the Supplier suspects suspects, or has reason to believe, that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly sufficiently degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 14.9 The Supplier will provide, provide at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection LegislationAct. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection LegislationAct. This is an absolute obligation and is obligation, not qualified by any other provision of the this Call-Off Contract. 15.10 14.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● • the government security policy framework and information assurance policy; ● • guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● • the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Legislation. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance Guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s).. Digital Outcomes and Specialists 2 Framework Agreement Call-Off Contract 39 | P a g e Senior Customer Liaison (JPO Comms Mgr) 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection LegislationAct. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection LegislationAct. This is an absolute obligation and is not qualified by any other provision of the Call-Call- Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● policy; • the government security policy framework and information assurance policy; ● • guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● • the relevant government information assurance standard(s). 15.7 Where the duration of the this Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, occurred then the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, provide at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection LegislationAct. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection LegislationAct. This is an absolute obligation and is not qualified by any other provision of the this Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 13.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 13.2 The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 13.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 13.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 13.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 13.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● • the government security policy framework and information assurance policy; ● • guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● • the relevant government information assurance standard(s). 15.7 13.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 13.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly Digital Outcomes and Specialists 3 Framework Agreement Call-Off Contract ▇▇▇.▇▇▇.▇▇/▇▇▇▇▇▇▇▇/▇▇▇▇▇▇▇-▇▇▇▇▇▇▇▇-▇▇▇-▇▇▇▇▇▇▇▇▇▇▇-▇-▇▇▇▇-▇▇▇- contract degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 13.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Legislation. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 13.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). Digital Outcomes and Specialists 4 Framework Agreement Call-Off Contract v2 ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇/government/publications/digital-outcomes-and-specialists-4-call-off-contract 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Legislation. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the this Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, occurred then the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, provide at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection LegislationAct. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection LegislationAct. This is an absolute obligation and is not qualified by any other provision of the this Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Digital Outcomes and Specialists 4 Framework Agreement Call-Off Contract v2 ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇/government/publications/digital-outcomes-and-specialists-4-call-off-contract Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Legislation. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off this Call­Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, occurred then the Supplier will re-submit re­submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, provide at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection LegislationAct. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection LegislationAct. This is an absolute obligation and is not qualified by any other provision of the Call-Off this Call­Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data.. Digital Outcomes and Specialists 2 Framework Agreement Call-Off Contract 39 | P a g e 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance Guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection LegislationAct. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection LegislationAct. This is an absolute obligation and is not qualified by any other provision of the Call-Call- Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. Digital Outcomes and Specialists 2 Framework Agreement Call-off Contract 29 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection LegislationAct. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection LegislationAct. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Digital Outcomes and Specialists 2 Framework Agreement Call-off Contract 31 Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection LegislationAct. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection LegislationAct. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded Digital Outcomes and Specialists 3 Framework Agreement Call-Off Contract ▇▇▇.▇▇▇.▇▇/▇▇▇▇▇▇▇▇/▇▇▇▇▇▇▇-▇▇▇▇▇▇▇▇-▇▇▇-▇▇▇▇▇▇▇▇▇▇▇-▇-▇▇▇▇-▇▇▇-▇▇▇▇▇▇▇▇ in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Legislation. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Legislation. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the this Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, occurred then the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will (at its own cost where such corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier or its representatives) comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, provide at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection LegislationAct (to the extent arising under and/or in connection with the Framework Agreement and this Call-Off Contract). The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection LegislationAct. This is an absolute obligation and is not qualified by any other provision of the this Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15 shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● • the government security policy framework and information assurance policy; ● • guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● • the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Legislation. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may shall become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Legislation. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the this Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, occurred then the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will (at its own cost where such corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier or its representatives) comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, provide at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection LegislationAct (to the extent arising under and/or in connection with the Framework Agreement and this Call-Off Contract). The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection LegislationAct. This is an absolute obligation and is not qualified by any other provision of the this Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15 shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Digital Outcomes and Specialists 4 Framework Agreement Call-Off Contract v2 ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇/government/publications/digital-outcomes-and-specialists-4-call-off-contract Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Legislation. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the this Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, occurred then the Supplier will re-re- submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will (at its own cost where such corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier or its representatives) comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, provide at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection LegislationAct (to the extent arising under and/or in connection with the Framework Agreement and this Call-Off Contract). The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection LegislationAct. This is an absolute obligation and is not qualified by any other provision of the this Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15 shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the this Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, occurred then the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, provide at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection LegislationAct. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection LegislationAct. This is an absolute obligation and is not qualified by any other provision of the this Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15, shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.

Buyer Data. 15.1 15.1. The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 15.2. The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 15.3. If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 15.4. The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 15.5. The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 15.6. The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 15.7. Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 15.8. If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 15.9. The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Legislation. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 15.10. The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will at its own cost comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Legislation. This is an absolute obligation and is not qualified by any other provision of the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure.