Common use of Buyer Data Clause in Contracts

Buyer Data. The Supplier must not remove any proprietary notices in the Buyer Data. The Supplier will not store or use Buyer Data except if necessary to fulfil its obligations. If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested. The Supplier must ensure that any Supplier system that holds any Buyer Data is a secure system that complies with the Supplier’s and Buyer’s security policy and all Buyer requirements in the Order Form. The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. The Supplier will ensure that any Supplier system which holds any protectively marked Buyer Data or other government data will comply with: the principles in the Security Policy Framework at xxxxx://xxx.xxx.xx/government/publications/security-policy-framework and the Government Security Classification policy at xxxxx://xxx.xxx.xx/government/publications/government-security-classifications guidance issued by the Centre for Protection of National Infrastructure on Risk Management at xxxxx://xxx.xxxx.xxx.xx/content/adopt-risk-management-approach and Accreditation of Information Systems at xxxxx://xxx.xxxx.xxx.xx/protection-sensitive-information-and-assets the National Cyber Security Centre’s (NCSC) information risk management guidance, available at xxxxx://xxx.xxxx.xxx.xx/guidance/risk-management-collection government best practice in the design and implementation of system components, including network principles, security design principles for digital services and the secure email blueprint, available at xxxxx://xxx.xxx.xx/government/publications/technology-code-of-practice/technology-code-of-practice the security requirements of cloud services using the NCSC Cloud Security Principles and accompanying guidance at xxxxx://xxx.xxxx.xxx.xx/guidance/implementing-cloud-security-principles The Buyer will specify any security requirements for this project in the Order Form. If the Supplier suspects that the Buyer Data has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will (at its own cost if corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier) comply with any remedial action reasonably proposed by the Buyer. The Supplier agrees to use the appropriate organisational, operational and technological processes to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. The provisions of this clause 13 will apply during the term of this Call-Off Contract and for as long as the Supplier holds the Buyer’s Data.