Common use of Information Classification Clause in Contracts

Information Classification. The Contractor will ensure that all University Data is classified and labelled by those with custody, control or responsibility for it according to the appropriate security protection for such University Data, and that it is at all times handled appropriately and in accordance with its obligations under the Schedule, the Contract and the Data Protection Laws. The Contractor will ensure that all information storage media is recorded, managed, controlled, moved and disposed of in such a way that the University Data is not compromised. ACCESS CONTROL Business requirements of access control The Contractor’s requirements to control access to information assets and University Data should be clearly documented in an access control policy and appropriate procedures put in place. Furthermore, network access and connections will need to be restricted to ensure security of the University Data. The allocation of internal access rights to Personnel and in relation to other services not connected with the Service(s), other users shall be strictly controlled from initial user registration through to removal of access rights when no longer required, including special restrictions for privileged access rights and the management of passwords, or other authentication information, plus regular reviews and updates of access rights.