Information Security and Resilience Sample Clauses
Information Security and Resilience. The Funder seeks assurance that the Recipient provides an acceptable standard of leadership and governance, risk management, incident response and security by design in relation to information security. The Recipient shall provide a summary of these information security capabilities and key members of staff responsible for managing information security with respect to the Grant Agreement If the Recipient proposes to host or process data in a Cloud-based system or service, then the Recipient shall evidence how they have or will address all the NCSC cloud security principles outlined in: All data should be hosted and processed in the UK. Where the Recipient is unable to satisfy this requirement, then this must be identified in the Request for Research Proposal to enable the Funder to make a risk-based decision on the acceptability of a proposed solution where the Funder's information classified at OFFICIAL may be hosted and stored in the EEA. No Funder's information may be hosted or Processed outside the UK or EEA. The Recipient must ensure its employees and sub-contractors comply with SCP07 when wishing to travel abroad whilst carrying the Funder’s information and/or the Funder’s ICT equipment. The Recipient shall provide evidence that all IT systems to be used in the management and delivery of this CTS are routinely tested and patched for vulnerabilities. The Funder retains the right to request and receive copies of the most recent security reports for these systems, including penetration tests performed by a credible external security consultant e.g. ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇▇▇/uk/ or ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/en/ The Recipient shall demonstrate that all its personnel are trained to recognise all forms of online fraud. The Recipient shall inform the Funder whether it holds the following or other equivalent certifications and accreditations: - ISO27001 - ISO31000 Under the Grant Agreement, the Recipient shall not share any of the Funder's confidential information with PhD Students unless that information is already in the Public Domain or unless that information is approved for release into the Public Domain by the Funder’s Information Asset Owner, where necessary in consultation with the Funder’s Chief Information Security Officer (CISO).
