Common use of Information Security Management Program Clause in Contracts

Information Security Management Program. 2.1. Supplier shall have an Information Security Management Program ("ISMP") that addresses the overall security program of Supplier. The ISMP shall be formally documented, and such records shall be protected, controlled, and retained according to federal, state, and internal requirements. 2.2. Supplier management support for the ISMP shall be demonstrated through signed acceptance or approval by Supplier’s management. 2.3. Buyer shall have the right to assess with reasonable notice the effectiveness of the ISMP by reviewing Supplier's information security policy, information security objectives, audit results, analysis of monitored events, corrective and preventive actions, and management support at least annually.

Information Security Management Program. 2.1. Supplier shall have an Information Security Management Program ("ISMP") that addresses the overall security program Security Program of Supplier. The ISMP shall be formally documented, and such records shall be protected, controlled, and retained according to federal, state, and internal requirements. 2.2. Supplier management support for the ISMP shall be demonstrated through signed acceptance or approval by Supplier’s management. 2.3. Buyer shall have the right to assess with reasonable notice the effectiveness of the ISMP by reviewing Supplier's information security policy, information security objectives, audit results, analysis of monitored events, corrective and preventive actions, actions and management support at least annually.