Common use of Information Security Management Clause in Contracts

Information Security Management. 3.1 The Supplier shall ensure that: (a) the roles and responsibilities for information security management are formally identified and documented; (b) there is a formal documented approach to risk management; (c) it carries out regular (and no less than once per annum) a risk assessment of the Services being supplied to GBG; and (d) it has a documented process for resolving security related complaints. 3.2 The Supplier shall appoint an individual (or appropriate group), to co-ordinate and manage the information security programme within their organisation and in accordance with their information security policy. 3.3 The Supplier agrees that any system or process used by the Supplier for (but not limited to) gathering, storing, processing or transmitting GBG Data shall be security assessed and it agrees that: (a) if any vulnerabilities that pose a risk to any GBG Data are discovered during any risk assessment, it shall rectify such vulnerabilities to GBG’s sole satisfaction in the time period agreed by the parties and at the Supplier’s cost; and (b) If it cannot rectify the vulnerability in the system or process as set out in paragraph 3.3(a) above, GBG shall have the right to terminate this Agreement with immediate effect by notice in writing to the Supplier. On receipt of GBG’s notice to terminate the Supplier shall refund GBG any fees or charges paid in advance for Services not yet received. 3.4 In relation to any vulnerabilities mentioned in clause 3.3 (a) above, the Supplier shall ensure it has measures in place to mitigate those vulnerabilities.

Information Security Management. 3.1 The Supplier shall ensure that: (a) the roles and responsibilities for information security management are formally identified and documented; (b) there is a formal documented approach to risk management; (c) it carries out regular (and no less than once per annum) a risk assessment of the Services being supplied to GBGLoqate; and (d) it has a documented process for resolving security related complaints. 3.2 The Supplier shall appoint an individual (or appropriate group), to co-ordinate and manage the information security programme program within their organisation organization and in accordance with their information security policy. 3.3 The Supplier agrees that any system or process used by the Supplier for (but not limited to) gathering, storing, processing or transmitting GBG Loqate Data shall be security assessed and it agrees that: (a) if any vulnerabilities that pose a risk to any GBG Loqate Data are discovered during any risk assessment, it shall rectify such vulnerabilities to GBGLoqate’s sole satisfaction in the time period agreed by the parties and at the Supplier’s cost; and (b) If it cannot rectify the vulnerability in the system or process as set out in paragraph 3.3(a) above, GBG Loqate shall have the right to terminate this Agreement with immediate effect by notice in writing to the Supplier. On receipt of GBGLoqate’s notice to terminate the Supplier shall refund GBG Loqate any fees or charges paid in advance for Services not yet received. 3.4 In relation to any vulnerabilities mentioned in clause 3.3 (a) above, the Supplier shall ensure it has measures in place to mitigate those vulnerabilities.

Information Security Management. 3.1 The Supplier shall ensure that:that:- (a) the roles and responsibilities for information security management are formally identified and documented; (b) there is a formal documented approach to risk management; (c) it carries out regular (and no less than once per annum) a risk assessment of the Services being supplied to GBGCLIENT; and (d) it has a documented process for resolving security related complaints. 3.2 The Supplier shall appoint an individual (or appropriate group), to co-ordinate and manage the information security programme within their organisation and in accordance with their information security policy. 3.3 The Supplier agrees that any system or process used by the Supplier for (but not limited to) gathering, storing, processing or transmitting GBG End User Data shall be security assessed and it agrees that: (a) if any vulnerabilities that pose a risk to any GBG End User Data are discovered during any risk assessment, it shall rectify such vulnerabilities to GBGCLIENT’s sole satisfaction in the time period agreed by the parties and at the Supplier’s cost; and (b) 3.4 If it cannot rectify the vulnerability in the system or process as set out in paragraph 3.3(a) above, GBG CLIENT shall have the right to terminate this Agreement with immediate effect by notice in writing to the Supplier. On receipt of GBGCLIENT’s notice to terminate the Supplier shall refund GBG CLIENT any fees or charges paid in advance for Services not yet received. 3.4 . In relation to any vulnerabilities mentioned in clause 3.3 (a) above, the Supplier shall ensure it has measures in place to mitigate those vulnerabilities.clause