Common use of ISMS Clause in Contracts

ISMS. The Supplier shall develop and submit to the Customer for the Customer’s Approval, within twenty (20) working days after the Call Off Commencement Date or such other date as agreed between the Parties, an information security management system for the purposes of this Call Off Contract, which shall comply with the requirements of paragraphs 91.3 to 91.5 of this Call Off Schedule 8 (Security). The Supplier acknowledges that the Customer places great emphasis on the reliability of the performance of the Services, confidentiality, integrity and availability of information and consequently on the security provided by the ISMS and that the Supplier shall be responsible for the effective performance of the ISMS. The ISMS shall: unless otherwise specified by the Customer in writing, be developed to protect all aspects of the Services and all processes associated with the provision of the Services, including the Customer Premises, the Sites, any ICT, information and data (including the Customer’s Confidential Information and the Customer Data) to the extent used by the Customer or the Supplier in connection with this Call Off Contract; meet the relevant standards in ISO/IEC 27001 and ISO/IEC27002 in accordance with Paragraph 95; and at all times provide a level of security which: is in accordance with the Law and this Call Off Contract;