Common use of SECURITY ARCHITECTURES Clause in Contracts

SECURITY ARCHITECTURES. The Supplier shall apply the ‘principle of least privilege’ (the practice of limiting systems, processes and user access to the minimum possible level) to the design and configuration of IT systems which will process or store Customer Data. When designing and configuring the ICT Environment (to the extent that the ICT Environment is within the control of the Supplier) the Supplier shall follow Good Industry Practice and seek guidance from recognised security professionals with the appropriate skills and/or a CESG Certified Professional certification (▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇.▇▇/awarenesstraining/IA-certification/Pages/index.aspx) for all bespoke or complex components of the ICT Environment (to the extent that the ICT Environment is within the control of the Supplier).

SECURITY ARCHITECTURES. The Supplier shall apply the ‘principle of least privilege’ (the practice of limiting systems, processes and user access to the minimum possible level) to the design and configuration of IT systems which will process or store Customer Data. When designing and configuring the ICT Environment (to the extent that the ICT Environment is within the control of the Supplier) the Supplier shall follow Good Industry Practice and seek guidance from recognised security professionals with the appropriate skills and/or a CESG Certified Professional certification (▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇.▇▇/awarenesstraining/IA-certification/Pages/index.aspxindex.aspx ) for all bespoke or complex components of the ICT Environment (to the extent that the ICT Environment is within the control of the Supplier).