Common use of SECURITY REQUIREMENTS AND STAFF VETTING Clause in Contracts

SECURITY REQUIREMENTS AND STAFF VETTING. The CONTRACTOR shall comply, and shall procure the compliance of the CONTRACTOR Personnel, with the Security Policy and the Security Management Plan and the CONTRACTOR shall ensure that the Security Management Plan produced by the CONTRACTOR fully complies with the Security Policy. The CUSTOMER shall notify the CONTRACTOR of any changes or proposed changes to the Security Policy. If the CONTRACTOR believes that a change or proposed change to the Security Policy will have a material and unavoidable cost implication to the Ordered IT Products it may submit a Contract Change Note. In doing so, the CONTRACTOR must support its request by providing evidence of the cause of any increased costs and the steps that it has taken to mitigate those costs. Any change to the Charges shall then be agreed in accordance with the Contract Change Procedure. Until and/or unless a change to the Charges is agreed by the CUSTOMER pursuant to Clause 16.3 the CONTRACTOR shall continue to provide the Ordered IT Products in accordance with its existing obligations. The CONTRACTOR shall, as an enduring obligation throughout the Term, use the latest versions of anti-virus definitions and software available from an industry accepted anti-virus software vendor to check for, contain the spread of, and minimise the impact of Malicious Software in the ICT Environment (or as otherwise agreed by the parties). Notwithstanding Clause 16.5, if Malicious Software is found, the parties shall co-operate to reduce the effect of the Malicious Software and, particularly if Malicious Software causes loss of operational efficiency or loss or corruption of CUSTOMER Data, assist each other to mitigate any losses and to restore the Ordered IT Products to their desired operating efficiency. Any cost arising out of the actions of the parties taken in compliance with the provisions of Clause 16.6 shall be borne by the parties as follows: by the CONTRACTOR where the Malicious Software originates from the CONTRACTOR Software, the Third Party Software supplied by the CONTRACTOR (except where the CUSTOMER has waived the obligation set out in Clause 16.5) or the CUSTOMER Data (whilst the CUSTOMER Data was under the control of the CONTRACTOR) unless the CONTRACTOR can demonstrate that such Malicious Software was present and not quarantined or otherwise identified by the CUSTOMER when provided to the CONTRACTOR; and by the CUSTOMER if the Malicious Software originates from the CUSTOMER Software (in respect of which the CUSTOMER has waived its obligation set out in Clause 16.5) or the CUSTOMER Data (whilst the CUSTOMER Data was under the control of the CUSTOMER). The CONTRACTOR shall comply with the Staff Vetting Procedures in respect of all CONTRACTOR Personnel employed or engaged in the provision of the Ordered IT Products. The CONTRACTOR confirms that all CONTRACTOR Personnel employed or engaged by the CONTRACTOR at the Effective Date were vetted and recruited on a basis that is equivalent to and no less strict than the Staff Vetting Procedures. The CONTRACTOR shall provide training on a continuing basis for all CONTRACTOR Personnel employed or engaged in the provision of the Ordered IT Products in compliance with the Security Policy and Security Management Plan.

SECURITY REQUIREMENTS AND STAFF VETTING. The CONTRACTOR SERVICE PROVIDER shall comply, and shall procure the compliance of the CONTRACTOR SERVICE PROVIDER Personnel, with the Security Policy and the Security Management Plan and the CONTRACTOR SERVICE PROVIDER shall ensure that the Security Management Plan produced by the CONTRACTOR SERVICE PROVIDER fully complies with the Security Policy. The CUSTOMER shall notify the CONTRACTOR SERVICE PROVIDER of any changes or proposed changes to the Security Policy. If the CONTRACTOR SERVICE PROVIDER believes that a change or proposed change to the Security Policy will have a material and unavoidable cost implication to the Ordered IT Products Software Application Solutions it may submit a Contract Change Note. In doing so, the CONTRACTOR SERVICE PROVIDER must support its request by providing evidence of the cause of any increased costs and the steps that it has taken to mitigate those costs. Any change to the Charges shall then be agreed in accordance with the Contract Change Procedure. Until and/or unless a change to the Charges is agreed by the CUSTOMER pursuant to Clause 16.3 the CONTRACTOR SERVICE PROVIDER shall continue to provide the Ordered IT Products Software Application Solutions in accordance with its existing obligations. The CONTRACTOR SERVICE PROVIDER shall, as an enduring obligation throughout the Term, use the latest versions of anti-virus definitions and software available from an industry accepted anti-virus software vendor to check for, contain the spread of, and minimise the impact of Malicious Software in the ICT Environment (or as otherwise agreed by the parties). Notwithstanding Clause 16.5, if Malicious Software is found, the parties shall co-operate to reduce the effect of the Malicious Software and, particularly if Malicious Software causes loss of operational efficiency or loss or corruption of CUSTOMER Data, assist each other to mitigate any losses and to restore the Ordered IT Products Software Application Solutions to their desired operating efficiency. Any cost arising out of the actions of the parties taken in compliance with the provisions of Clause 16.6 shall be borne by the parties as follows: by the CONTRACTOR SERVICE PROVIDER where the Malicious Software originates from the CONTRACTOR SERVICE PROVIDER Software, the Third Party Software supplied by the CONTRACTOR SERVICE PROVIDER (except where the CUSTOMER has waived the obligation set out in Clause 16.5) or the CUSTOMER Data (whilst the CUSTOMER Data was under the control of the CONTRACTORSERVICE PROVIDER) unless the CONTRACTOR SERVICE PROVIDER can demonstrate that such Malicious Software was present and not quarantined or otherwise identified by the CUSTOMER when provided to the CONTRACTORSERVICE PROVIDER; and by the CUSTOMER if the Malicious Software originates from the CUSTOMER Software (in respect of which the CUSTOMER has waived its obligation set out in Clause 16.5) or the CUSTOMER Data (whilst the CUSTOMER Data was under the control of the CUSTOMER). The CONTRACTOR SERVICE PROVIDER shall comply with the Staff Vetting Procedures in respect of all CONTRACTOR SERVICE PROVIDER Personnel employed or engaged in the provision of the Ordered IT ProductsSoftware Application Solutions. The CONTRACTOR SERVICE PROVIDER confirms that all CONTRACTOR SERVICE PROVIDER Personnel employed or engaged by the CONTRACTOR SERVICE PROVIDER at the Effective Date were vetted and recruited on a basis that is equivalent to and no less strict than the Staff Vetting Procedures. The CONTRACTOR SERVICE PROVIDER shall provide training on a continuing basis for all CONTRACTOR SERVICE PROVIDER Personnel employed or engaged in the provision of the Ordered IT Products Software Application Solutions in compliance with the Security Policy and Security Management Plan.

SECURITY REQUIREMENTS AND STAFF VETTING. The CONTRACTOR SERVICE PROVIDER shall comply, and shall procure the compliance of the CONTRACTOR SERVICE PROVIDER Personnel, with the Security Policy and the Security Management Plan and the CONTRACTOR SERVICE PROVIDER shall ensure that the Security Management Plan produced by the CONTRACTOR SERVICE PROVIDER fully complies with the Security Policy. The SoS CUSTOMER shall notify the CONTRACTOR SERVICE PROVIDER of any changes or proposed changes to the Security Policy. If the CONTRACTOR SERVICE PROVIDER believes that a change or proposed change to the Security Policy will have a material and unavoidable cost implication to the Ordered IT Products Software Application Solutions it may submit a Contract Change Note. In doing so, the CONTRACTOR SERVICE PROVIDER must support its request by providing evidence of the cause of any increased costs and the steps that it has taken to mitigate those costs. Any change to the Charges shall then be agreed in accordance with the Contract Change Procedure. Until and/or unless a change to the Charges is agreed by the CUSTOMER SoSCUSTOMER pursuant to Clause 16.3 15.3 the CONTRACTOR SERVICE PROVIDER shall continue to provide the Ordered IT Products Software Application Solutions in accordance with its existing obligations. The CONTRACTOR SERVICE PROVIDER shall, as an enduring obligation throughout the Term, use the latest versions of anti-virus definitions and software available from an industry accepted anti-virus software vendor to check for, contain the spread of, and minimise the impact of Malicious Software in the ICT Environment (or as otherwise agreed by the parties). Notwithstanding Clause 16.515.5, if Malicious Software is found, the SERVICE PROVIDER and each LA CUSTOMER parties shall co-operate to reduce the effect of the Malicious Software and, particularly if Malicious Software causes loss of operational efficiency or loss or corruption of CUSTOMER Data, assist each other to mitigate any losses and to restore the Ordered IT Products Software Application Solutions to their desired operating efficiency. Any cost arising out of the actions of the parties taken in compliance with the provisions of Clause 16.6 15.6 shall be borne by the parties as follows: by the CONTRACTOR SERVICE PROVIDER where the Malicious Software originates from the CONTRACTOR SERVICE PROVIDER Software, the Third Party Software supplied by the CONTRACTOR SERVICE PROVIDER (except where the relevant LA CUSTOMER has waived the obligation set out in Clause 16.515.5) or the CUSTOMER Data (whilst the CUSTOMER Data was under the control of the CONTRACTORSERVICE PROVIDER) unless the CONTRACTOR SERVICE PROVIDER can demonstrate that such Malicious Software was present and not quarantined or otherwise identified by the relevant LA CUSTOMER when provided to the CONTRACTORSERVICE PROVIDER; and by the relevant LA CUSTOMER if the Malicious Software originates from the CUSTOMER Software (in respect of which the relevant LA CUSTOMER has waived its obligation set out in Clause 16.515.5) or the CUSTOMER Data (whilst the CUSTOMER Data was under the control of the relevant LA CUSTOMER). The CONTRACTOR SERVICE PROVIDER shall comply with the Staff Vetting Procedures in respect of all CONTRACTOR SERVICE PROVIDER Personnel employed or engaged in the provision of the Ordered IT ProductsSoftware Application Solutions. The CONTRACTOR SERVICE PROVIDER confirms that all CONTRACTOR SERVICE PROVIDER Personnel employed or engaged by the CONTRACTOR SERVICE PROVIDER at the Effective Date were vetted and recruited on a basis that is equivalent to and no less strict than the Staff Vetting Procedures. The CONTRACTOR SERVICE PROVIDER shall provide training on a continuing basis for all CONTRACTOR SERVICE PROVIDER Personnel employed or engaged in the provision of the Ordered IT Products Software Application Solutions in compliance with the Security Policy and Security Management Plan.

SECURITY REQUIREMENTS AND STAFF VETTING. The CONTRACTOR shall comply, and shall procure the compliance of the CONTRACTOR Personnel, with the Security Policy and the Security Management Plan and the CONTRACTOR shall ensure that the Security Management Plan produced by the CONTRACTOR fully complies with the Security Policy. The CUSTOMER shall notify the CONTRACTOR of any changes or proposed changes to the Security Policy. If the CONTRACTOR believes that a change or proposed change to the Security Policy will have a material and unavoidable cost implication to the Ordered IT Products it may submit a Contract Change Note. In doing so, the CONTRACTOR must support its request by providing evidence of the cause of any increased costs and the steps that it has taken to mitigate those costs. Any change to the Charges shall then be agreed in accordance with the Contract Change Procedure. Until and/or unless a change to the Charges is agreed by the CUSTOMER pursuant to Clause 16.3 3.31 the CONTRACTOR shall continue to provide the Ordered IT Products in accordance with its existing obligations. The CONTRACTOR shall, as an enduring obligation throughout the Term, use the latest versions of anti-virus definitions and software available from an industry accepted anti-virus software vendor to check for, contain the spread of, and minimise the impact of Malicious Software in the ICT Environment (or as otherwise agreed by the parties). Notwithstanding Clause 16.53.33, if Malicious Software is found, the parties shall co-operate to reduce the effect of the Malicious Software and, particularly if Malicious Software causes loss of operational efficiency or loss or corruption of CUSTOMER Data, assist each other to mitigate any losses and to restore the Ordered IT Products to their desired operating efficiency. Any cost arising out of the actions of the parties taken in compliance with the provisions of Clause 16.6 3.34 shall be borne by the parties as follows: by the CONTRACTOR where the Malicious Software originates from the CONTRACTOR Software, the Third Party Software supplied by the CONTRACTOR (except where the CUSTOMER has waived the obligation set out in Clause 16.53.33) or the CUSTOMER Data (whilst the CUSTOMER Data was under the control of the CONTRACTOR) unless the CONTRACTOR can demonstrate that such Malicious Software was present and not quarantined or otherwise identified by the CUSTOMER when provided to the CONTRACTOR; and by the CUSTOMER if the Malicious Software originates from the CUSTOMER Software (in respect of which the CUSTOMER has waived its obligation set out in Clause 16.53.33) or the CUSTOMER Data (whilst the CUSTOMER Data was under the control of the CUSTOMER). The CONTRACTOR shall comply with the Staff Vetting Procedures in respect of all CONTRACTOR Personnel employed or engaged in the provision of the Ordered IT Products. The CONTRACTOR confirms that all CONTRACTOR Personnel employed or engaged by the CONTRACTOR at the Effective Date were vetted and recruited on a basis that is equivalent to and no less strict than the Staff Vetting Procedures. The CONTRACTOR shall provide training on a continuing basis for all CONTRACTOR Personnel employed or engaged in the provision of the Ordered IT Products in compliance with the Security Policy and Security Management Plan.