Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 or 94.3 of this Call Off Schedule reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off Schedule) or the requirements of this Call Off Schedule, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 of this Call Off Schedule reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 5 contracts
Sources: Order Form and Call Off Terms, Call Off Agreement, Order Form
Security Testing. The Supplier shall Service Provider shall: (a) conduct relevant Security Tests from time to time and (b) specifically conduct Security Tests required by the Cyber Security Requirements at such times as set out in the Cyber Security Requirements (and at least annually across the scope of the ISMSin both cases (a) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Planb), not less frequently than annually). Security Tests shall be designed and implemented by the Supplier Service Provider so as to minimise the impact on the delivery of the Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the CustomerPurchaser. Subject to compliance by the Supplier Service Provider with the foregoing requirements, if any Security Tests adversely affect the SupplierService Provider’s ability to deliver the Services so as to meet the Service Level Performance MeasuresLevels, the Supplier Service Provider shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier Service Provider shall provide the Customer Purchaser with the results of such Security Tests tests (in a form approved by the Customer Purchaser in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 or 94.3 of this Call Off Schedule reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier Service Provider shall promptly notify the Customer Purchaser of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier Service Provider proposes to make in order to correct such failure or weakness. Subject to the CustomerPurchaser's prior written Approvalapproval, the Supplier Service Provider shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer Purchaser or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 Schedule 2 (Security) to this Call Off ScheduleSpecification [and Service Levels] and/or elsewhere in the Contract)) or the requirements of this Call Off Schedule, the change to the ISMS or Security Management Plan shall be at no cost to the CustomerPurchaser. If any repeat Security Test carried out pursuant to paragraph 94.4 of this Call Off Schedule 5.3 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall be deemed to constitute a material Default that is capable of this Call Off Contractremedy. It shall also be deemed to be a Delay for the purposes of clause 24.3 (Rectification Plan) and be dealt with accordingly in terms of clause 24.3 (Rectification Plan).
Appears in 4 contracts
Sources: Services Contract, Services Contract, Services Contract
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Goods and/or Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s Suppliers ability to deliver the Goods and/or Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's Suppliers compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s Suppliers ability to deliver the Goods and/or Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 101.2 or 94.3 101.3 of this Call Off Contract Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleContract Schedule 7) or the requirements of this Call Off ScheduleContract Schedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 101.4 of this Call Off Contract Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 3 contracts
Sources: Contract Order Form and Contract Terms, Contract Order Form and Contract Terms for Goods and/or Services (Non Ict), Contract Order Form and Contract Terms
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 100.2 or 94.3 100.3 of this Call Off Schedule reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off Schedule) or the requirements of this Call Off Schedule, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 100.4 of this Call Off Schedule reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 3 contracts
Sources: Call Off Contract, Call Off Contract, Call Off Contract
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Goods and/or Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Goods and/or Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Goods and/or Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 101.2 or 94.3 101.3 of this Call Off Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleSchedule 7) or the requirements of this Call Off ScheduleSchedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 101.4 of this Call Off Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 3 contracts
Sources: Call Off Contract, Call Off Contract, Call Off Order Form and Call Off Terms for Goods and/or Services (Non Ict)
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Goods and/or Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Goods and/or Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 104.2 or 94.3 104.3 of this Call Off Schedule reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off Schedule) or the requirements of this Call Off Schedule, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 104.4 of this Call Off Schedule reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 3 contracts
Sources: Call Off Contract, Call Off Agreement, Call Off Contract
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 101.2 or 94.3 101.3 of this Call Off Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleSchedule 7) or the requirements of this Call Off ScheduleSchedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 101.4 of this Call Off Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 3 contracts
Sources: Call Off Contract, Call Off Terms for Services, Call Off Contract
Security Testing. The Supplier shall Service Provider shall: (a) conduct relevant Security Tests from time to time and (b) specifically conduct Security Tests required by the Cyber Security Requirements at such times as set out in the Cyber Security Requirements (and at least annually across the scope of the ISMSin both cases (a) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Planb), not less frequently than annually). Security Tests shall be designed and implemented by the Supplier Service Provider so as to minimise the impact on the delivery of the Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the CustomerPurchaser. Subject to compliance by the Supplier Service Provider with the foregoing requirements, if any Security Tests adversely affect the SupplierService Provider’s ability to deliver the Services so as to meet the Service Level Performance MeasuresLevels, if applicable, the Supplier Service Provider shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier Service Provider shall provide the Customer Purchaser with the results of such Security Tests tests (in a form approved by the Customer Purchaser in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 or 94.3 of this Call Off Schedule reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier Service Provider shall promptly notify the Customer Purchaser of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier Service Provider proposes to make in order to correct such failure or weakness. Subject to the CustomerPurchaser's prior written Approvalapproval, the Supplier Service Provider shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer Purchaser or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 Schedule 2 (SecuritySpecification) to this Call Off Scheduleand/or elsewhere in the Contract)) or the requirements of this Call Off Schedule, the change to the ISMS or Security Management Plan shall be at no cost to the CustomerPurchaser. If any repeat Security Test carried out pursuant to paragraph 94.4 of this Call Off Schedule 5.3 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall be deemed to constitute a material Default that is capable of this Call Off Contractremedy. It shall also be deemed to be a Delay for the purposes of clause 24.3 (Rectification Plan) and be dealt with accordingly in terms of clause 24.3 (Rectification Plan).
Appears in 3 contracts
Sources: Services Contract, Services Contract, Services Contract
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 15.2 or 94.3 15.3 of this Call Off Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleSchedule 7) or the requirements of this Call Off ScheduleSchedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 15.4 of this Call Off Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 3 contracts
Sources: Call Off Terms for Services, Call Off Terms for Services (Non Ict), Call Off Terms for Services
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Goods and/or Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Goods and/or Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Goods and/or Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 5.29 or 94.3 5.30 of this Call Off Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleSchedule 7) or the requirements of this Call Off ScheduleSchedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 5.31 of this Call Off Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 2 contracts
Sources: Call Off Contract, Call Off Contract
Security Testing. The Supplier shall Service Provider shall: (a) conduct relevant Security Tests from time to time and (b) specifically conduct Security Tests required by the Cyber Security Requirements at such times as set out in the Cyber Security Requirements (and at least annually across the scope of the ISMSin both cases (a) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Planb), not less frequently than annually). Security Tests shall be designed and implemented by the Supplier Service Provider so as to minimise the impact on the delivery of the Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the CustomerPurchaser. Subject to compliance by the Supplier Service Provider with the foregoing requirements, if any Security Tests adversely affect the SupplierService Provider’s ability to deliver the Services so as to meet the Service Level Performance MeasuresLevels, if applicable, the Supplier Service Provider shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier Service Provider shall provide the Customer Purchaser with the results of such Security Tests tests (in a form approved by the Customer Purchaser in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 or 94.3 of this Call Off Schedule reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier Service Provider shall promptly notify the Customer Purchaser of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier Service Provider proposes to make in order to correct such failure or weakness. Subject to the CustomerPurchaser's prior written Approvalapproval, the Supplier Service Provider shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer Purchaser or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 Schedule 2 (SecurityStatement of Requirements) to this Call Off Scheduleand/or elsewhere in the Contract) or the requirements of this Call Off Schedule, the change to the ISMS or Security Management Plan shall be at no cost to the CustomerPurchaser. If any repeat Security Test carried out pursuant to paragraph 94.4 of this Call Off Schedule 5.3 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall be deemed to constitute a material Default that is capable of this Call Off Contractremedy. It shall also be deemed to be a Delay for the purposes of clause 24.3 (Rectification Plan) and be dealt with accordingly in terms of clause 24.3 (Rectification Plan).
Appears in 2 contracts
Sources: Services Contract, Services Contract
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Goods and/or Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Goods and/or Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off ContractLease Agreement, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Goods and/or Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 15.2 or 94.3 15.3 of this Call Off Lease Agreement Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleLease Agreement Schedule 7) or the requirements of this Call Off ScheduleLease Agreement Schedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 15.4 of this Call Off Lease Agreement Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off ContractLease Agreement.
Appears in 2 contracts
Sources: Lease Agreement, Call Off Order Form and Lease Agreement
Security Testing. 6.1 The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the CustomerDeliverables. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Services Deliverables so as to meet the Service Level Performance MeasuresKPIs, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. .
6.2 The Supplier shall provide the Customer Buyer annually with the results of such Security Tests (in a form approved by the Customer Buyer in advance) as soon as practicable after completion of each Security Test. ).
6.3 Without prejudice to any other right of audit or access granted to the Customer Buyer pursuant to this Call Off Contract, the Customer Buyer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests, subject to Suppliers Vulnerability Testing Policy) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer Buyer may notify the Supplier of the results of such tests after completion of each such test. If any such CustomerBuyer’s test adversely affects the Supplier’s ability to deliver the Services Deliverables so as to meet the Target Performance LevelsKPIs, the Supplier shall be granted relief against any resultant under-performance for the period of the CustomerBuyer’s test. .
6.4 Where any Security Test carried out pursuant to paragraphs 94.2 Paragraphs 6.2 or 94.3 of this Call Off Schedule 6.3 reveals any actual or potential Breach of Security or weaknesses (including un-un- patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer Buyer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the The Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer Buyer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (SecurityBaseline Security Requirements) to this Call Off Schedule) or the requirements of this Call Off Schedule, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. Buyer.
6.5 If any repeat Security Test carried out pursuant to paragraph 94.4 of this Call Off Schedule Paragraph 6.4 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 1 contract
Sources: Call Off Contract
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Goods and/or Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Goods and/or Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Goods and/or Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 6.29 or 94.3 6.30 of this Call Off Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleSchedule 7) or the requirements of this Call Off ScheduleSchedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 6.31 of this Call Off Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 1 contract
Sources: Call Off Contract
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Products and/or Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Products and/or Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Products and/or Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 106.2 or 94.3 106.3 of this Call Off Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleSchedule 7) or the requirements of this Call Off ScheduleSchedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 106.4 of this Call Off Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 1 contract
Sources: Call Off Contract
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the CustomerContracting Authority. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer Contracting Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer Contracting Authority with the results of such Security Tests (in a form approved by the Customer Contracting Authority in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer Contracting Authority pursuant to this Call Off Contract, the Customer Contracting Authority and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's ’s compliance with the ISMS and the Security Management Plan. The Customer Contracting Authority may notify the Supplier of the results of such tests after completion of each such test. If any such CustomerContracting Authority’s test adversely affects the Supplier’s ability to deliver the Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the CustomerContracting Authority’s test. Where any Security Test carried out pursuant to paragraphs 94.2 6.2 or 94.3 6.3 of this Call Off Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer Contracting Authority of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the CustomerContracting Authority's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer Contracting Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleSchedule 7) or the requirements of this Call Off ScheduleSchedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the CustomerContracting Authority. If any repeat Security Test carried out pursuant to paragraph 94.4 6.4 of this Call Off Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 1 contract
Sources: Framework Agreement
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 10.2 or 94.3 10.3 of this Call Off Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleSchedule 7) or the requirements of this Call Off ScheduleSchedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 10.4 of this Call Off Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 1 contract
Sources: Call Off Contract
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 31.2 or 94.3 31.3 of this Call Off Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleSchedule 7) or the requirements of this Call Off ScheduleSchedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 31.4 of this Call Off Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 1 contract
Sources: Call Off Contract
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Goods and/or Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s Suppliers ability to deliver the Goods and/or Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's Suppliers compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s Suppliers ability to deliver the Goods and/or Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 6.2 or 94.3 6.3 of this Call Off Contract Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleContract Schedule 7) or the requirements of this Call Off ScheduleContract Schedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 6.4 of this Call Off Contract Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 1 contract
Sources: Contract Order Form and Contract Terms for Goods and/or Services (Non Ict)
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Goods and/or Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Goods and/or Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off ContractLease Agreement, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Goods and/or Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 5.29 or 94.3 5.30 of this Call Off Lease Agreement Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleLease Agreement Schedule 7) or the requirements of this Call Off ScheduleLease Agreement Schedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 5.31 of this Call Off Lease Agreement Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off ContractLease Agreement.
Appears in 1 contract
Sources: Lease Agreement
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Services Deliverables and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the CustomerBuyer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Services Deliverables so as to meet the Service Level Performance MeasuresKPIs, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer Buyer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer Buyer with the results of such Security Tests (in a form approved by the Customer Buyer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer Buyer pursuant to this Call Off Contract, the Customer Buyer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer Buyer may notify the Supplier of the results of such tests after completion of each such test. If any such CustomerBuyer’s test adversely affects the Supplier’s ability to deliver the Services Deliverables so as to meet the Target Performance LevelsKPIs, the Supplier shall be granted relief against any resultant under-performance for the period of the CustomerBuyer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 Paragraphs 6.2 or 94.3 of this Call Off Schedule 6.3 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer Buyer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the CustomerBuyer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer Buyer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (SecurityBaseline Security Requirements) to this Call Off Schedule) or the requirements of this Call Off Schedule, the change to the ISMS or Security Management Plan shall be at no cost to the CustomerBuyer. If any repeat Security Test carried out pursuant to paragraph 94.4 of this Call Off Schedule Paragraph 6.4 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract. The Buyer shall be entitled to carry out such security audits as it may reasonably deem necessary in order to ensure that the ISMS maintains compliance with the principles and practices of ISO 27001 and/or the Security Policy where such compliance is required in accordance with paragraph 3.4.3 d. If, on the basis of evidence provided by such security audits, it is the Buyer's reasonable opinion that compliance with the principles and practices of ISO/IEC 27001 and/or, where relevant, the Security Policy are not being achieved by the Supplier, then the Buyer shall notify the Supplier of the same and give the Supplier a reasonable time (having regard to the extent and criticality of any non-compliance and any other relevant circumstances) to implement and remedy. If the Supplier does not become compliant within the required time then the Buyer shall have the right to obtain an independent audit against these standards in whole or in part. If, as a result of any such independent audit as described in Paragraph the Supplier is found to be non-compliant with the principles and practices of ISO/IEC 27001 and/or, where relevant, the Security Policy then the Supplier shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Buyer in obtaining such audit.
Appears in 1 contract
Sources: Call Off Contract
Security Testing. 6.1 The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Services Deliverables and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the CustomerBuyer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Services Deliverables so as to meet the Service Level Performance MeasuresKPIs, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. .
6.2 The Customer Buyer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer Buyer with the results of such Security Tests (in a form approved by the Customer Buyer in advance) as soon as practicable after completion of each Security Test. .
6.3 Without prejudice to any other right of audit or access granted to the Customer Buyer pursuant to this Call Off Contract, the Customer Buyer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer Buyer may notify the Supplier of the results of such tests after completion of each such test. If any such CustomerBuyer’s test adversely affects the Supplier’s ability to deliver the Services Deliverables so as to meet the Target Performance LevelsKPIs, the Supplier shall be granted relief against any resultant under-performance for the period of the CustomerBuyer’s test. .
6.4 Where any Security Test carried out pursuant to paragraphs 94.2 Paragraphs 6.2 or 94.3 of this Call Off Schedule 6.3 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer Buyer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the CustomerBuyer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer Buyer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (SecurityBaseline Security Requirements) to this Call Off Schedule) or the requirements of this Call Off Schedule, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. Buyer.
6.5 If any repeat Security Test carried out pursuant to paragraph 94.4 of this Call Off Schedule Paragraph 6.4 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 1 contract
Sources: Order Form
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Products and/or Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Products and/or Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Products and/or Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 6.2 or 94.3 6.3 of this Call Off Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleSchedule 7) or the requirements of this Call Off ScheduleSchedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 6.4 of this Call Off Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract. The Customer shall be entitled to carry out such security audits as it may reasonably deem necessary in order to ensure that the ISMS maintains compliance with the principles and practices of ISO 27001 and/or the Security Policy. If, on the basis of evidence provided by such security audits, it is the Customer's reasonable opinion that compliance with the principles and practices of ISO/IEC 27001 and/or the Security Policy are not being achieved by the Supplier, then the Customer shall notify the Supplier of the same and give the Supplier a reasonable time (having regard to the extent and criticality of any non-compliance and any other relevant circumstances) to implement and remedy. If the Supplier does not become compliant within the required time then the Customer shall have the right to obtain an independent audit against these standards in whole or in part. If, as a result of any such independent audit as described in paragraph 7.2 of this Call Off Schedule 7 the Supplier is found to be non-compliant with the principles and practices of ISO/IEC 27001 and/or the Security Policy then the Supplier shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Customer in obtaining such audit.
Appears in 1 contract
Sources: Call Off Order Form
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Goods and/or Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Goods and/or Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Goods and/or Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 83.29 or 94.3 83.30 of this Call Off Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleSchedule 7) or the requirements of this Call Off ScheduleSchedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 83.31 of this Call Off Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 1 contract
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Goods and/or Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s Suppliers ability to deliver the Goods and/or Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's Suppliers compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s Suppliers ability to deliver the Goods and/or Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 6.2 or 94.3 6.3 of this Call Off Contract Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleContract Schedule 7) or the requirements of this Call Off ScheduleContract Schedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 6.4 of this Call Off Contract Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract. The Customer shall be entitled to carry out such security audits as it may reasonably deem necessary in order to ensure that the ISMS maintains compliance with the principles and practices of ISO 27001 and/or the Security Policy. If, on the basis of evidence provided by such security audits, it is the Customer's reasonable opinion that compliance with the principles and practices of ISO/IEC 27001 and/or the Security Policy are not being achieved by the Supplier, then the Customer shall notify the Supplier of the same and give the Supplier a reasonable time (having regard to the extent and criticality of any non-compliance and any other relevant circumstances) to implement and remedy. If the Supplier does not become compliant within the required time then the Customer shall have the right to obtain an independent audit against these standards in whole or in part. If, as a result of any such independent audit as described in paragraph 7.2 of this Contract Schedule 7 the Supplier is found to be non-compliant with the principles and practices of ISO/IEC 27001 and/or the Security Policy then the Supplier shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Customer in obtaining such audit.
Appears in 1 contract
Sources: Contract Order Form and Contract Terms for Goods and/or Services (Non Ict)
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Services so as to meet the Service Level Performance MeasuresServices, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 83.2 or 94.3 83.3 of this Call Off Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleSchedule 7) or the requirements of this Call Off ScheduleSchedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 83.4 of this Call Off Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract. The Customer shall be entitled to carry out such security audits as it may reasonably deem necessary in order to ensure that the ISMS maintains compliance with the principles and practices of ISO 27001 and/or the Security Policy. If, on the basis of evidence provided by such security audits, it is the Customer's reasonable opinion that compliance with the principles and practices of ISO/IEC 27001 and/or the Security Policy are not being achieved by the Supplier, then the Customer shall notify the Supplier of the same and give the Supplier a reasonable time (having regard to the extent and criticality of any non-compliance and any other relevant circumstances) to implement and remedy. If the Supplier does not become compliant within the required time then the Customer shall have the right to obtain an independent audit against these standards in whole or in part. If, as a result of any such independent audit as described in paragraph 84.2 of this Call Off Schedule 7 the Supplier is found to be non-compliant with the principles and practices of ISO/IEC 27001 and/or the Security Policy then the Supplier shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Customer in obtaining such audit.
Appears in 1 contract
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Goods and Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Goods and Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Goods and Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 6.2 or 94.3 6.3 of this Call Off Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (SecuritySecurity Policy ) to this Call Off ScheduleSchedule 7) or the requirements of this Call Off ScheduleSchedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 6.4 of this Call Off Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 1 contract
Sources: Call Off Contract
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Goods and/or Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Goods and/or Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Goods and/or Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 15.2 or 94.3 15.3 of this Call Off Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleSchedule 7) or the requirements of this Call Off ScheduleSchedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 15.4 of this Call Off Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 1 contract
Sources: Call Off Contract
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Goods and/or Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Goods and/or Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 88.2 or 94.3 88.3 of this Call Off Schedule reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off Schedule) or the requirements of this Call Off Schedule, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 88.4 of this Call Off Schedule reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 1 contract
Sources: Call Off Agreement
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the CustomerContracting Authority. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer Contracting Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer Contracting Authority with the results of such Security Tests (in a form approved by the Customer Contracting Authority in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer Contracting Authority pursuant to this Call Off Contract, the Customer Contracting Authority and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's ’s compliance with the ISMS and the Security Management Plan. The Customer Contracting Authority may notify the Supplier of the results of such tests after completion of each such test. If any such CustomerContracting Authority’s test adversely affects the Supplier’s ability to deliver the Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the CustomerContracting Authority’s test. Where any Security Test carried out pursuant to paragraphs 94.2 91.2 or 94.3 91.3 of this Call Off Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer Contracting Authority of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the CustomerContracting Authority's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer Contracting Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleSchedule 7) or the requirements of this Call Off ScheduleSchedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the CustomerContracting Authority. If any repeat Security Test carried out pursuant to paragraph 94.4 91.4 of this Call Off Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 1 contract
Sources: Framework Agreement
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Goods and/or Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Goods and/or Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Goods and/or Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 103.2 or 94.3 103.3 of this Call Off Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleSchedule 7) or the requirements of this Call Off ScheduleSchedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 103.4 of this Call Off Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 1 contract
Sources: Call Off Contract
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Goods and/or Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s Suppliers ability to deliver the Goods and/or Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's Suppliers compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s Suppliers ability to deliver the Goods and/or Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 15.2 or 94.3 15.3 of this Call Off Contract Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleContract Schedule 7) or the requirements of this Call Off ScheduleContract Schedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 15.4 of this Call Off Contract Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 1 contract
Sources: Contract Order Form and Contract Terms for Goods and/or Services (Non Ict)
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Goods and/or Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s Suppliers ability to deliver the Goods and/or Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's Suppliers compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s Suppliers ability to deliver the Goods and/or Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 78.29 or 94.3 78.30 of this Call Off Contract Schedule 7 reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to the ISMS and the Security Management Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the ISMS or Security Management Plan is to address a non-compliance with the Security Policy or security requirements (as set out in Annex 1 (Security) to this Call Off ScheduleContract Schedule 7) or the requirements of this Call Off ScheduleContract Schedule 7, the change to the ISMS or Security Management Plan shall be at no cost to the Customer. If any repeat Security Test carried out pursuant to paragraph 94.4 78.31 of this Call Off Contract Schedule 7 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall constitute a material Default of this Call Off Contract.
Appears in 1 contract
Sources: Contract Order Form