SISA Process Clause Samples
The SISA Process clause outlines the procedures and requirements for handling Sensitive Information Security Assessments (SISA) within an agreement. It typically details the steps parties must follow to conduct, document, and respond to security assessments, including timelines, responsibilities, and reporting obligations. For example, it may specify how and when assessments are initiated, what information must be provided, and how findings are addressed. The core function of this clause is to ensure that both parties maintain robust information security practices and respond appropriately to identified risks, thereby protecting sensitive data and reducing the likelihood of security breaches.
SISA Process. Once an organisation has signed up to the GISPA, Specific Information Sharing Agreements (SISAs) can be created. SISAs should be completed by individuals with an operational knowledge of how the sharing will take place. All organisations included in the SISA should contribute to the creation of the document. The signatory should be a senior member of staff such as a Caldicott Guardian, Director or equivalent. The SISA should be completed and signed by both sharing organisations. A signed copy should be held by both organisations. A copy of the SISA template can be found at the end of the GISPA. Individual organisations are responsible for their own SISAs. Gloucestershire County Council’s Information Management Service is only responsible for publishing this document and the template SISA. Each organisation is responsible for the audit, monitoring and publishing of its own SISAs.