{"component": "definition", "props": {"groups": [{"snippet": "means: a) the technical and organisational measures and practices that are required by, or recommended in, nationally or internationally accepted management standards and codes of practice relating to Information Security (such as published by the International Organization for Standardization or the National Institute of Standards and Technology); b) security standards and guidelines relating to Information Security (including generally accepted principles regarding the segregation of the duties of governance, implementation and control) provided to the general public or Information Security practitioners and stakeholders by generally recognised authorities and organisations; and c) the Government\u2019s security policies, frameworks, standards and guidelines relating to Information Security.", "samples": [{"hash": "6TjTadGqm9m", "uri": "/contracts/6TjTadGqm9m#good-security-practice", "label": "G Cloud 14 Call Off Contract", "score": 36.4757080078, "published": true}, {"hash": "fTpKM33XXWY", "uri": "/contracts/fTpKM33XXWY#good-security-practice", "label": "Call Off Contract", "score": 34.9127845764, "published": true}, {"hash": "gMcCCMYbQ5f", "uri": "/contracts/gMcCCMYbQ5f#good-security-practice", "label": "Call Off Contract", "score": 34.2582435608, "published": true}], "snippet_links": [{"key": "technical-and-organisational-measures", "type": "clause", "offset": [14, 51]}, {"key": "required-by", "type": "definition", "offset": [75, 86]}, {"key": "codes-of-practice", "type": "definition", "offset": [171, 188]}, {"key": "information-security", "type": "definition", "offset": [201, 221]}, {"key": "international-organization-for-standardization", "type": "definition", "offset": [248, 294]}, {"key": "national-institute-of-standards-and-technology", "type": "definition", "offset": [302, 348]}, {"key": "standards-and-guidelines", "type": "definition", "offset": [363, 387]}, {"key": "generally-accepted", "type": "clause", "offset": [432, 450]}, {"key": "duties-of", "type": "clause", "offset": [495, 504]}, {"key": "general-public", "type": "definition", "offset": [561, 575]}, {"key": "the-government", "type": "clause", "offset": [693, 707]}, {"key": "security-policies", "type": "definition", "offset": [710, 727]}], "size": 25, "hash": "1fb565a77317c88086676032f2aca716", "id": 1}, {"snippet": "means:", "samples": [{"hash": "3R3OtcYG9Vz", "uri": "/contracts/3R3OtcYG9Vz#good-security-practice", "label": "Call Off Contract", "score": 36.4798316956, "published": true}, {"hash": "67E1HM23dyX", "uri": "/contracts/67E1HM23dyX#good-security-practice", "label": "Call Off Contract", "score": 33.543598175, "published": true}, {"hash": "13XfI7LC1lu", "uri": "/contracts/13XfI7LC1lu#good-security-practice", "label": "G Cloud 12 Call Off Contract", "score": 33.4944496155, "published": true}], "snippet_links": [], "size": 6, "hash": "0958f1425f29c6b4385536c9eb33667c", "id": 2}, {"snippet": "means: a) the technical and organisational measures and practices that are required by, or recommended in, nationally or internationally accepted management standards and codes of practice relating to Information Security (such as published by the International Organization for Standardization or the National Institute of Standards and Technology); b) security standards and guidelines relating to Information Security (including generally accepted principles regarding the segregation of the duties of governance, implementation and control) provided to the general public or Information Security practitioners and stakeholders by generally recognised authorities and organisations; and c) the Government\u2019s security policies, frameworks, standards and guidelines relating to Information Security. \u201cInformation Security\u201d shall mean: a) the protection and preservation of: i) the confidentiality, integrity and availability of any Authority Assets, the Authority\u2019s Systems Environment (or any part thereof) and the Contractor\u2019s Systems Environment (or any part thereof); ii) related properties of information including, but not limited to, authenticity, accountability, and non- repudiation; and b) compliance with all Law applicable to the processing, transmission, storage and disposal of Authority Assets. \u201cInformation Security Manager\u201d shall mean the person appointed by the Contractor with the appropriate experience, authority and expertise to ensure that the Contractor complies with the Authority\u2019s Security Requirements.", "samples": [{"hash": "2J6VuNUo4fh", "uri": "/contracts/2J6VuNUo4fh#good-security-practice", "label": "Call Off Contract", "score": 33.5762405396, "published": true}, {"hash": "9MNX8lmLcNr", "uri": "/contracts/9MNX8lmLcNr#good-security-practice", "label": "Call Off Contract", "score": 33.5199584961, "published": true}, {"hash": "6WsmjErYjGs", "uri": "/contracts/6WsmjErYjGs#good-security-practice", "label": "Call Off Contract", "score": 33.4756889343, "published": true}], "snippet_links": [{"key": "technical-and-organisational-measures", "type": "clause", "offset": [14, 51]}, {"key": "required-by", "type": "definition", "offset": [75, 86]}, {"key": "codes-of-practice", "type": "definition", "offset": [171, 188]}, {"key": "to-information", "type": "clause", "offset": [198, 212]}, {"key": "international-organization-for-standardization", "type": "definition", "offset": [248, 294]}, {"key": "national-institute-of-standards-and-technology", "type": "definition", "offset": [302, 348]}, {"key": "standards-and-guidelines", "type": "definition", "offset": [363, 387]}, {"key": "generally-accepted", "type": "clause", "offset": [432, 450]}, {"key": "duties-of", "type": "clause", "offset": [495, 504]}, {"key": "general-public", "type": "definition", "offset": [561, 575]}, {"key": "the-government", "type": "clause", "offset": [693, 707]}, {"key": "security-policies", "type": "definition", "offset": [710, 727]}, {"key": "preservation-of", "type": "clause", "offset": [857, 872]}, {"key": "availability-of", "type": "clause", "offset": [912, 927]}, {"key": "authority-assets", "type": "clause", "offset": [932, 948]}, {"key": "the-authority", "type": "clause", "offset": [950, 963]}, {"key": "and-the-contractor", "type": "clause", "offset": [1008, 1026]}, {"key": "related-properties", "type": "definition", "offset": [1076, 1094]}, {"key": "of-information", "type": "definition", "offset": [1095, 1109]}, {"key": "not-limited", "type": "clause", "offset": [1125, 1136]}, {"key": "compliance-with", "type": "definition", "offset": [1200, 1215]}, {"key": "applicable-to", "type": "definition", "offset": [1224, 1237]}, {"key": "the-processing", "type": "clause", "offset": [1238, 1252]}, {"key": "disposal-of", "type": "clause", "offset": [1280, 1291]}, {"key": "information-security-manager", "type": "definition", "offset": [1311, 1339]}, {"key": "by-the-contractor", "type": "clause", "offset": [1373, 1390]}, {"key": "appropriate-experience", "type": "definition", "offset": [1400, 1422]}, {"key": "authority-and", "type": "clause", "offset": [1424, 1437]}, {"key": "to-ensure-that-the-contractor", "type": "clause", "offset": [1448, 1477]}, {"key": "security-requirements", "type": "definition", "offset": [1508, 1529]}], "size": 4, "hash": "624a7e697e1c2fac410415148c051410", "id": 3}, {"snippet": "means: a. The technical and organisational measures and practices that are required by, or recommended in, nationally or internationally accepted management standards and codes of practice relating to Information Security (such as published by the International Organization for Standardization or the National Institute of Standards and Technology); b. Security standards and guidelines relating to Information Security (including generally accepted principles regarding the segregation of the duties of governance, implementation and control) provided to the general public or Information Security practitioners and stakeholders by generally recognised authorities and organisations; and c. The Government\u2019s security policies, frameworks, standards and guidelines relating to Information Security. \u201cInformation Security Questionnaire\u201d shall mean the Buyer\u2019s set of questions used to audit and on an ongoing basis assure the Supplier\u2019s compliance with the Buyer\u2019s Security Requirements. \u201cSecurity Test\u201d shall include, but not be limited to, Penetration Test, Vulnerability Scan, Availability Test and any other security related test and audit. 1. Principles of Security The Supplier shall at all times comply with the Buyer\u2019s Security Requirements and provide a level of security which is in accordance with the Security Policies and Standards, Good Security Practice and Law.", "samples": [{"hash": "hE2DePJrVDk", "uri": "/contracts/hE2DePJrVDk#good-security-practice", "label": "Call Off Contract", "score": 36.0006790161, "published": true}, {"hash": "1riE2Dh7Bpt", "uri": "/contracts/1riE2Dh7Bpt#good-security-practice", "label": "Call Off Contract", "score": 33.8725166321, "published": true}, {"hash": "F2MpqQWcZf", "uri": "/contracts/F2MpqQWcZf#good-security-practice", "label": "G Cloud 12 Call Off Contract", "score": 33.6269683838, "published": true}], "snippet_links": [{"key": "technical-and-organisational-measures", "type": "clause", "offset": [14, 51]}, {"key": "required-by", "type": "definition", "offset": [75, 86]}, {"key": "codes-of-practice", "type": "definition", "offset": [171, 188]}, {"key": "to-information", "type": "clause", "offset": [198, 212]}, {"key": "international-organization-for-standardization", "type": "definition", "offset": [248, 294]}, {"key": "national-institute-of-standards-and-technology", "type": "definition", "offset": [302, 348]}, {"key": "standards-and-guidelines", "type": "definition", "offset": [363, 387]}, {"key": "generally-accepted", "type": "clause", "offset": [432, 450]}, {"key": "duties-of", "type": "clause", "offset": [495, 504]}, {"key": "general-public", "type": "definition", "offset": [561, 575]}, {"key": "the-government", "type": "clause", "offset": [693, 707]}, {"key": "information-security-questionnaire", "type": "definition", "offset": [801, 835]}, {"key": "the-buyer", "type": "clause", "offset": [848, 857]}, {"key": "compliance-with-the", "type": "clause", "offset": [937, 956]}, {"key": "security-requirements", "type": "definition", "offset": [965, 986]}, {"key": "security-test", "type": "definition", "offset": [989, 1002]}, {"key": "penetration-test", "type": "definition", "offset": [1042, 1058]}, {"key": "vulnerability-scan", "type": "definition", "offset": [1060, 1078]}, {"key": "availability-test", "type": "definition", "offset": [1080, 1097]}, {"key": "other-security", "type": "clause", "offset": [1106, 1120]}, {"key": "principles-of-security", "type": "clause", "offset": [1148, 1170]}, {"key": "the-supplier-shall", "type": "clause", "offset": [1171, 1189]}, {"key": "at-all-times", "type": "definition", "offset": [1190, 1202]}, {"key": "comply-with-the", "type": "clause", "offset": [1203, 1218]}, {"key": "provide-a", "type": "definition", "offset": [1253, 1262]}, {"key": "in-accordance-with", "type": "clause", "offset": [1290, 1308]}, {"key": "security-policies-and-standards", "type": "clause", "offset": [1313, 1344]}], "size": 4, "hash": "9e47f506e973f1e85fa637b659b6d272", "id": 4}, {"snippet": "means: a) the technical and organisational measures and practices that are required by, or recommended in, nationally or internationally accepted management standards and codes of practice relating to Information Security (such as published by the International Organization for Standardization or the National Institute of Standards and Technology); b) security standards and guidelines relating to Information Security (including generally accepted principles regarding the segregation of the duties of governance, implementation and control) provided to the general public or Information Security practitioners and stakeholders by generally recognised authorities and organisations; and the Government\u2019s security policies, frameworks, standards and guidelines relating to Information Security. \u201cInformation Security\u201d shall mean: a) the protection and preservation of: i) the confidentiality, integrity and availability of any Authority Assets, the Authority\u2019s Systems Environment (or any part thereof) and the Supplier\u2019s Systems Environment (or any part thereof); ii) related properties of information including, but not limited to, authenticity, accountability, and non-repudiation; and b) compliance with all Law applicable to the processing, transmission, storage and disposal of Authority Assets.", "samples": [{"hash": "foydxXv2e3s", "uri": "/contracts/foydxXv2e3s#good-security-practice", "label": "Call Off Contract", "score": 33.9112663269, "published": true}], "snippet_links": [{"key": "technical-and-organisational-measures", "type": "clause", "offset": [14, 51]}, {"key": "required-by", "type": "definition", "offset": [75, 86]}, {"key": "codes-of-practice", "type": "definition", "offset": [171, 188]}, {"key": "information-security", "type": "definition", "offset": [201, 221]}, {"key": "international-organization-for-standardization", "type": "definition", "offset": [248, 294]}, {"key": "national-institute-of-standards-and-technology", "type": "definition", "offset": [302, 348]}, {"key": "standards-and-guidelines", "type": "definition", "offset": [363, 387]}, {"key": "generally-accepted", "type": "clause", "offset": [432, 450]}, {"key": "duties-of", "type": "clause", "offset": [495, 504]}, {"key": "general-public", "type": "definition", "offset": [561, 575]}, {"key": "and-the-government", "type": "definition", "offset": [686, 704]}, {"key": "security-policies", "type": "definition", "offset": [707, 724]}, {"key": "preservation-of", "type": "clause", "offset": [854, 869]}, {"key": "availability-of", "type": "clause", "offset": [909, 924]}, {"key": "authority-assets", "type": "clause", "offset": [929, 945]}, {"key": "the-authority", "type": "clause", "offset": [947, 960]}, {"key": "the-supplier", "type": "clause", "offset": [1009, 1021]}, {"key": "related-properties", "type": "definition", "offset": [1071, 1089]}, {"key": "of-information", "type": "definition", "offset": [1090, 1104]}, {"key": "not-limited", "type": "clause", "offset": [1120, 1131]}, {"key": "compliance-with", "type": "definition", "offset": [1194, 1209]}, {"key": "applicable-to", "type": "definition", "offset": [1218, 1231]}, {"key": "the-processing", "type": "clause", "offset": [1232, 1246]}, {"key": "disposal-of", "type": "clause", "offset": [1274, 1285]}], "size": 1, "hash": "0722a7f6bffbc1f0f57aa80b1f2dfc86", "id": 5}, {"snippet": "means: a) the technical and organisational measures and practices that are required by, or recom- mended in, nationally or internationally ac- cepted management standards and codes of practice relating to Information Security (such as published by the International Organiza- tion for Standardization or the National Insti- tute of Standards and Technology); b) security standards and guidelines relating to Information Security (including generally ac- cepted principles regarding the segregation of the duties of governance, implementation and control) provided to the general public or Information Security practitioners and stake- holders by generally recognised authorities and organisations; and c) the Government\u2019s security policies, frame- works, standards and guidelines relating to Information Security. \u201cInformation Security\u201d shall mean: a) the protection and preservation of: i) the confidentiality, integrity and availa- bility of any Authority Assets, the Au- thority\u2019s Systems Environment (or any part thereof) and the Contractor\u2019s Sys- tems Environment (or any part thereof); ii) related properties of information includ- ing, but not limited to, authenticity, ac- countability, and non-repudiation; and b) compliance with all Law applicable to the pro- cessing, transmission, storage and disposal of Authority Assets. \u201cInformation Security Manager\u201d shall mean the person appointed by the Contractor with the appropriate experience, authority and expertise to ensure that the Contractor complies with the Authority\u2019s Security Requirements.", "samples": [{"hash": "bEcFGMBaKBT", "uri": "/contracts/bEcFGMBaKBT#good-security-practice", "label": "Call Off Contract", "score": 33.6762313843, "published": true}], "snippet_links": [{"key": "technical-and-organisational-measures", "type": "clause", "offset": [14, 51]}, {"key": "required-by", "type": "definition", "offset": [75, 86]}, {"key": "codes-of-practice", "type": "definition", "offset": [175, 192]}, {"key": "to-information", "type": "clause", "offset": [202, 216]}, {"key": "the-national", "type": "clause", "offset": [304, 316]}, {"key": "standards-and-technology", "type": "clause", "offset": [332, 356]}, {"key": "standards-and-guidelines", "type": "definition", "offset": [371, 395]}, {"key": "duties-of", "type": "clause", "offset": [505, 514]}, {"key": "general-public", "type": "definition", "offset": [571, 585]}, {"key": "the-government", "type": "clause", "offset": [705, 719]}, {"key": "security-policies", "type": "definition", "offset": [722, 739]}, {"key": "preservation-of", "type": "clause", "offset": [871, 886]}, {"key": "authority-assets", "type": "clause", "offset": [948, 964]}, {"key": "and-the-contractor", "type": "clause", "offset": [1026, 1044]}, {"key": "related-properties", "type": "definition", "offset": [1096, 1114]}, {"key": "of-information", "type": "definition", "offset": [1115, 1129]}, {"key": "not-limited", "type": "clause", "offset": [1147, 1158]}, {"key": "compliance-with", "type": "definition", "offset": [1223, 1238]}, {"key": "applicable-to", "type": "definition", "offset": [1247, 1260]}, {"key": "disposal-of", "type": "clause", "offset": [1305, 1316]}, {"key": "information-security-manager", "type": "definition", "offset": [1336, 1364]}, {"key": "by-the-contractor", "type": "clause", "offset": [1398, 1415]}, {"key": "appropriate-experience", "type": "definition", "offset": [1425, 1447]}, {"key": "authority-and", "type": "clause", "offset": [1449, 1462]}, {"key": "to-ensure-that-the-contractor", "type": "clause", "offset": [1473, 1502]}, {"key": "the-authority", "type": "clause", "offset": [1517, 1530]}, {"key": "security-requirements", "type": "definition", "offset": [1533, 1554]}], "size": 1, "hash": "e0d7e5b77668920ecd57a03999f5a8d7", "id": 6}, {"snippet": "means: a. The technical and organisational measures and practices that are required by, or recommended in, nationally or internationally accepted management stand- ards and codes of practice relating to Information Security (such as published by the International Organization for Standardization or the National Institute of Standards and Technology); b. Security standards and guidelines relating to Information Security (including generally accepted principles regarding the segregation of the duties of govern- ance, implementation and control) provided to the general public or Infor- mation Security practitioners and stakeholders by generally recognised author- ities and organisations; and c. The Government\u2019s security policies, frameworks, standards and guidelines re- lating to Information Security. \u201cInformation Security Questionnaire\u201d shall mean the Buyer\u2019s set of questions used to audit and on an ongoing basis assure the Supplier\u2019s compliance with the Buyer\u2019s Security Requirements. \u201cSecurity Test\u201d shall include, but not be limited to, Penetration Test, Vulnerability Scan, Availability Test and any other security related test and audit. 1. Principles of Security The Supplier shall at all times comply with the Buyer\u2019s Security Requirements and provide a level of security which is in accordance with the Security Policies and Standards, Good Security Practice and Law.", "samples": [{"hash": "kdfRcw4hM69", "uri": "/contracts/kdfRcw4hM69#good-security-practice", "label": "G Cloud 12 Call Off Contract", "score": 32.8487167358, "published": true}], "snippet_links": [{"key": "technical-and-organisational-measures", "type": "clause", "offset": [14, 51]}, {"key": "required-by", "type": "definition", "offset": [75, 86]}, {"key": "codes-of-practice", "type": "definition", "offset": [173, 190]}, {"key": "to-information", "type": "clause", "offset": [200, 214]}, {"key": "international-organization-for-standardization", "type": "definition", "offset": [250, 296]}, {"key": "national-institute-of-standards-and-technology", "type": "definition", "offset": [304, 350]}, {"key": "standards-and-guidelines", "type": "definition", "offset": [365, 389]}, {"key": "generally-accepted", "type": "clause", "offset": [434, 452]}, {"key": "duties-of", "type": "clause", "offset": [497, 506]}, {"key": "general-public", "type": "definition", "offset": [565, 579]}, {"key": "the-government", "type": "clause", "offset": [701, 715]}, {"key": "information-security-questionnaire", "type": "definition", "offset": [811, 845]}, {"key": "the-buyer", "type": "clause", "offset": [858, 867]}, {"key": "compliance-with-the", "type": "clause", "offset": [947, 966]}, {"key": "security-requirements", "type": "definition", "offset": [975, 996]}, {"key": "security-test", "type": "definition", "offset": [999, 1012]}, {"key": "penetration-test", "type": "definition", "offset": [1052, 1068]}, {"key": "vulnerability-scan", "type": "definition", "offset": [1070, 1088]}, {"key": "availability-test", "type": "definition", "offset": [1090, 1107]}, {"key": "other-security", "type": "clause", "offset": [1116, 1130]}, {"key": "principles-of-security", "type": "clause", "offset": [1158, 1180]}, {"key": "the-supplier-shall", "type": "clause", "offset": [1181, 1199]}, {"key": "at-all-times", "type": "definition", "offset": [1200, 1212]}, {"key": "comply-with-the", "type": "clause", "offset": [1213, 1228]}, {"key": "provide-a", "type": "definition", "offset": [1263, 1272]}, {"key": "in-accordance-with", "type": "clause", "offset": [1300, 1318]}, {"key": "security-policies-and-standards", "type": "clause", "offset": [1323, 1354]}], "size": 1, "hash": "ed459676dea998468cbf6d0c0cf86a02", "id": 7}, {"snippet": "means: 1. Comply with Baseline Personnel Security Standard / Government Staff Vetting Procedures in respect of all persons who are employed or engaged by the Supplier in provision of this Call-Off Contract prior to each individual beginning work with the Buyer. This is not a security check as such but a package of pre- employment checks covering identity, employment history, nationality/immigration status and criminal", "samples": [{"hash": "fTpKM33XXWY", "uri": "/contracts/fTpKM33XXWY#good-security-practice", "label": "Call Off Contract", "score": 34.9127845764, "published": true}], "snippet_links": [{"key": "comply-with", "type": "clause", "offset": [10, 21]}, {"key": "baseline-personnel-security-standard", "type": "definition", "offset": [22, 58]}, {"key": "staff-vetting-procedures", "type": "definition", "offset": [72, 96]}, {"key": "in-respect-of", "type": "definition", "offset": [97, 110]}, {"key": "the-supplier", "type": "clause", "offset": [154, 166]}, {"key": "provision-of", "type": "clause", "offset": [170, 182]}, {"key": "prior-to", "type": "clause", "offset": [206, 214]}, {"key": "beginning-work", "type": "clause", "offset": [231, 245]}, {"key": "the-buyer", "type": "clause", "offset": [251, 260]}, {"key": "security-check", "type": "clause", "offset": [276, 290]}, {"key": "employment-checks", "type": "definition", "offset": [321, 338]}, {"key": "employment-history", "type": "definition", "offset": [358, 376]}, {"key": "immigration-status", "type": "definition", "offset": [390, 408]}], "size": 1, "hash": "7fabcf19c8402366b6fba464f444949d", "id": 8}, {"snippet": "a) shall mean: the technical and organisational measures and practices that are required by, or rec- ommended in, nationally or internationally accepted management standards and codes of practice relating to Information Security (such as published by the Interna- tional Organization for Standardization or the National Institute of Standards and Tech- nology); b) security standards and guidelines relating to Information Security (including generally accepted principles regarding the segrega- tion of the duties of governance, imple- mentation and control) provided to the general public or Information Security practitioners and stakeholders by gener- ally recognised authorities and organisa- tions; and c) the Government\u2019s security policies, frame- works, standards and guidelines relating to Information Security.", "samples": [{"hash": "45CG8Dwgefo", "uri": "/contracts/45CG8Dwgefo#good-security-practice", "label": "G Cloud 14 Call Off Contract", "score": 36.1881484985, "published": true}], "snippet_links": [{"key": "technical-and-organisational-measures", "type": "clause", "offset": [19, 56]}, {"key": "required-by", "type": "definition", "offset": [80, 91]}, {"key": "codes-of-practice", "type": "definition", "offset": [178, 195]}, {"key": "information-security", "type": "definition", "offset": [208, 228]}, {"key": "national-institute", "type": "definition", "offset": [311, 329]}, {"key": "of-standards", "type": "clause", "offset": [330, 342]}, {"key": "standards-and-guidelines", "type": "definition", "offset": [374, 398]}, {"key": "generally-accepted", "type": "clause", "offset": [443, 461]}, {"key": "duties-of", "type": "clause", "offset": [508, 517]}, {"key": "general-public", "type": "definition", "offset": [576, 590]}, {"key": "the-government", "type": "clause", "offset": [712, 726]}, {"key": "security-policies", "type": "definition", "offset": [729, 746]}], "size": 1, "hash": "dd0698c2c499eb2056fe14485db97627", "id": 9}, {"snippet": "means: a) the technical and organisational measures and practices that are required by, or recommended in, nationally or internationally accepted management standards and codes of practice relating to Information Security (such as published by the International Organization for Standardization or the National Institute of Standards and Technology); b) security standards and guidelines relating to Information Security (including generally accepted principles regarding the segregation of the duties of governance, implementation and control) provided to the general public or Information Security practitioners and stakeholders by generally recognised authorities and organisations; and c) the Government\u2019s security policies, frameworks, standards and guidelines relating to Information Security. \u201cInformation Security\u201d shall mean: a) the protection and preservation of: i) the confidentiality, integrity and availability of any Buyer assets, the Buyer\u2019s systems environment (or any part thereof) and the Supplier\u2019s systems environment (or any part thereof); ii) related properties of information including, but not limited to, authenticity, accountability, and non-repudiation; and b) compliance with all Law applicable to the processing, transmission, storage and disposal of Buyer assets. \u201cInformation Security Manager\u201d shall mean the person appointed by the Supplier with the appropriate experience, authority and expertise to ensure that the Supplier complies with the Buyer\u2019s Security Requirements. \u201cInformation Security Management System (\u201cISMS\u201d)\u201d shall mean the set of policies, processes and systems designed, implemented and maintained by the Supplier to manage Information Security Risk as specified by ISO/IEC 27001. \u201cInformation Security Questionnaire\u201d shall mean the Buyer\u2019s set of questions used to audit and on an ongoing basis assure the Supplier\u2019s compliance with the Buyer\u2019s Security Requirements. \u201cInformation Security Risk\u201d shall mean any risk that might adversely affect Information Security including, but not limited to, a Breach of Security. \u201cISO/IEC 27001, ISO/IEC 27002 and ISO 22301 shall mean a) ISO/IEC 27001; b) ISO/IEC 27002/IEC; and c) ISO 22301 in each case as most recently published by the International Organization for Standardization or its successor entity (the \u201cISO\u201d) or the relevant successor or replacement information security standard which is formally recommended by the ISO. \u201cNCSC\u201d shall mean the National Cyber Security Centre or its successor entity (where applicable). \u201cPenetration Test\u201d shall mean a simulated attack on any Buyer assets, the Buyer\u2019s systems environment (or any part thereof) or the Supplier\u2019s systems environment (or any part thereof). \u201cPCI DSS\u201d shall mean the Payment Card Industry Data Security Standard as most recently published by the PCI Security Standards Council, LLC or its successor entity (the \u201cPCI\u201d). \u201cRisk Profile\u201d shall mean a description of any set of risk. The set of risks can contain those that relate to a whole organisation, part of an organisation or as otherwise applicable. \u201cSecurity Test\u201d shall include, but not be limited to, Penetration Test, Vulnerability Scan, Availability Test and any other security related test and audit. \u201cTigerscheme\u201d shall mean a scheme for authorised penetration tests which scheme is managed by USW Commercial Services Ltd. \u201cVulnerability Scan\u201d shall mean an ongoing activity to identify any potential vulnerability in any Buyer assets, the Buyer\u2019s systems environment (or any part thereof) or the Supplier\u2019s systems environment (or any part thereof).", "samples": [{"hash": "hsIMBaAg4JD", "uri": "/contracts/hsIMBaAg4JD#good-security-practice", "label": "G Cloud 13 Call Off Contract", "score": 33.9581718445, "published": true}], "snippet_links": [{"key": "technical-and-organisational-measures", "type": "clause", "offset": [14, 51]}, {"key": "required-by", "type": "definition", "offset": [75, 86]}, {"key": "codes-of-practice", "type": "definition", "offset": [171, 188]}, {"key": "to-information", "type": "clause", "offset": [198, 212]}, {"key": "international-organization-for-standardization", "type": "definition", "offset": [248, 294]}, {"key": "national-institute-of-standards-and-technology", "type": "definition", "offset": [302, 348]}, {"key": "standards-and-guidelines", "type": "definition", "offset": [363, 387]}, {"key": "generally-accepted", "type": "clause", "offset": [432, 450]}, {"key": "duties-of", "type": "clause", "offset": [495, 504]}, {"key": "general-public", "type": "definition", "offset": [561, 575]}, {"key": "the-government", "type": "clause", "offset": [693, 707]}, {"key": "security-policies", "type": "definition", "offset": [710, 727]}, {"key": "preservation-of", "type": "clause", "offset": [857, 872]}, {"key": "availability-of", "type": "clause", "offset": [912, 927]}, {"key": "buyer-assets", "type": "definition", "offset": [932, 944]}, {"key": "the-buyer", "type": "clause", "offset": [946, 955]}, {"key": "the-supplier", "type": "clause", "offset": [1004, 1016]}, {"key": "related-properties", "type": "definition", "offset": [1066, 1084]}, {"key": "of-information", "type": "definition", "offset": [1085, 1099]}, {"key": "not-limited", "type": "clause", "offset": [1115, 1126]}, {"key": "applicable-to", "type": "definition", "offset": [1213, 1226]}, {"key": "the-processing", "type": "clause", "offset": [1227, 1241]}, {"key": "of-buyer", "type": "clause", "offset": [1278, 1286]}, {"key": "information-security-manager", "type": "definition", "offset": [1296, 1324]}, {"key": "appropriate-experience", "type": "definition", "offset": [1383, 1405]}, {"key": "authority-and", "type": "clause", "offset": [1407, 1420]}, {"key": "to-ensure", "type": "clause", "offset": [1431, 1440]}, {"key": "security-requirements", "type": "definition", "offset": [1485, 1506]}, {"key": "information-security-management-system", "type": "definition", "offset": [1509, 1547]}, {"key": "information-security-risk", "type": "definition", "offset": [1675, 1700]}, {"key": "as-specified", "type": "clause", "offset": [1701, 1713]}, {"key": "information-security-questionnaire", "type": "definition", "offset": [1733, 1767]}, {"key": "compliance-with-the", "type": "clause", "offset": [1869, 1888]}, {"key": "adversely-affect", "type": "definition", "offset": [1979, 1995]}, {"key": "breach-of-security", "type": "definition", "offset": [2050, 2068]}, {"key": "iso-22301", "type": "definition", "offset": [2104, 2113]}, {"key": "each-case", "type": "definition", "offset": [2185, 2194]}, {"key": "successor-entity", "type": "clause", "offset": [2283, 2299]}, {"key": "the-relevant", "type": "clause", "offset": [2315, 2327]}, {"key": "information-security-standard", "type": "definition", "offset": [2353, 2382]}, {"key": "national-cyber-security-centre", "type": "definition", "offset": [2447, 2477]}, {"key": "where-applicable", "type": "clause", "offset": [2503, 2519]}, {"key": "pci-dss", "type": "definition", "offset": [2708, 2715]}, {"key": "payment-card-industry-data-security-standard", "type": "definition", "offset": [2732, 2776]}, {"key": "standards-council", "type": "definition", "offset": [2824, 2841]}, {"key": "risk-profile", "type": "clause", "offset": [2885, 2897]}, {"key": "description-of", "type": "definition", "offset": [2912, 2926]}, {"key": "of-risks", "type": "definition", "offset": [2952, 2960]}, {"key": "relate-to", "type": "definition", "offset": [2984, 2993]}, {"key": "security-test", "type": "definition", "offset": [3069, 3082]}, {"key": "vulnerability-scan", "type": "definition", "offset": [3140, 3158]}, {"key": "availability-test", "type": "definition", "offset": [3160, 3177]}, {"key": "other-security", "type": "clause", "offset": [3186, 3200]}, {"key": "penetration-tests", "type": "definition", "offset": [3274, 3291]}, {"key": "commercial-services", "type": "definition", "offset": [3323, 3342]}], "size": 1, "hash": "40dad5b5ae62ebe1effd9f9f21863698", "id": 10}], "next_curs": "CmMSXWoVc35sYXdpbnNpZGVyY29udHJhY3Rzcj8LEhpEZWZpbml0aW9uU25pcHBldEdyb3VwX3Y1NiIfZ29vZC1zZWN1cml0eS1wcmFjdGljZSMwMDAwMDAwYQyiAQJlbhgAIAA=", "definition": {"title": "Good Security Practice", "snippet": "means: a) the technical and organisational measures and practices that are required by, or recommended in, nationally or internationally accepted management standards and codes of practice relating to Information Security (such as published by the International Organization for Standardization or the National Institute of Standards and Technology); b) security standards and guidelines relating to Information Security (including generally accepted principles regarding the segregation of the duties of governance, implementation and control) provided to the general public or Information Security practitioners and stakeholders by generally recognised authorities and organisations; and c) the Government\u2019s security policies, frameworks, standards and guidelines relating to Information Security.", "size": 45, "id": "good-security-practice", "examples": ["The Contractor shall at all times comply with the Authority\u2019s Security Requirements and provide a level of security which is in accordance with the Security Policies and Standards, <strong>Good Security Practice</strong> and Law."], "related": [["group-practice", "Group practice", "Group practice"], ["security-procedures", "Security Procedures", "Security Procedures"], ["agreed-security-principles", "Agreed Security Principles", "Agreed Security Principles"], ["information-security-program", "Information Security Program", "Information Security Program"], ["prudent-utility-practice", "Prudent Utility Practice", "Prudent Utility Practice"]], "related_snippets": [], "updated": "2025-07-24T04:27:56+00:00"}, "json": true, "cursor": ""}}