Information Security Management System (“ISMS definition

Information Security Management System (“ISMS means the set of policies, processes and systems designed, implemented and maintained by the Contractor to manage Information Security Risk as certified by ISO/IEC 27001.

Split View

AI-Powered Contracts

Draft, Review & Redline at the Speed of AI

Get StartedBook a Demo

Information Security Management System (“ISMS. SailPoint shall maintain an ISMS risk- based security program to systematically manage and protect the organisation's business information and the information of its customers and partners.

Information Security Management System (“ISMS means set of policies and processes established by management to assess the security requirements, develop and implement controls, evaluate effectiveness of controls and implement improvements continual improvement process. Integrity: means accuracy and completeness of information.

More Definitions of Information Security Management System (“ISMS

Information Security Management System (“ISMS means the set of policies, processes and systems designed, implemented and maintained by the Supplier to manage applicable Information Security Risk as certified by ISO/IEC 27001. “Information Security Questionnaire” shall mean the Buyer’s set of questions used to audit and on an ongoing basis assure the Supplier’s compliance with the Buyer’s Security Requirements, provided however, in the event there are no material changes to the Supplier’s environment, the Buyer may rely on a previously completed questionnaire or the Supplier shall provide a Cloud Security Alliance questionnaire or a Standard Information Gathering Questionnaire (SIG). “Information Security Risk” shall mean any risk that might adversely affect Information Security including, but not limited to, a Breach of Security. ISAE 3402 shall mean the International Standard on Assurance Engagements No. 3402 (ISAE) as most recently published by the International Auditing and Assurance Standards Board or its successor entity (“IAASB”) or the relevant successor or replacement standard which is formally recommended by the IAASB. “ISO/IEC 27001, ISO/IEC 27002 and ISO 22301 shall mean: (a) ISO/IEC 27001; (b) ISO/IEC 27002/IEC; and (c) ISO 22301, in each case as most recently published by the International Organization for Standardization or its successor entity (the “ISO”) or the relevant successor or replacement information security standard which is formally recommended by the ISO. “NCSC” shall mean the National Cyber Security Centre or its successor entity (where applicable). “Penetration Test” shall mean a simulated attack on any Buyer Assets, the Buyer’s Systems Environment (or any part thereof) or the Supplier’s Systems Environment (or any part thereof). “Risk Profile” shall mean a description of any set of risks. The set of risks can contain those that relate to a whole organisation, part of an organisation or as otherwise applicable. “Security Policies” shall mean the Buyer’s Security Policies published by the Buyer from time to time and shall include any successor, replacement or additional Security Policies. The Security Policies are set out in Annex A to this Schedule 8. “Security Policies and Standards” shall mean the Security Policies and the Security Standards. “Security Standards” shall mean the Buyer’s Security Standards published by the Buyer from time to time and shall include any successor, replacement or additional Security Standards. The Security Standards are set out in Annex B to t...

Information Security Management System (“ISMS means a management system that defines the methodology, rules, procedures, measures, and control measures for protection of information in the organisation pursuant to the ISO standard series ISO/IEC:27001. Infrastructure as a Service means the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).