Harmful Code. 23.3.1 The Service Provider must undertake reasonable efforts to detect and prevent any: (a) unauthorised access to Confidential Information and Personal Information in its systems, and (b) any Harmful Code from being introduced by the Service Provider, its Personnel or Subcontractors into Finance or the Agency’s systems or sent from Finance or the Agency’s systems by the Service Provider, its Personnel or Subcontractors, in the course of the Services, including by: i. implementing practices and procedures that are consistent with industry best practice for an engagement similar to the Services; ii. use of appropriate and up-to-date virus detection software for preventing and detecting Harmful Code; and iii. without limiting paragraphs (a) or (b), pro-actively informing itself of developments in threats of Harmful Code, and taking reasonable precautions against such known threats. 23.3.2 If the Service Provider becomes aware that any Harmful Code is found to have been detected the Service Provider must: (a) notify Finance or the Agency promptly and in any event within 24 hours of discovery; (b) provide all information known by the Service Provider and reasonably requested by Finance or the Agency in relation to the Harmful Code, its manner of introduction and the effect the Harmful Code has had or is likely to have; and (c) retain evidence and logs regarding the incident to help in determining the cause, damage and likely source. 23.3.3 The Service Provider must perform its obligations under this clause 23.3 at no additional cost to Finance or the Agency.
Appears in 3 contracts
Sources: Panel Head Agreement, Panel Head Agreement, Panel Head Agreement