Information Security Management System Sample Clauses

Information Security Management System. Processes for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures in order to ensure the security of the processing

Information Security Management System. 1. A general security policy has been developed, along with specific security policies regarding organization security, information security, IT system security and security of people and property, all of them defining the basic objectives of the actions related to implementation of the policies. 2. General and specific security standards have been defined that implement the assumptions of the security policies in terms of information security, IT system security, and security of people and property. 3. Specific procedures and operating instructions have been developed for the implementation of the security standards in terms of information security, IT system security, and security of people and property. 4. The policies, standards, procedures, and instructions are subject to periodic reviews and revisions, to be approved by the Company’s top management. 5. A system to monitor changes in personal data processing legislation has been developed and put in place, and the continuity of its operations has been ensured.

Information Security Management System. 2.1. ▇▇▇▇ & ▇▇▇▇▇▇’▇ Information Security Polices set a clear direction for Information Security and demonstrate support for, and commitment to the management of Information Security throughout the company. 2.2. Information Security is managed through a stringent set of controls, including policies, processes, procedures, software, and hardware functions that constitute ▇▇▇▇ & Mackay’s Information Security Management System (ISMS). These controls are monitored, reviewed, and where necessary, improved to ensure that specific security and business objectives are met. 2.3. All Staff receive a comprehensive and mandatory induction and training programme on joining the company and an annual compliance refresher including Information Security and data protection. 2.4. The ultimate responsibility for Information Security lies with the Chief Information Officer but this responsibility is discharged through the designated role of Director of Security & Trust, who has primary responsibility for Information Security, Information Security Risk, Cyber Security, and Security Incident Management within ▇▇▇▇ & ▇▇▇▇▇▇ and acts as the central point of contact for Information Security for both Staff and external organisations. 2.5. Heads of Departments are responsible for enforcing Information Security Policies within their business areas and for adherence by their Staff. All Staff have a responsibility for Information Security; ensuring that they follow relevant company policies, processes, and procedures; have a general awareness of importance of Information Security and the potential risks; reporting any incidents, events, or potential weaknesses.

Information Security Management System. The Supplier shall, within 30 Working Days of the Commencement Date, submit to the Authority a proposed ISMS which:

Information Security Management System. 2.1 The Supplier shall, within 30 Working Days of the Commencement Date, submit to the Authority a proposed ISMS which: 2.1.1 has been tested; and 2.1.2 complies with the requirements of paragraphs 2.2 and 2.3. 2.2 The Supplier shall at all times ensure that the level of security, include cyber security, provided by the ISMS is sufficient to protect the confidentiality, integrity and availability of Information Assets and Authority Data used in the provision of the Services and to provide robust risk management. 2.3 The Supplier shall implement, operate and maintain an ISMS which shall: 2.3.1 protect all aspects of and processes of Information Assets and Authority Data, including where these are held on the ICT Environment (to the extent that this is under the control of the Supplier); 2.3.2 be aligned to and compliant with the relevant standards in ISO/IEC 27001: 2013 or equivalent and the Certification Requirements in accordance with paragraph 5 unless otherwise Approved; 2.3.3 provide a level of security which ensures that the ISMS and the Supplier System: 2.3.3.1 meet the requirements in the Contract; 2.3.3.2 are in accordance with applicable Law; 2.3.3.3 demonstrate Good Industry Practice, including the Government’s 10 Steps to Cyber Security, currently available at: ▇▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇.▇▇/guidance/10-steps-cyber-security; 2.3.3.4 comply with the Security Policy Framework and any other relevant Government security standards; 2.3.3.5 comply with the Baseline Security Requirements; and 2.3.3.6 comply with the Authority’s policies, including, where applicable, Information Security Policy Framework or its replacements; 2.3.4 address any issues of incompatibility with the Supplier’s organisational security policies; 2.3.5 address any specific security threats of immediate relevance to Information Assets and/or Authority Data; 2.3.6 document: 2.3.6.1 the security incident management processes, including reporting, recording and management of information risk incidents, including those relating to the ICT Environment (to the extent that this is within the control of the Supplier) and the loss of protected Personal Data, and the procedures for reducing and raising awareness of information risk; 2.3.6.2 incident response plans, including security incident response companies; and 2.3.6.3 the vulnerability management policy, including processes for identification of system vulnerabilities and assessment of the potential effect on the Services of any new threat,...

Information Security Management System. 2.1 The Supplier shall, within 30 Working Days of the Commencement Date, submit to the Authority a proposed ISMS which: 2.1.1 has been tested; and 2.1.2 complies with the requirements of paragraphs 2.2 and 2.3. 2.2 The Supplier shall at all times ensure that the level of security, include cyber security, provided by the ISMS is sufficient to protect the confidentiality, integrity and availability of Information Assets and Authority Data used in the provision of the Services and to provide robust risk management.

Information Security Management System. Provider will maintain and continually make improvements to a documented information security management system in accordance with standard practices and accepted frameworks in Provider’s industry for the delivery of Services which its personnel are to be made aware of and comply with (“Information Security Management System”).

Information Security Management System. Cohesity implements an Information Security Management System (“ISMS”) that establishes security controls to meet its objectives. The ISMS is aligned to ISO 27001 and the NIST CyberSecurity Framework. The ISMS policy and associated controls are reviewed no less than once per annum.

Information Security Management System. Cloudinary has an ISMS (Information Security Management System) in place to evaluate risks to the security of data, to manage the assessment and treatment of these risks and to continually improve its information security. It includes all aspects of the company – people, processes, and systems – by applying a risk-based approach. Cloudinary ISMS has been inspired and based upon industry best practices, frameworks and standards such as ISO/IEC 27001:2013.