Common use of Information Security Management System Clause in Contracts

Information Security Management System. 2.1. ▇▇▇▇ & ▇▇▇▇▇▇’▇ Information Security Polices set a clear direction for Information Security and demonstrate support for, and commitment to the management of Information Security throughout the company. 2.2. Information Security is managed through a stringent set of controls, including policies, processes, procedures, software, and hardware functions that constitute ▇▇▇▇ & Mackay’s Information Security Management System (ISMS). These controls are monitored, reviewed, and where necessary, improved to ensure that specific security and business objectives are met. 2.3. All Staff receive a comprehensive and mandatory induction and training programme on joining the company and an annual compliance refresher including Information Security and data protection. 2.4. The ultimate responsibility for Information Security lies with the Chief Information Officer but this responsibility is discharged through the designated role of Director of Security & Trust, who has primary responsibility for Information Security, Information Security Risk, Cyber Security, and Security Incident Management within ▇▇▇▇ & ▇▇▇▇▇▇ and acts as the central point of contact for Information Security for both Staff and external organisations. 2.5. Heads of Departments are responsible for enforcing Information Security Policies within their business areas and for adherence by their Staff. All Staff have a responsibility for Information Security; ensuring that they follow relevant company policies, processes, and procedures; have a general awareness of importance of Information Security and the potential risks; reporting any incidents, events, or potential weaknesses.

Information Security Management System. 2.1. ▇▇▇▇ & ▇▇▇▇▇▇’▇ Information Security Polices set a clear direction for Information Security and demonstrate support for, and commitment to the management of Information Security throughout the company. 2.2. Information Security is managed through a stringent set of controls, including policies, processes, procedures, software, and hardware functions that constitute ▇▇▇▇ & Mackay’s Information Security Management System (ISMS). These controls are monitored, reviewedreviewed and, and where necessary, improved to ensure that specific security and business objectives are met. 2.3. All Staff receive a comprehensive and mandatory induction and training programme on joining the company and an annual compliance refresher including Information Security and data protection. 2.4. The ultimate responsibility for Information Security lies with the Group Chief Information Officer but this responsibility is discharged through the designated role of Director Head of Security & TrustInformation Security, who has primary responsibility for Information Security, Information Security Risk, Cyber Security, risk and Security Incident Management security incident management within ▇▇▇▇ & ▇▇▇▇▇▇ and acts as the central point of contact for Information Security for both Staff and external organisations. 2.5. Heads of Departments are responsible for enforcing Information Security Policies within their business areas and for adherence by their Staff. All Staff have a responsibility for Information Security; ensuring that they follow relevant company policies, processes, and procedures; have a general awareness of importance of Information Security and the potential risks; reporting any incidents, events, or potential weaknesses.

Information Security Management System. 2.1. ▇▇▇▇ & ▇▇▇▇▇▇’▇ Information Security Polices set a clear direction for Information Security and demonstrate support for, and commitment to the management of Information Security throughout the company. 2.2. Information Security is managed through a stringent set of controls, including policies, processes, procedures, software, and hardware functions that constitute ▇▇▇▇ & Mackay’s ▇▇▇▇▇▇’▇ Information Security Management System (ISMS). These controls are monitored, reviewedreviewed and, and where necessary, improved to ensure that specific security and business objectives are met. 2.3. All Staff receive a comprehensive and mandatory induction and training programme on joining the company and an annual compliance refresher including Information Security and data protection. 2.4. The ultimate responsibility for Information Security lies with the Group Chief Information Officer but this responsibility is discharged through the designated role of Director Head of Security & TrustInformation Security, who has primary responsibility for Information Security, Information Security Risk, Cyber Security, risk and Security Incident Management security incident management within ▇▇▇▇ & ▇▇▇▇▇▇ and acts as the central point of contact for Information Security for both Staff and external organisations. 2.5. Heads of Departments are responsible for enforcing Information Security Policies within their business areas and for adherence adherenc e by their Staff. All Staff have a responsibility for Information Security; ensuring that they follow relevant company policies, processes, and procedures; have a general awareness of importance of Information Security and the potential risks; reporting any incidents, events, or potential weaknesses.

Information Security Management System. 2.1. ▇▇▇▇ & ▇▇▇▇▇▇’▇ Information Security Polices set a clear direction for Information Security and demonstrate support for, and commitment to the management of Information Security throughout the company. 2.2. Information Security is managed through a stringent set of controls, including policies, processes, procedures, software, and hardware functions that constitute ▇▇▇▇ & Mackay’s ▇▇▇▇▇▇’▇ Information Security Management System (ISMS). These controls are monitored, reviewedreviewed and, and where necessary, improved to ensure that specific security and business objectives are met. 2.3. All Staff receive a comprehensive and mandatory induction and training programme on joining the company and an annual compliance refresher including Information Security and data protection. 2.4. The ultimate responsibility for Information Security lies with the Group Chief Information Officer but this responsibility is discharged through the designated role of Director Head of Security & TrustInformation Security, who has primary responsibility for Information Security, Information Security Risk, Cyber Security, risk and Security Incident Management security incident management within ▇▇▇▇ & ▇▇▇▇▇▇ and acts as the central point of contact for Information Security for both Staff and external organisations. 2.5. Heads of Departments are responsible for enforcing Information Security Policies within their business areas and for adherence by their Staff. All Staff have a responsibility for Information Security; ensuring that they follow relevant company policies, processes, and procedures; have a general awareness of importance of Information Security and the potential risks; reporting any incidents, events, or potential weaknesses.