Common use of Information Security Program Requirements Standards Clause in Contracts

Information Security Program Requirements Standards. Provider shall implement, and warrants that it will implement throughout the Term of the Agreement, a documented information security program that is based on one or more of the following industry standard information security frameworks (each an "Information Security Industry Standard"): (a) International Organization for Standardization ("ISO") / International Electrotechnical Commission ("IEC") ISO/IEC 27002 - Information technology – Security techniques – (b) American Institute of Certified Public Accountants (“AICPA”) Trust Services Principles, Criteria and Illustrations; or (c) Information Security Forum ("ISF") Standards of Good Practice ("SoGP") for Information Security; or (d) National Institute of Standards and Technology ("NIST") Special Publication 800-53 - (e) Information Systems Audit and Control Association ("ISACA") Control Objectives for Information and related Technology (COBIT).

Information Security Program Requirements Standards. Provider 1.1 Counterparty shall implement, and warrants that it will implement throughout the Term of the Agreement, a documented information security program that is based on the current version of one or more of the following industry standard information security frameworks (each an "Information Security Industry Standard"): (ai) International Organization for Standardization ("ISO") / International Electrotechnical Commission ("IEC") ISO/IEC 27002 - Information technology – Security techniques –– Code of practice for information security controls; or (bii) American Institute of Certified Public Accountants (“"AICPA”") Trust Services Principles, Criteria and Illustrations; or (ciii) Information Security Forum ("ISF") Standards of Good Practice ("SoGP") for Information Security; or (div) National Institute of Standards and Technology ("NIST") Special Publication 800-53 - (ev) Information Systems Audit and Control Association ("ISACA") Control Objectives for Information and related Technology ("COBIT").