Information Systems Security. A comprehensive information technology security policy shall be developed on the basis of an approved strategy for information and communication technology to ensure confidentiality, integrity and availability of all data: (a) Information systems security shall be based on the criteria laid down in the version applicable in the financial year concerned of International Standards Organisation 17799/British Standard 7799: Code of practise for Information Security Management (BS ISO/IEC 17799) and any guidelines on the application of these standards established by the Commission. (b) Security measures shall be adapted to the administrative structure, staffing and technological environments of each individual structure, authority or body of the management and control systems. The financial and technological effort shall be in proportion to the actual risks incurred.
Appears in 3 contracts
Sources: Cooperation Agreement, Cooperation Agreement, Cooperation Agreement