SECURITY AND CONFIDENTIALITY REQUIREMENTS Sample Clauses
The Security and Confidentiality Requirements clause establishes obligations for parties to protect sensitive information and maintain data security. It typically outlines the standards and procedures for handling confidential data, such as restricting access to authorized personnel, implementing technical safeguards, and requiring notification in the event of a breach. This clause serves to prevent unauthorized disclosure or misuse of confidential information, thereby reducing the risk of data leaks and ensuring compliance with privacy regulations.
SECURITY AND CONFIDENTIALITY REQUIREMENTS. 15.1. A Non-Disclosure Agreement will need to be signed before the Contract Award.
15.2. Security clearance (BPSS) is required for the Supplier staff to receive access and work on Official Sensitive project information. The Supplier shall provide evidence that this is in place within the first 4 weeks of the contract.
15.3. Physical security checks will also be required to work or visit any of our CCS offices located in Liverpool, Newport, Bristol, Birmingham, Norwich and London. A CCS office-building pass will be granted, if required.
15.4. No Personal data shall be processed or stored on the Service Provider infrastructure without the explicit approval of the CCS Data Protection Manager. If approval is given to process personal data, the Supplier shall provide a Data Privacy Impact Assessment (DPIA) defining the privacy-related risk and controls be put in place to ensure it is appropriately protected.
15.5. All information released to the Supplier shall be treated as OFFICIAL and only stored and/ or processed in a manner throughout the contracted period where the security risk exposure is within the risk tolerance of the Contracting Authority and the Service Provider has obtained Cyber Essential certification.
15.6. The Supplier shall provide a Security Management Plan to be applied throughout the Design, Development and Deployment activities and shall submit to the Contracting Authority within the timescales defined therein.
15.7. All Contracting Authority OFFICIAL data provided in support of this agreement shall not be used for any other purpose than meeting the Contracting Authority’s requirements under this Statement of Requirement. At the end of this contract, the Supplier shall provide evidence, to the satisfaction of the Contracting Authority, that it has securely deleted all OFFICIAL data in accordance with HMG guidance.
15.8. The Supplier shall make provision to provide IT equipment for each of their Team under this agreement. Where the Supplier is provisioned with Contracting Authority IT in support of this agreement, the Supplier shall ensure any individual who is provided with such equipment shall accept all the acceptable use policy. Any failure to comply shall be reported to the Contracting Authority and appropriate action taken to hold the individual accountable.
15.9. The Supplier shall nominate a single individual within their team to be accountable for all such provisioned Authority IT. If the Supplier detects a potential security incid...
SECURITY AND CONFIDENTIALITY REQUIREMENTS. 16.1 Any specific security requirements pertaining to attendance to Buyer premises or handling of Buyer data are specified in the Order Form.
SECURITY AND CONFIDENTIALITY REQUIREMENTS. 9.1 No specific security clearance requirements for staff have been identified in addition to the mandatory and pre-employment compliance checks that are required. If required detail will be provided on the Order.
SECURITY AND CONFIDENTIALITY REQUIREMENTS. The Supplier must comply with all relevant Data Protection Legislation, as defined in the terms and conditions applying to this statement of requirements.
SECURITY AND CONFIDENTIALITY REQUIREMENTS. Please see REDACTED TEXT under FOIA Section 40, Personal Information document for REDACTED TEXT under FOIA Section 40, Personal Information
16.1 Should the scope of the work identify the supplier’s staff having access to sensitive or classified information, the supplier shall be willing to undergo Government Security Vetting.
SECURITY AND CONFIDENTIALITY REQUIREMENTS. 16.1 There are no specific or additional security requirements beyond those already stated within the Framework.
SECURITY AND CONFIDENTIALITY REQUIREMENTS. Personnel security and information access
16.1. The supplier's staff must hold the relevant security clearance to work with the government; this is security vetting to SC level.
16.2. The supplier will have access to information on how a number of government processes work and most likely some of the problems faced by the government in this area. The supplier should treat this information as commercially sensitive, and should not share this information with third parties. The supplier should be prepared to sign a non- disclosure agreement (NDA) and or contractual confidentiality clause.
SECURITY AND CONFIDENTIALITY REQUIREMENTS. 1. Security and Confidentiality requirements must comply completely with:
a) All federal and state regulations.
b) Current and future HIPAA regulations.
c) Security and privacy regulations imposed by the San Bernardino County Sheriff's Department and contracted agencies (e.g. Marshal, Federal).
d) Security and privacy regulations imposed by the Probation Department.
e) Security and privacy regulations imposed by the Department of Social Services.
f) Procedures and regulations specific to Juveniles.
g) Background checks conducted by the San Bernardino County Sheriff’s Department.
SECURITY AND CONFIDENTIALITY REQUIREMENTS. The Supplier shall ensure that all staff supporting the authority hold UK National Security Vetting to “Security Check” (SC) level. The Supplier shall maintain compliance with ISO 27001:2013 and ISO 27018:2014 or equivalent, Cyber Essentials Plus and shall also ensure that any third parties used by it in the course of the service provision and deemed critical to the service, shall adopt a systematic approach to managing information so that it remains secure.
SECURITY AND CONFIDENTIALITY REQUIREMENTS. 16.1 All Supplier staff shall be expected to hold SC clearance and operate from within the United Kingdom (UK).
16.2 It is important that the supplier employs the appropriate organisational, operational and technological processes and procedures to keep GPG data safe from unauthorised use or access, loss, destruction, theft or disclosure. The organisational, operational and technological processes and procedures adopted are required to comply with the requirements of ISO/IEC 27001 (Information Security Management Standard).
16.3 The Supplier shall ensure that any and all subcontractors they use are compliant with these security requirements.
16.4 The Supplier will use technologies and tooling that are consistent with CO and National Cyber Security Centre (NCSC) best practices and ensure that all technologies hold data in the UK. The Supplier will need the approval of Cabinet Office before offshoring any Cabinet Office data.
16.5 The Supplier shall implement appropriate technical and organisational measures in an effective way in order to meet the requirements of:
16.6 The Data Protection Act (2018) and the General Data Protection Regulation (GDPR).
16.7 The Freedom of Information Act (2000).
16.8 The Privacy and Electronic Communications Regulations (2004).
16.9 The Re-Use of Public Sector Information Regulations (2015)
16.10 The Supplier will provide contact details for a Data Protection Officer who is a full-time member of staff reporting directly to senior management who will act as a main point of contact for any data-related queries.