Common use of Security and Data Clause in Contracts

Security and Data. The Service Provider shall not delete or remove any proprietary notices contained within or relating to the Purchaser Data. The Service Provider shall not store, copy, disclose, or use the Purchaser Data except as necessary for the performance by the Service Provider of its obligations under this Contract or as otherwise expressly authorised in writing by the Purchaser. The Service Provider shall preserve the integrity of the Purchaser Data and prevent the corruption or loss of the Purchaser Data, ensuring at all times that the relevant Purchaser Data is under its control or the control of any Sub-contractor. The Service Provider shall perform secure back-ups of all Purchaser Data and shall ensure that up-to-date back-ups are stored off-site in accordance with the BCDR Plan. The Service Provider shall ensure that such back-ups are available to the Purchaser (or to such other person as the Purchaser may direct) at all times upon request and are delivered to the Purchaser at such other intervals as may be agreed in writing between the Parties. The Service Provider shall ensure that any system on which the Service Provider holds any Purchaser Data, including back-up data, is a secure system that complies with the Security Plan. Where appropriate, the system should reflect the Scottish Public Sector Supply Chain Cyber Security Policy for cloud-based requirements as the same may be updated from time to time. The Service Provider shall at all times when performing the Services comply with the terms of the BCDR Plan. If any of the Purchaser Data is corrupted, lost or sufficiently degraded as a result of the Service Provider's Default so as to be unusable, the Purchaser may: require the Service Provider (at the Service Provider's expense) to restore or procure the restoration of Purchaser Data to the extent and in accordance with the requirements specified in Schedule 17 (Business Continuity and Disaster Recovery) and the Service Provider shall do so as soon as practicable but not later than five (5) Working Days from the date of receipt of the Purchaser’s notice; and/or itself restore or procure the restoration of Purchaser Data, and shall be repaid by the Service Provider any reasonable expenses incurred in doing so to the extent and in accordance with the requirements specified in Schedule 17 (Business Continuity and Disaster Recovery). If at any time the Service Provider suspects or has reason to believe that Purchaser Data has or may become corrupted, lost or sufficiently degraded in any way for any reason, then the Service Provider shall notify the Purchaser immediately and inform the Purchaser of the remedial action the Service Provider proposes to take. The Service Provider shall comply with the requirements of Schedule 13 (Security Management).

Security and Data. 36.1. The Service Provider must comply with the Authority’s policies concerning Baseline Personnel Security Standard clearance and such modifications to those policies or replacement policies as are notified to the Service Provider from time to time. 36.2. The Service Provider must notify the Authority of any matter or other change in circumstances which might adversely affect future Baseline Personnel Security Standard clearance. 36.3. The Service Provider shall not delete or remove any proprietary notices contained within or relating to the Purchaser Data. 36.4. The Service Provider shall not store, copy, disclose, or use the Purchaser Data except as necessary for the performance by the Service Provider of its obligations under this Contract or as otherwise expressly authorised in writing by the PurchaserAuthority. 36.5. The Service Provider shall preserve the integrity of the Purchaser Data and prevent the corruption or loss of the Purchaser Data, ensuring at all times that the relevant Purchaser Data is under its control or the control of any Sub-Sub- contractor. 36.6. The Service Provider shall perform secure back-ups of all Purchaser Data and shall ensure that up-to-date back-ups are stored off-site in accordance with the BCDR Plan. The Service Provider shall ensure that such back-ups are available to the Purchaser Authority (or to such other person as the Purchaser Authority may direct) at all times upon request and are delivered to the Purchaser Authority at such other intervals as may be agreed in writing between the Parties. 36.7. The Service Provider shall ensure that any system on which the Service Provider holds any Purchaser Data, including back-up data, is a secure system that complies with the Security Plan. Where appropriate, the system should reflect the Scottish Public Sector Supply Chain Cyber Security Policy for cloud-based requirements as the same may be updated from time to time. 36.8. The Service Provider shall at all times when performing the Services comply with the terms of the BCDR Plan. 36.9. If any of the Purchaser Data is corrupted, lost or sufficiently degraded as a result of the Service Provider's Default so as to be unusable, the Purchaser Authority may: : 36.9.1. require the Service Provider (at the Service Provider's expense) to restore or procure the restoration of Purchaser Data to the extent and in accordance with the requirements specified in Schedule 17 6 (Testing Procedures & Business Continuity and Disaster Recovery) Section B and the Service Provider shall do so as soon as practicable but not later than five (5) 5 Working Days from the date of receipt of the PurchaserAuthority’s notice; and/or and/or 36.9.2. itself restore or procure the restoration of Purchaser Data, and shall be repaid by the Service Provider any reasonable expenses incurred in doing so to the extent and in accordance with the requirements specified in Schedule 17 6 (Testing Procedures & Business Continuity and Disaster Recovery)) Section B. 36.10. If at any time the Service Provider suspects or has reason to believe that Purchaser Data has or may become corrupted, lost or sufficiently degraded in any way for any reason, then the Service Provider shall notify the Purchaser Authority immediately and inform the Purchaser Authority of the remedial action the Service Provider proposes to take. 36.11. The Service Provider shall fully comply with the requirements of Schedule 13 12 (Security Management).

Security and Data. The Service Provider shall not delete or remove any proprietary notices contained within or relating to the Purchaser Data. The Service Provider shall not store, copy, disclose, or use the Purchaser Data except as necessary for the performance by the Service Provider of its obligations under this Contract or as otherwise expressly authorised in writing by the Purchaser. The Service Provider shall preserve the integrity of the Purchaser Data and prevent the corruption or loss of the Purchaser Data, ensuring at all times that the relevant Purchaser Data is under its control or the control of any Sub-contractor. The Service Provider shall perform secure back-ups of all Purchaser Data and shall ensure that up-to-date back-ups are stored off-site in accordance with the BCDR Plan. The Service Provider shall ensure that such back-ups are available to the Purchaser (or to such other person as the Purchaser may direct) at all times upon request and are delivered to the Purchaser at such other intervals as may be agreed in writing between the Parties. The Service Provider shall ensure that any system on which the Service Provider holds any Purchaser Data, including back-up data, is a secure system that complies with the Security Plan. Where appropriate, the system should reflect the Scottish Public Sector Supply Chain Cyber Security Policy for cloud-based requirements as the same may be updated from time to time. The Service Provider shall at all times when performing the Services comply with the terms of the BCDR Plan. If any of the Purchaser Data is corrupted, lost or sufficiently degraded as a result of the Service Provider's Default so as to be unusable, the Purchaser may: require the Service Provider (at the Service Provider's expense) to restore or procure the restoration of Purchaser Data to the extent and in accordance with the requirements specified in Schedule 17 (Business Continuity and Disaster Recovery) and the Service Provider shall do so as soon as practicable but not later than five (5) Working Days from the date of receipt of the Purchaser’s notice; and/or itself restore or procure the restoration of Purchaser Data, and shall be repaid by the Service Provider any reasonable expenses incurred in doing so to the extent and in accordance with the requirements specified in Schedule 17 (Business Continuity and Disaster Recovery). If at any time the Service Provider suspects or has reason to believe that Purchaser Data has or may become corrupted, lost or sufficiently degraded in any way for any reason, then the Service Provider shall notify the Purchaser immediately and inform the Purchaser of the remedial action the Service Provider proposes to take. The Service Provider shall comply with the requirements of Schedule 13 Error: Reference source not found (Security Management).

Security and Data. ‌ 33.1 The Service Provider shall not delete or remove any proprietary notices contained within or relating to the Purchaser Data. . 33.2 The Service Provider shall not store, copy, disclose, or use the Purchaser Data except as necessary for the performance by the Service Provider of its obligations under this Contract or as otherwise expressly authorised in writing by the Purchaser. . 33.3 The Service Provider shall preserve the integrity of the Purchaser Data and prevent the corruption or loss of the Purchaser Data, ensuring at all times that the relevant Purchaser Data is under its control or the control of any Sub-contractor. . 33.4 The Service Provider shall perform secure back-ups of all Purchaser Data and shall ensure that up-to-date back-ups are stored off-site in accordance with the BCDR Plan. The Service Provider shall ensure that such back-ups are available to the Purchaser (or to such other person as the Purchaser may direct) at all times upon request and are delivered to the Purchaser at such other intervals as may be agreed in writing between the Parties. . 33.5 The Service Provider shall ensure that any system on which the Service Provider holds any Purchaser Data, including back-up data, is a secure system that complies with the Security Plan. Where appropriate, the system should reflect the Scottish Public Sector Supply Chain Cyber Security Policy for cloud-based requirements as the same may be updated from time to time. . 33.6 The Service Provider shall at all times when performing the Services comply with the terms of the BCDR Plan. . 33.7 If any of the Purchaser Data is corrupted, lost or sufficiently degraded as a result of the Service Provider's Default so as to be unusable, the Purchaser may: : 33.7.1 require the Service Provider (at the Service Provider's expense) to restore or procure the restoration of Purchaser Data to the extent and in accordance with the requirements specified in Schedule 17 0 (Business Continuity and Disaster Recovery) and the Service Provider shall do so as soon as practicable but not later than five (5) Working Days from the date of receipt of the Purchaser’s notice; and/or and/or 33.7 2 itself restore or procure the restoration of Purchaser Data, and shall be repaid by the Service Provider any reasonable expenses incurred in doing so to the extent and in accordance with the requirements specified in Schedule 17 0 (Business Continuity and Disaster Recovery). . 33.8 If at any time the Service Provider suspects or has reason to believe that Purchaser Data has or may become corrupted, lost or sufficiently degraded in any way for any reason, then the Service Provider shall notify the Purchaser immediately and inform the Purchaser of the remedial action the Service Provider proposes to take. . 33.9 The Service Provider shall comply with the requirements of Schedule 13 Error! Reference source not found. (Security Management).