Security Management. 3.1 The Operator shall operate a security management function in relation to the Operator Systems. This shall include having: 3.1.1 a single named point of contact within the Operator organisation for security management; 3.1.2 board-level responsibility for security within the Operator organisation; 3.1.3 an appropriate process within the Operator for escalation and resolution of security issues; 3.1.4 security specialists with the necessary skills and experience (including risk assessment, technical design, security testing, vulnerability assessment and contingency planning) to fulfil the requirements of this Agreement; 3.1.5 administrators with the necessary skills and experience to perform required security administration activities (including setting up new users, Malicious Software clean-up, data back-up, system monitoring, the investigation of security incidents); and 3.1.6 a person or team responsible for assessing the security implications of new technology or evaluating the opportunities presented by new security products and services. 3.2 The Operator shall implement and maintain a detailed security management process for the Operator systems, which shall be agreed with the Authority during the Implementation Phase. 3.3 The Authority may, on the provision of notice which is reasonable in the circumstances, convene such meetings as it considers necessary to deal with any security-related issues. The Operator shall ensure that the Staff nominated by the Authority are available to attend any such meeting. 3.4 Without prejudice to any obligations of the Operator under the Agreement, the Operator shall provide the Staff with appropriate training on security functions and procedures.
Appears in 3 contracts
Sources: Services Agreement, Services Agreement, Services Agreement