Section

Scope

16 clauses

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

Non-public networks should only be accessible to authorized personnel

1.1.The Supplier shall ensure that any non-public network utilized by the Supplier is constructed and protected in such a manner that only authorized access is possible.
0
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

Public network security, data encryption

1.1.The Supplier shall ensure that when public networks (Internet) are utilized by the Supplier, appropriate security mechanisms are in place so that no unauthorized access is possible.
1.2.The Supplier shall ensure that when Confidential Information or COMPANY NAME Data is communicated over a public network it shall be encrypted either with SSL/TLS with encryption keys of AES-128 bits strength or equivalent for symmetric encryption and RSA-2048 bits strength or equivalent for asymmetric encryption, or by another solution that has been approved in writing by COMPANY NAME beforehand.
1
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

The Supplier promises to only communicate electronically over secure wireless networks, as recommended by the product manufacturer

1.1.The Supplier undertakes to only utilize internal electronic communication over wireless networks when WPA2 or higher encryption is in use according to the product manufacturer’s recommendation.
0
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

Backup copies and access control

1.1.The Supplier shall ensure that COMPANY NAME proprietary information and operational system state can be recovered following a Disaster or media failure.
1.2.Backup copies shall be saved by the Supplier for a minimum period of one (1) year, or for such other period of time as agreed with COMPANY NAME in writing.
1.3.The Supplier shall have documented routines and processes in place to meet its obligations
1.4.regarding availability and security of Confidential Information and COMPANY NAME Data.
1.5.If physical media containing Confidential Information and/or COMPANY NAME Data is to be decommissioned, Supplier shall treat such Confidential Information and COMPANY NAME Data in accordance with the Confidentiality clause of the Supplier Contract. Any return to COMPANY NAME of Confidential Information or COMPANY NAME Data shall be made in a secure manner and any destruction shall be made in a way so that the information cannot be recreated or accessed.
1.6.The Supplier shall have documented routines in place regarding destruction of physical media and shall be able to show proof of such destruction upon request. Access to backup copies shall be controlled, logged, and handled according to stated routines in accordance with ISO/IEC 27001.
0
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

Security and protection

1.1.The Supplier shall ensure that adequate burglary protection is installed and in use at all premises utilized by the Supplier or any subcontractor for activities related to COMPANY NAME. The Supplier shall ensure that servers, including peripheral equipment, communication equipment and data media associated with COMPANY NAME are placed in locked rooms (minimum requirement) and are only accessible to authorized personnel. The Supplier shall ensure that adequate procedures are in place for protection of Supplied Services utilized for activities related to COMPANY NAME against damage from fire, flood, earthquake, explosion, civil unrest and other forms of natural or man-made disasters or accidents.
0
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

Agreed security method

1.1.The Supplier shall agree on a standardized method for handling and reporting security incidents related to COMPANY NAME services. The agreed method shall be formalized in the Service Level Agreement.
0
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

Security management framework

1.1.The Supplier shall have a management framework established to initiate and control the implementation of security.
1.2.The Supplier shall have an operational and documented process regarding internal personnel changes. All staff changes that affect or may affect personnel with access to COMPANY NAME’s systems shall be reported to COMPANY NAME within 30 days. Staff changes shall be documented and stored for review and the Supplier shall be able to show documented staff changes upon COMPANY NAME’s request.
0
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

Business continuity plan

1.1.The Supplier shall have an adequate and well documented business continuity plan in place in order to fulfill its undertakings towards COMPANY NAME. The business continuity plan shall be shown to COMPANY NAME upon request.
0
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

Intrusion prevention system

1.1.The Supplier shall at all times ensure that an adequate and up to date intrusion prevention system, or equivalent solution, is installed. The intrusion prevention system, or equivalent solution, shall be updated according to a documented routine that aligns with the product manufacturer’s recommendation.
0
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

Security software development lifecycle

1.1.In case the Supplier develops software or other services utilized by COMPANY NAME, the Supplier shall adhere to a robust security software development lifecycle and align with the ISO/IEC 27001 regarding correct processing in application to prevent errors, loss, unauthorized modification or misuse of information in application. Software shall be tested for security vulnerabilities on a regular basis. Such tests shall be performed at least once every year for systems not exposed to internet, and at least once every quarter for systems exposed to internet. Vulnerability findings shall be resolved within sixty (60) days.
0
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Loading more