1.1.The Supplier shall ensure that COMPANY NAME proprietary information and operational system state can be recovered following a Disaster or media failure.
1.2.Backup copies shall be saved by the Supplier for a minimum period of one (1) year, or for such other period of time as agreed with COMPANY NAME in writing.
1.3.The Supplier shall have documented routines and processes in place to meet its obligations
1.4.regarding availability and security of Confidential Information and COMPANY NAME Data.
1.5.If physical media containing Confidential Information and/or COMPANY NAME Data is to be decommissioned, Supplier shall treat such Confidential Information and COMPANY NAME Data in accordance with the Confidentiality clause of the Supplier Contract. Any return to COMPANY NAME of Confidential Information or COMPANY NAME Data shall be made in a secure manner and any destruction shall be made in a way so that the information cannot be recreated or accessed.
1.6.The Supplier shall have documented routines in place regarding destruction of physical media and shall be able to show proof of such destruction upon request. Access to backup copies shall be controlled, logged, and handled according to stated routines in accordance with ISO/IEC 27001.