Assurance and audit Independent assurance You agree to undertake an annual independent assurance review of the design and operating effectiveness of your key internal controls for security, availability, processing integrity,
Buyer owns all Buyer Data Despite clause 12.1(c) of Schedule 2, the Buyer owns and will own all Buyer Data (including all Intellectual Property Rights in such data), whenever created
Code reviews and testing throughout the Term If, at any time during the Term, you commission or undertake a code review or penetration, stress, vulnerability or other security testing of
Confidentiality and security Protection of confidential information: Except as expressly agreed otherwise in writing, each party will treat as confidential and not disclose to any third party or use for
Creation and transfer of Agency Records In performing the Services, you will create and maintain on behalf of [Customer] the records described in the applicable SOW (Agency Records). You will
Disengagement Notice of Disengagement: [Customer] may, at any time prior to termination or expiry of [this MSA or a particular SOW], notify you in writing (Notice of Disengagement) that it
Government orders for disclosure of Confidential Information If you are ordered by a government agency or regulatory body, in any jurisdiction, to disclose our Confidential Information, whether directly or through
Ongoing security assurance You are responsible throughout the Term, both generally and when considering any change to any ICT System, for undertaking your own security assurance activities to ensure, at
Provider penetration testing You must, at least once annually, either: conduct penetration tests of the [Services / name of specific Service], notify us in writing of the outcome of the
Records Record requirements: You will, at all times during the term of this [MSA/Agreement], maintain, store and archive, in electronic and accessible form, true, up to date, accurate and complete
Retrieval of Agency Data We may, by written notice (a Data Retrieval Notice) to you, require you to provide a copy to us of all Agency Data stored at the
Security governance meetings You will attend security governance meetings with us as we may reasonably request and at the locations or by the means that we may reasonably request. If
Security reviews This clause [1] applies: if your Services include your utilisation of, or the provision of, information and communication technology systems that hold or process [Customer]’s Confidential Information (e.g.,
Technical Changes to Services Matters to be considered: If you are proposing to make any Technical Change (as defined in clause [1.4]) to a Service, you must consider: whether the
Technical risk register If requested by [Customer] in a SOW, you will: maintain and keep current a technical risk register (the Risk Register) that identifies: risks to the security and