• Build a contract
    • Overview of contract builders
    • Subscriber access
      • Master Services Agreement builder
      • Government Model Contract for Services or Goods and Services builder
        • GMC for Services or Goods and Services builder (Crown)
        • GMC for Services or Goods and Services builder (non-Crown)
      • Mutual Confidentiality Agreement builder
      • Inter-agency MOU builder
      • Information Sharing MOU builder
      • Data Sharing MOU builder
      • Letter of variation builder
      • Website terms of use builder
      • Privacy statement builder
      • Privacy clause builder
    • Pay-per-build
      • Master Services Agreement builder (one-time build)
      • Government Model Contract for Services or Goods and Services builder (one-time build)
        • Government Model Contract for Services or Goods and Services builder (Crown) (one-time build)
        • Government Model Contract for Services or Goods and Services builder (non-Crown) (one-time build)
      • Mutual Confidentiality Agreement builder (one-time build)
      • Inter-agency MOU builder (one-time build)
      • Information Sharing MOU builder (one-time build)
      • Data Sharing MOU builder (one-time build)
      • Letter of variation (to vary an agreement) (one-time build)
      • Website terms of use builder (one-time build)
      • Privacy statement builder (one-time build)
  • Find a clause
    • Clause library
      • Browse entire library
      • Browse by clause category
        • Change and variation
        • Collaborative contracting
        • Contract governance and continuity
        • Definitions and interpretation
        • Documentation
        • Equipment
        • Financial terms
        • General terms
        • GMC changes
        • Goods and their delivery
        • Health and safety
        • Information and security
        • Insurance
        • Intellectual property
        • Liability and indemnities
        • Inter-agency MOUs and agreements
        • MSAs and SOWs
        • Panel contracts
        • Performance failure and disputes
        • Personnel
        • Privacy
        • Responsibilities
        • Services and their performance
        • Software and cloud services
        • Subcontracting
        • Term and other preliminaries
        • Termination rights and consequences
        • Transition and disengagement
        • Warranties
    • Add clause
  • Ask a question
    • Q+A knowledge base
    • Ask a question
  • Pricing
  • Get help
  • Blog
  • Log In
  • Sign up
  • Home
  • |
  • Category: Information and security

Assurance and audit

Assurance and audit Independent assurance You agree to undertake an annual independent assurance review of the design and operating effectiveness of your key internal controls for security, availability, processing integrity,

Assurance and audit

Buyer owns all Buyer Data (for GMC)

Buyer owns all Buyer Data Despite clause 12.1(c) of Schedule 2, the Buyer owns and will own all Buyer Data (including all Intellectual Property Rights in such data), whenever created

Buyer owns all Buyer Data (for GMC)

Code reviews and testing throughout the Term

Code reviews and testing throughout the Term If, at any time during the Term, you commission or undertake a code review or penetration, stress, vulnerability or other security testing of

Code reviews and testing throughout the Term

Confidentiality and security

Confidentiality and security Protection of confidential information: Except as expressly agreed otherwise in writing, each party will treat as confidential and not disclose to any third party or use for

Confidentiality and security

Creation and transfer of Agency Records

Creation and transfer of Agency Records In performing the Services, you will create and maintain on behalf of [Customer] the records described in the applicable SOW (Agency Records). You will

Creation and transfer of Agency Records

Disengagement

Disengagement Notice of Disengagement: [Customer] may, at any time prior to termination or expiry of [this MSA or a particular SOW], notify you in writing (Notice of Disengagement) that it

Disengagement

Government orders for disclosure of Confidential Information

Government orders for disclosure of Confidential Information If you are ordered by a government agency or regulatory body, in any jurisdiction, to disclose our Confidential Information, whether directly or through

Government orders for disclosure of Confidential Information

Ongoing security assurance

Ongoing security assurance You are responsible throughout the Term, both generally and when considering any change to any ICT System, for undertaking your own security assurance activities to ensure, at

Ongoing security assurance

Provider penetration testing

Provider penetration testing You must, at least once annually, either: conduct penetration tests of the [Services / name of specific Service], notify us in writing of the outcome of the

Provider penetration testing

Records

Records Record requirements: You will, at all times during the term of this [MSA/Agreement], maintain, store and archive, in electronic and accessible form, true, up to date, accurate and complete

Records

Retrieval of Agency Data

Retrieval of Agency Data We may, by written notice (a Data Retrieval Notice) to you, require you to provide a copy to us of all Agency Data stored at the

Retrieval of Agency Data

Security governance meetings

Security governance meetings You will attend security governance meetings with us as we may reasonably request and at the locations or by the means that we may reasonably request. If

Security governance meetings

Security reviews

Security reviews This clause [1] applies: if your Services include your utilisation of, or the provision of, information and communication technology systems that hold or process [Customer]’s Confidential Information (e.g.,

Security reviews

Technical Changes to Services

Technical Changes to Services Matters to be considered: If you are proposing to make any Technical Change (as defined in clause [1.4]) to a Service, you must consider: whether the

Technical Changes to Services

Technical risk register

Technical risk register If requested by [Customer] in a SOW, you will: maintain and keep current a technical risk register (the Risk Register) that identifies: risks to the security and

Technical risk register
About

We help public sector agencies get contracts in place quickly and without the usual pain and cost

QUICK LINKS
  • Home
  • Clause library
  • Knowledge base
  • Contract builders
Legal AND SECURITY
  • Terms of use
  • Privacy statement
  • Security
  • Refund policy
Contact
  • Contact form
  • 021 927 291
  • richard@richardbestlaw.com