Terms & Conditions
1.1 In these terms and conditions (the “Terms”) references to “MD5” are to MD5 Ltd. “Client” means any person, firm, company or any other party with whom MD5 enters into any contract whether directly or indirectly. “Contract” means any Contract for Services howsoever made between MD5 and the Client. “Client Goods” shall be taken to include but not be limited to any computer hardware or software supplied by the Client to MD5 so that MD5 may undertake data recovery, data conversion, data analysis, data duplication, and/or forensic services. “Services” refers to any work that MD5 undertakes on behalf of the Client to include data recovery, data conversion, data analysis, data duplication, and/or forensic services.
1.2 Each Contract with MD5 shall be subject to these Terms and Conditions and any terms specified or referred to in writing. These Terms shall prevail over any other inconsistent terms, communications or form of contract unless such terms are expressly agreed in writing signed by a Director of MD5.
1.3 If the Client submits any instruction containing terms inconsistent with or purporting to override these Terms, MD5’s acknowledgement or acceptance of such instruction shall constitute a counter offer to these Terms.
1.4 No waiver by either party of any breach of these Terms, shall be effective unless in writing, or prejudice that party’s rights in respect of any subsequent breach.
1.5 MD5 will use reasonable endeavours to meet relevant response times. However, failure to meet response times is not of the essence of any contractual obligation unless otherwise stated in writing.
1.6 Where on-site work is required, circumstances may arise where additional staff and equipment are required to deal with site specific conditions. Additional staff and equipment are outside the scope of the quote and may incur additional time and costs. In such circumstances the Client will be informed immediately before such extra costs is incurred.
2. ESTIMATE AND FORMATION OF CONTRACT
2.1 Acceptance of any quote by the Client must be in writing signed by an authorised signatory of the Client and such acceptance shall with the quote form the Contract. MD5 reserves the right to commence work or accept any appointment until MD5 has received the said acceptance.
2.2 MD5 reserves the right to cancel the Contract without liability to the Client at any time before the Services are performed if MD5 becomes aware that the work infringes any applicable laws or regulations, industry standards or any third-party rights or involves (if not stated in the quote) obscene, libellous or defamatory material. The Client will indemnify MD5 for any loss, costs, damages, charges and expenses which MD5 incurs in respect thereof.
3. PERFORMANCE AND DELIVERY
3.1 Unless expressly agreed to the contrary in writing all times and dates for performance of Services are estimates only given in good faith.
3.2 The Client is responsible for ensuring that the work stipulated by it in the Contract is sufficient for its purpose. 3.3 All data conversion work will be carried out in accordance with the Client’s reasonable instructions.
3.4 All investigation and processing work is carried out on the understanding, that unless otherwise stated in the Contract, any or all of the Client’s Goods are in good working order. Prior to commencement of work no warranty is given in this respect. Where hardware or software faults are encountered in the Client’s Goods additional work maybe involved. This work is outside the scope of the Contract and may require the expenditure of additional time and cost. In such circumstances the Client will be informed immediately before such extra costs is incurred.
3.5 All work carried out by MD5 will be diligently executed in accordance with the Client’s reasonable instructions and in accordance with the Contract.
4. PRICE AND PAYMENT
4.1 All prices quoted in writing are valid for 30 days unless otherwise stated in the Contract.
4.2 Subject as is expressly agreed by MD5 or detailed in the Contract, MD5 may invoice the Client at such times as it shall in its discretion think fit and reserves the right to raise more than one invoice in respect of any Contract.
4.4 Invoices raised by MD5 to the Client shall be paid in full within 30 days of the invoice date.
4.5 MD5 may at its absolute discretion grant the Client an account allowing up to 30 days credit in respect of such amount as MD5 shall from time to time decide (“Credit Account”). MD5 reserves the right at any time without notice to the Client, with immediate effect and without assigning any reason thereof to refuse or limit the amount and/or period of credit which may be available to the Client.
4.6 If the Client exceeds the limit on any Credit Account any
further sums due from the Client must be paid immediately.
4.7 MD5 reserves the right to decline to start or continue any work if the Client does not pay MD5 in accordance with these Terms.
4.8 MD5 shall be entitled to charge interest on any overdue sums at the rate of 4% per annum above the current base rate of the HSBC from the due date up to and including the date of payment of cleared funds. Such interest shall be payable on demand.
4.10 The price and any additional charges payable under the Contract are exclusive of all sales taxes including Value Added Tax at the prevailing rate.
4.11 Time for payment is of the essence of the Contract.
5. RISK, PACKAGING AND CARRIAGE
5.1 Risk in the Client’s Goods shall only pass to MD5 upon receipt and shall pass back to the Client upon receipt of the returned Goods.
5.2 MD5 is not responsible for arranging and/or paying for packaging and carriage of the Client’s Goods to MD5 or to the Client unless specifically stated elsewhere in the Contract.
5.3 MD5 may arrange for dispatch to the Client of the recovered data and/or Client’s Goods by courier for which charges may be made.
6. TERMINATION AND CANCELLATION
6.1 The Client may not cancel any Contract which has been accepted by MD5 except with the written agreement of MD5 and on terms that the Client shall indemnify MD5 in full against all loss (including loss of profit), costs (including the costs of all labour and materials used), damages, charges and expenses incurred by MD5 as a result of cancellation.
6.2 Without prejudice to its rights, MD5 may terminate the Contract or suspend any future deliveries to the Client if;
6.2.1 Any distress execution or other legal process is levied upon any of the Client’s assets.
6.2.2 The Client ceases to trade or becomes unable to pay its debts as they fall due or a petition is presented or a meeting convened for the purpose of its winding up or the Client enters into liquidation, either compulsory or voluntary, or compounds with its creditors generally or has an administrator, received or administrative appointed over all or part of its assets or takes or suffers any similar action in consequence of debt.
6.2.3 The Client fails to pay by the due date for payment any monies due from it to MD5.
6.2.4 The Client commits any breach of these Terms and fails to remedy such breach (if capable of remedy) within a period of 30 days from receipt of notice in writing from MD5 requesting such remedy.
6.3 Termination will not affect the rights of either party accrued at the date of termination nor will it affect the obligations expressly or clearly intended to continue notwithstanding termination.
7.1 Should you have any concerns regarding our services or wish to start a dialogue on an issue which is of importance to you, please feel free to contact us via email email@example.com, via phone 01924 220999 or in writing to MD5 Ltd, PO Box 96, Normanton, WF6 1WY.
8.1 Due to the nature of data recovery work MD5 cannot warrant or give guarantees to be able to recover data in whole or in part or that any data so recovered will be complete.
8.2 Due to the nature of data recovery work MD5 cannot warrant or give guarantees that any goods received from the Client will not suffer damage or be further damaged as a result of the data recovery process.
8.3 With regard to work involving the investigation or forensic processing of data no guarantee is given or implied as to the existence of any evidentially significant material prior to the commencement of any investigation or forensic processing work. Irrespective of the result of investigation or forensic processing work and in all instances, the agreed fee is payable by the Client in accordance with these Terms,
8.4 Unless otherwise stipulated in writing in the Contract any hardware supplied by MD5 shall be covered by the applicable warranty provided by the manufacturer.
9.1 All warranties, conditions and other terms implied by statute or common law (save for the conditions implied by section 12 of the Sale of Goods Act 1979 and Chapter 2 Para. 17 of the Consumer Rights Act 2015) are, to the fullest extent permitted by law, excluded from the Contract.
9.2 MD5 shall not be liable for any loss of profits or business, anticipated earnings or goodwill.
9.3 The Client shall indemnify MD5 and keep MD5 fully and effectively indemnified against any loss of or damage to any property or injury to or death of any persons caused by any negligent act or omission or wilful misconduct of the Client, its employees, agents or sub-contractors or by any breach of its contractual obligations.
9.4 Nothing in these terms and conditions excludes or limits the liability of MD5 for death or personal injury caused by MD5’s negligence or fraudulent misrepresentation.
10. THIRD PARTY RIGHTS
10.1 No term of the Contract shall be enforceable under the Contracts (Rights of Third Parties) Act 1999 by a third party.
11. CONFIDENTIALITY INFORMATION
“Confidential Information” means any and all:
- information whether technical, operational commercial, financial or otherwise (including without limitation data, know-how, formulae, processes, designs, photographs, audio or videotape, CD ROMs, drawings, specifications, samples, finances, programmes, records, business plans, consumer research, analysis or experience) of whatever nature and whether disclosed orally, pictorially, in writing, by demonstration, by viewing, in machine readable form or other means (including on electromagnetic or CD media or via telephone lines or radio or microwave) and whether stored electronically or otherwise which relates to a person’s business, operations, products, developments, services, trade secrets, know-how, personnel, supplies, customers, victims, employees, police officers or the Services;
- notes, reports, analysis and reviews of, and any other information derived from, any information referred to in paragraph (a) above or which contains or is based in whole or in part upon such information;
- information designated as confidential, commercially sensitive or politically sensitive or which ought reasonably to be considered as such; and
- all materials belonging to another person in respect of which the Parties owe obligations of confidentiality.
11.1 Upon request at any time by the Client, MD5 Limited shall obtain signed confidentiality undertakings from any subcontractors in a form approved by the Client.
11.2 A Party is entitled to disclose the whole or any part of the other’s Confidential Information:
- To its directors, officers, employees, servants, subcontractors, agents’ professional advisers, or auditors (such as UKAS) to the extent necessary to enable the performance or enforcement of its rights or obligations under this Contract subject to any such persons signing confidentiality undertakings in a form approved by the Client if requested to do so;
- When (and to the extent) required to do so by Laws or pursuant to the rules or any order having the force of law of any court, association or agency of competent jurisdiction or any governmental agency;
- To the extent that the Confidential Information has, except as a result of breach of obligations of confidentiality, become publicly available or generally known to the public at the time of such disclosure (provided that no Confidential Information shall be deemed to be so publicly available or generally known only because such information is within or part of more general information, or (in the case of a complex body of such information) because one or more elements of it separately comprise publicly available information or information generally known to the public);
- In the case of disclosure by the Client:
- To the extent required for the purpose of the continued provision of the Services (or similar replacement services) in the event of suspension, expiry or termination of particular Services;
- In relation to the outcome of a procurement as may be required to be published in the Official Journal of the European Union or elsewhere;
- To any department, office or agency of the Government or other entity where required for its proper departmental, parliamentary, governmental, statutory or judicial purposes;
- to any consultant, contractor or other person engaged by the Client in connection with the provision of the Services or the performance of MD5 Limited’s obligations under this Contract, to the extent reasonably necessary to enable that consultant, contractor or other person to carry out their engagement with the Client;
- to the extent the Client (acting reasonably) deems disclosure necessary or appropriate in the course of carrying out its public functions in accordance with the law; and
11.3 Notwithstanding clause 11.1.2, MD5 Limited shall give the Client prompt advance notice of any disclosure of the Client’s Confidential Information and shall consult and give the Client reasonable opportunity to comment on the nature and extent of disclosure, and shall take account of any reasonable comment made by the Client. Notwithstanding the permitted disclosures under clause 11.1.2 the Client shall have the right to prohibit disclosure of the Client’s Confidential Information to any person and MD5 Limited shall not make such disclosure to any such person so prohibited by the Client unless subject to a court order or permitted under Freedom of Information legislation.
11.4 MD5 Limited shall:
- use Client’s and Chief Constable’s Confidential Information solely for this Contract;
- take all necessary precautions to ensure that all of the Client’s and the Chief Constable’s Confidential Information is held in confidence and treated as proprietary;
- comply with all instructions and/or guidelines produced by the Client from time to time for the handling and storage of its Confidential Information generally or for specific items;
- inform all staff and subcontractors and agents that breach of any of its confidentiality obligations shall result in contractual and/or disciplinary action (and MD5 Limited shall ensure that such contractual and/or disciplinary actions and proceedings are reported to the Client and instituted and enforced as required); and
- forthwith report to the Client all failures to comply with the obligations set out in this clause 11.3 of which MD5 Limited is or becomes aware.
11.5 Notwithstanding the generality of clause 11.1.2 Personal Data shall not be released from any of the confidentiality obligations of clause 10, except with the prior consent of the Client in accordance with the relevant laws.
11.6 Without prejudice to any other rights and remedies that the other Party would have, each Party agrees that damages would not be an adequate remedy for any breach of this clause 10 and that the other Party shall be entitled to the remedies of injunction, specific performance and/or other equitable relief for any threatened or actual breach of this clause 11.
11.7 The Client’s and MD5 Limited’s obligations under this Contract with respect to Confidential Information shall survive its expiry or termination and shall continue for as long as such information remains confidential.
11.8 Nothing in this clause 10 limits, diminishes, waives or releases either Party’s obligations and responsibilities under the Official Secrets Acts 1911 to 1989 or in regard to personal data in accordance with the Data Protection Legislation.
11.9 MD5 Limited shall at all times (including after termination or expiry of this Contract) comply with the obligations imposed by the Official Secrets Acts 1911 to 1989.
11.10 MD5 Limited shall:
- take all reasonable steps, by display of notices or by other appropriate means, to ensure that such persons have notice that the Official Secrets Acts 1911 to 1989 applies to them and shall continue so to apply; and
- where requested by the Client at any time, procure (within 10 Business Days of the request) the signature by all of the persons specified by the Client of an Official Secrets undertaking in a form specified by the Client.
11.11 MD5 Limited shall ensure that a similar obligation to this clause 22 is included in all contracts or agreements MD5 Limited entered into with a subcontractor or agent in connection with the provision of the Services.
11.12 The Client may terminate this Contract immediately in the event that MD5 Limited fails to comply with any requirement of this clause 10 including the failure to procure the signature of an Official Secrets undertaking for any person specified by the Client or any disclosure of the Client’s Confidential Information in breach of this clause 11.
11.13 MD5 will notify the Client and the Police if any evidence of indecent child images is observed on any equipment belonging to the Client.
12. FORCE MAJEURE
12.1 MD5 shall not be liable for any failure or delay in the performance of its obligations where the same is due to any circumstances outside its reasonable control, including (without limiting the foregoing) war, strikes, lock-outs, industrial action, shortage of supplies, breakdown, transport delays, accidents, government action, fire, terrorism or criminal acts.
13. INTELLECTUAL PROPERTY RIGHTS
13.1 The copyright, design right and all other intellectual property rights in the Services and all other works created or commissioned by MD5 shall remain exclusively the property of MD5. All attempts by the Client or any other person to use, copy, adapt, reproduce or transmit all or any part of such Services and other work created or commissioned by MD5 without MD5’s prior written consent are prohibited to the fullest extent permitted by law.
13.2 The Client warrants that so far as it is reasonably aware it either owns or has rights to use and provide to MD5 to use in the Contract any ideas, concepts, designs and materials or data which it may provide to MD5 in pursuance of the Contract.
14. ENTIRE AGREEMENT
14.1 These Terms supersede any previous agreement between the parties in relation to the matters with which they deal and represents the entire understanding between the parties in relation to those matters, save for the Non-Disclosure agreement signed by the parties.
15.1 Notices given by MD5 or the Client must be in writing and sent to the address of the recipient set out in the Contract or the recipients registered office.
15.2 Any such notice may be delivered personally or by first class prepaid letter or facsimile transmission and shall be deemed to have been served if by hand when delivered, if by first class post 48 hours after posting and if by facsimile transmission when despatched.
15.3 Any notice concerning the validity or existence of the Agreement must be delivered personally or sent Special Delivery first class letter post.
16.1 If at any time all or any part of one or more of the provisions of these Terms is held by any competent authority to be invalid, illegal or unenforceable in any respect under any law, the validity and enforceability of the remaining provisions hereof shall not in any way be affected or impaired thereby.
17. LAW AND JURISDICTION
17.1 These Terms and all Contracts made between MD5 and the Client shall be governed in accordance with the laws of England and Wales and the Client submits to the sole jurisdiction of the English Courts.
‘This Appendix applies where MD5 are the Data Processor and where no alternative Data Processor Agreement is in place.’
DATA PROTECTION TERMS
1. DEFINITIONS AND INTERPRETATION
1.1 For the purpose of this Appendix 1, the following terms have the meanings ascribed to them (and are in addition to the definitions at condition 1.1):
“Data Controller”, “Data Processor”, “Data Subject”, “Personal Data” and “Processing” shall have the same meanings as are assigned to those terms in the Data Protection Act 2018 (the “Act”);
“Data Processing Terms” means the terms in this Appendix;
“Personal Data” shall have the meaning ascribed to it in the Act, and includes Special Categories of Personal Data as defined therein;
“Regulations” means the General Data Protection Regulations (EU) 2016/679 and the Privacy and Electronic Communications (EC Directive) Regulations 2003;
“Staff” means any employee, worker or other individual or body corporate as the case may be which MD5 uses or engages to supply, or in relation to, the Services.
2. PARTIES’ ROLES UNDER THE ACT AND APPLICATION OF THESE CONDITIONS
2.1 The parties agree that, in respect of Personal Data which are provided to MD5 by the Client pursuant to the Contract, then, for the purposes of the Data Processing Terms, the Client is deemed to be the Data Controller and MD5 is deemed to be the Data Processor. The Personal Data processed and categories of Data Subject to whom it relates shall be as contained in the documents searched pursuant to the Quotation. The duration of the processing shall be for the duration of the Contract.”
2.2 These Data Processing Terms shall apply to all Personal Data provided by the Client to MD5 under the Contract.
2.3 MD5 shall comply with the Act and Regulations to the extent that they are applicable to the Services provided by MD5.
3. OBLIGATIONS OF THE DATA PROCESSOR
3.1 MD5 shall, in relation to any Personal Data processed in connection with the performance by MD5 of its obligations under the Contract:
3.1.1 process that Personal Data only on the written instructions of the Client unless MD5 is required by the laws of any member of the European Union or by the laws of the European Union applicable to MD5 to process the Personal Data (Applicable Data Processing Laws). Where MD5 is relying on Applicable Data Processing Laws, MD5 shall promptly notify the Client of this before performing the processing required by the Applicable Data Processing Laws unless those Applicable Data Processing Laws prohibit MD5 from so notifying the Client;
3.1.2 ensure that it has in place appropriate technical and organizational measures to protect against unauthorized or unlawful processing of the Personal Data and against accidental loss or destruction of, or damage to, the Personal Data, appropriate to the harm that might result from the unauthorized or unlawful processing or accidental loss, destruction or damage and the nature of the Personal Data, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting the Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to the Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organizational measures adopted by it);
3.1.3 ensure that all personnel who have access to and/or process the Personal Data are obliged to keep the Personal Data confidential; and
3.1.4 only transfer Personal Data outside of the European Economic Area (EEA) where the following conditions are fulfilled:
220.127.116.11 the Client or MD5 has provided appropriate safeguards in relation to the transfer;
18.104.22.168 the Data Subject (as defined in the Data Protection Legislation) has enforceable rights and effective legal remedies;
22.214.171.124 MD5 complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any of the Personal Data that is transferred; and
126.96.36.199 MD5 complies with reasonable instructions notified to it in advance by the Client with respect to the processing of the Personal Data;
3.1.5 ensure that all its computers and portable electronic devices (including laptops, tablets, smart phones and USB sticks) that will be used for storing, sending and receiving the Personal Data are appropriately protected against unauthorised use by encryption/passwords and appropriate firewalls/anti-virus packages (with regular and frequent updates being applied) and are physically stored securely when not in use;
3.1.6 ensure that Personal Data transported by portable storage media or by telecommunications network shall be fully encrypted or password protected or sent by a secure virtual private network (“VPN”) as appropriate and all such data must be wiped from the storage media used for transporting the data or destroyed such that it cannot be recovered once the data has been transferred to the target system;
3.1.7 ensure that the data centre premises on which Personal Data are stored are ISO27001 compliant and compliant with other appropriate security and audit standards throughout the term of the Contract;
3.1.8 inform the Client immediately upon becoming aware that Personal Data has been used or Processed in a manner which is not expressly permitted by these Data Processing Terms;
3.1.9 inform the Client immediately upon becoming aware of any actual or suspected, threatened or ‘near-miss’ incident of accidental or unlawful destruction or accidental loss, alteration, unauthorised or accidental disclosure of or access to the Personal Data or other data security breach in relation to the Personal Data, or if the Personal Data is lost (temporarily or permanently) or has the potential to be misused in any way.
3.2 Notwithstanding paragraph 3.1 of this Appendix 1, MD5 shall:
3.2.1 inform the Client and their Client within 2 (two) Working Days in the event that MD5 receives a request from a Data Subject seeking to exercise their rights under the Act in relation to the Personal Data and not to respond to the Data Subject other than to acknowledge receipt of the request;
3.2.2 assist the Client and their Client, at the Clients cost, with all Data Subject information requests which may be received from any Data Subject in relation to any Personal Data; or in complying with any obligations relating to security, data protection impact assessments and consulting with supervisory bodies, providing reasonable prior written notice has been given.
3.2.3 allow its data processing facilities, procedures and documentation to be submitted for scrutiny, inspection or audit by the Client and/or their Client in order to ascertain compliance with the terms of these Data Processing Terms within twenty (20) Working Days of such a request from the Client and/or their Client and to provide reasonable information assistance and co-operation to the Client and/or their Client if this right is exercised. In the event that the Client and/or the Client has to come onto premises where the Personal Data is being processed in order to carry out any scrutiny, inspection or audit, the Client and/or their Client shall reimburse any reasonable costs directly incurred by MD5 in permitting the Client and/or their Client to exercise their rights under this paragraph. No Client penetration testing or vulnerability scanning is allowed during any Client or Customer audits as such actions could impact Supplier’s ability to service other clients;
3.2.4 ensure that non-authorised persons are prevented from entering areas of its premises where Personal Data is stored and used. Where this is not possible, all visitors must be escorted at all times.
4. OBLIGATIONS OF THE DATA CONTROLLER
4.1 The Client will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to MD5 and its duly authorised sub- contractors (which the Client hereby acknowledges may be located outside of the EEA) for the duration and purposes of the Contract.
4.2 The Client will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to MD5 and its duly authorised sub- contractors (which the Client hereby acknowledges may be located outside of the EEA) for the duration and purposes of the Contract
4.3 The Client acknowledges and agrees that details of the Client’s name, address and payment record may be submitted to a credit reference agency for the purpose of MD5 establishing the Client’s commercial credibility and to protect MD5’s business interests. Such credit search results may be retained by MD5 for the duration of the provision of the Services
4.4 The Client consents to MD5 using third-party couriers, postal services, document processing and other subcontractors as third-party processors of the Personal Data under the Contract. MD5 confirms that it has entered or (as the case may be) will enter with the third-party processor a written agreement incorporating terms which are substantially similar to those set out in this condition. As between the Client and MD5, MD5 shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this condition.
4.5 The Client shall indemnify MD5 against all liabilities, costs, expenses, damages and losses (including but not limited to any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and all other professional costs and expenses) suffered or incurred by the Supplier arising out of or in connection with the breach of this condition by the Clients, its employees or agents and/or the Data Protection Legislation by the Client, its employees or agents.
5. DATA RETENTION POLICY
5.1. MD5 shall not retain data for longer than is absolutely necessary for the effective and professional execution of its duties and this period of time shall not exceed 20 years. Data retention shall be proportionate and in accordance with agreed retention schedules and EU/UK law.
5.2. MD5 may be required to comply with any reasonable data retention guidelines as issued by the Client and/or the Client and as amended from time to time (additional costs may flow to the Client for non-standard retention, such costs to be agreed in writing by the parties). This may require certain data to be identified for retention and made available to the Client in electronic form by MD5 and MD5 shall comply with the same.
5.3 MD5 shall delete or return (at Client’s option) all Personal Data at the end of the provision of Services unless it is required under Union or Member State law to store the Personal Data in which case it shall notify Client of this requirement
APPENDIX 2 INFORMATION SECURITY TERMS
1 On or before the date on which MD5 commences providing the Services, provide a copy of MD5’s information security policy (and such policy shall include as a minimum an information security breach procedure, details of encryption used and security access controls with regards to user credentials used by its staff) to the Client and shall update and maintain and abide by the such policy throughout the term of the Contract and shall provide to the Client updated versions as and when the same are created;
2 Remain throughout the term of the Contract ISO 27001 compliant and shall provide the Services in accordance with such standard at all times;
3 Ensure that all subcontractors involved in the provision of the Services adhere to the terms of these Conditions in respect of the obligations to be performed by them as if they were signatories hereto;
4 Conduct security testing of its information technology systems used to provide the Services (including but not limited to penetration testing and vulnerability scans) at least once each quarter during the term of the Contract and shall provide a copy of the results of such testing promptly upon completion;
5 As at the date on which MD5 commences providing the Services, be registered with the Information Commissioner’s Office as a Data Controller (as defined in Appendix 1) and shall update and maintain such registration throughout the term of the Contract;
6 Ensure that all hardware assets used in or to support the provision of the Services which are in any way connected to the Client’s or the Client’s information technology hardware or network are:
- Listed in an asset register (to be maintained and updated throughout the term of the Contract such updates to occur as a minimum every six months); and
- Virus and malware protected in accordance with good industry practice (to be maintained and updated throughout the term of the Contract, such updates to occur as a minimum quarterly).
MD5-09-DDC.T&C.POL v3.2 21/04/2022