Basic Contractor Confidentiality Agreement - Free Download | Page 5
4.5, 3255 votes
Please vote for this template if it helps you.
Supplier Code of Practice
1 The following Code of Practice applies where access is obtained to
Cumbria County Council’s personal data/information, as defined within
the Data Protection Act 1998, for the purpose of preventative maintenance,
fault diagnosis, hardware or software testing, repair, upgrade, replacement
or any other related activity.
2 The access referred to in paragraph 1 above may include:-
a. Access to data/information on Cumbria County Council’s premises
b. Access to data/information from a remote site
c. Examination, testing and repair of media (e.g. fixed disc assemblies)
d. Examination of software dumps
e. Processing using Cumbria County Council’s data/information
f. Providing a hosted solution for Cumbria County Council
3 The Supplier must certify that their organisation is registered appropriately
under the Data Protection Act 1998 and legally entitled to undertake the
4 The Supplier must undertake not to transfer or store the personal
data/information out of the UK.
5 The work shall be done only by authorised employees, servants, or agents
of the contractor (except as provided in paragraph 12 below) who are
aware of the requirements of the Data Protection Act 1998 of their
personal responsibilities under the Act to maintain the security of Cumbria
County Council’s personal data/information.
6 While the data/information is in the custody of the contractor it shall be
kept in appropriately secure means.
7 Any data/information sent from one place to another by or for the
contractor shall be carried out be secure means. These places should be
within the suppliers own organisation or an approved sub-contractor.
8 Data/Information which can identify any service user/employee of
Cumbria County Council must only be transferred electronically if
previously agreed by Cumbria County Council. This is essential to ensure
compliance with strict council controls surrounding the electronic transfer
of identifiable personal data/information and hence compliance with the
Data Protection Act 1998 and ISO/EEX 27001. This will also apply to any
direct-dial access to a computer held database by the supplier or their
9 The data/information must not be copied for any other purpose than that
agreed by the supplier and Cumbria County Council.