Mandatory standards

Mandatory standards are usually those voluntary standards that have been tied into a contract to make them a term or warranty of the contract.

Typically today, one sees clauses in contracts such as:

4. CERTIFICATION TO ISO 27001

4.1 The Service Provider will provide the Services in accordance with the standard required by ISO 27001 and will use all reasonable endeavours to obtain certification of the Security Architecture to ISO 27001 as soon as reasonably practicable and will maintain such certification for the duration of the Agreement. Subject to paragraph 4.2, if the Service Provider fails to provide the Services as required by this paragraph, the Corporation may treat such failure as a Severity 1 Issue.

4.2 If certain parts of the Security Architecture do not conform to Good Industry Practice as defined in ISO 27001 and, as a result, the Service Provider reasonably believes that its certification to ISO 27001 would fail in regard to these parts, the Corporation in its absolute discretion may waive the requirement for certification in respect of the relevant parts. Where the Corporation exercises such discretion, the Corporation may treat the Service Provider's failure to obtain certification of all parts of the Security Architecture as a Severity 2 Issue. Accordingly the Corporation may grant the Authority to Operate for the Pre Go-Live Services Milestone and require the Service Provider to produce a Work-off Plan to remedy the certification failure in accordance with Schedule 3, and the rights and remedies of the Corporation contained in Schedule 3 will apply.

The contact is now making the obtaining of ISO 27001 certification a contractual requirement.

This is often used for standards such as ISO 9000, ISO 14001 and ISO 27001.

There are a number of cases where the certification to these standards is a pre-requisite for bidding on the contract.

An Introduction To Corporate Regulation and Standardization
Mandatory standards Mandatory standards are usually those voluntary standards that have been tied into a contract to make them a term or warranty of the contract. Typically today, one sees clauses in contracts such as: 4. CERTIFICATION TO ISO 27001 4.1 The Service Provider will provide the Services in accordance with the standard required by ISO 27001 and will use all reasonable endeavours to obtain certification of the Security Architecture to ISO 27001 as soon as reasonably practicable and will maintain such certification for the duration of the Agreement. Subject to paragraph 4.2, if the Service Provider fails to provide the Services as required by this paragraph, the Corporation may treat such failure as a Severity 1 Issue. 4.2 If certain parts of the Security Architecture do not conform to Good Industry Practice as defined in ISO 27001 and, as a result, the Service Provider reasonably believes that its certification to ISO 27001 would fail in regard to these parts, the Corporation in its absolute discretion may waive the requirement for certification in respect of the relevant parts. Where the Corporation exercises such discretion, the Corporation may treat the Service Provider's failure to obtain certification of all parts of the Security Architecture as a Severity 2 Issue. Accordingly the Corporation may grant the Authority to Operate for the Pre Go-Live Services Milestone and require the Service Provider to produce a Work-off Plan to remedy the certification failure in accordance with Schedule 3, and the rights and remedies of the Corporation contained in Schedule 3 will apply. The contact is now making the obtaining of ISO 27001 certification a contractual requirement. This is often used for standards such as ISO 9000, ISO 14001 and ISO 27001. There are a number of cases where the certification to these standards is a pre-requisite for bidding on the contract.	Practitioner.Com: An Introduction to Corporate Regulation and Standardization
Return To An Introduction to Corporate Regulation and Standardization