5.1  Introduction

(a)  The Service Provider shall provide and document in the Operating Procedures, security controls such that the Authority environment is managed and controlled in accordance with the Authority's Information Security Policy.  

(b)  The Service Provider shall provide Services to the Authority that meet or exceed the requirements of [BS7799 / ISO1779922]

__________________________________________________________________________________
22  Check whether these security standards are appropriate to the services being provided and also whether any additional/alterative standards should be mandated. Consider the cost implications re. security requirements.