Has the meaning given to that expression in Section G8.22 (User Security Assessments: General Procedure).
Following the completion of a User Security Assessment, the User Independent Security Assurance
Service Provider shall, in discussion with the User to which the assessment relates, produce a written
report (a “User Security Assessment Report”) which shall:
(a) set out the findings of the User Independent Security Assurance Service Provider on all the matters
within the scope of the User Security Assessment;
(b) in the case of a Full User Security Assessment:
(i) specify any instances of actual or potential non-compliance of the User with its obligations
under Sections G3 to G6 which have been identified by the User Independent Security
Assurance Service Provider; and
(ii) set out the evidence which, in the opinion of the User Independent Security Assurance Service
Provider, establishes each of the instances of actual or potential non-compliance which it has
identified; and
(c) in the case of a Verification User Security Assessment:
(i) specify any material increase in the security risk relating to that User which the User
Independent Security Assurance Service Provider has identified since the last occasion on
which a Full User Security Assessment was carried out in respect of that User; and
(ii) set out the evidence which, in the opinion of the User Independent Security Assurance Service
Provider, establishes the increase in security risk which it has identified.