Access Control to Data Processing Systems. Data Importer implements suitable measures to prevent the data processing systems used for the processing of Personal Data from being used or logically accessed by unauthorized persons, in particular: o User identification and user authentication methods are in place to grant controlled access to the processing system. o Access control and authorizations are defined according to a ‘need to have’ principle. o Data Importer’s internal endpoints used to support the software service are protected to prevent unwanted access to the systems and to avoid infiltration of malicious software. This covers technologies as firewalls, antivirus detection, malware detection, intrusion detection and prevention and others. These technologies will be adjusted to new levels based on the overall development in these areas.
Access Control to Data Processing Systems. Processes to prevent Humanity data processing systems from being used by unauthorized persons, to include:
Access Control to Data Processing Systems. Bugcrowd implements suitable measures to prevent its data processing systems from being used by unauthorized persons. This is accomplished by: • identification of the terminal and/or the terminal user to the Bugcrowd systems; • automatic time-out of user terminal if left idle, identification and password required to reopen; • automatic turn-off of the user ID when several erroneous passwords are entered, log file of events (monitoring of break-in- attempts); • issuing and safeguarding of identification codes; • dedication of individual terminals and/or terminal users, identification characteristics exclusive to specific functions; • staff policies in respect of each staff access rights to personal data (if any), informing staff about their obligations and the consequences of any violations of such obligations, to ensure that staff will only access personal data and resources required to perform their job duties and training of staff on applicable privacy duties and liabilities; • all access to data content is logged, monitored, and tracked; and • use of state of the art encryption technologies.
Access Control to Data Processing Systems. Service Provider agrees that only those persons that are or will be entitled to and/or are authorized to access and/or use Service Provider’s data processing system or the data processing system owned by the third party authorized by ALU on which the Alcatel-Lucent Personal Data may reside from time to time or be processed and/or transferred will only be able to Process the Alcatel-Lucent Personal Data within the scope of this Schedule and the MSA and only to the extent covered by their respective access permission (authorization). Service Provider will use commercially reasonable efforts to implement commercially reasonable and industry acceptable measures to prevent the unauthorized access, reading, alteration or deletion of any stored Alcatel-Lucent - CONFIDENTIAL Use Pursuant to Alcatel-Lucent Instructions THE COMPANY HAS REQUESTED AN ORDER FROM THE SECURITIES AND EXCHANGE COMMISSION (THE “COMMISSION”) PURSUANT TO RULE 406 OF THE SECURITIES ACT OF 1933, AS AMENDED, GRANTING CONFIDENTIAL TREATMENT TO SELECTED PORTIONS. ACCORDINGLY, THE CONFIDENTIAL PORTIONS HAVE BEEN OMITTED FROM THIS EXHIBIT, AND HAVE BEEN FILED SEPARATELY WITH THE COMMISSION. OMITTED PORTIONS ARE INDICATED IN THIS EXHIBIT WITH “*****”. MASTER SERVICES AGREEMENT SCHEDULE M – NSA COMPLIANCE REQUIREMENTS Alcatel-Lucent Personal Data including, but not limited to, encryption, where applicable and commercially reasonable, industry standard and password protection media. Service Provider shall provide to ALU a current and updated list(s) of the groups of Service Provider’s or its authorized Third Party Vendor’s and Subcontractors’ personnel having access permission to the Service Provider and/or such authorized third party’s systems and/or media on which the Alcatel-Lucent Personal Data resides as well as those having Processing authority to transfer and/or access the Alcatel-Lucent Personal Data.
Access Control to Data Processing Systems. Data importer/sub-processor implements suitable measures to prevent their data processing systems from being used by unauthorized persons, including: • use of adequate encryption technologies; • all access to data content is logged, monitored, and tracked • role-based access controls with 2 factor authentication, including:
Access Control to Data Processing Systems. To prevent data processing systems from being used without authorization (system access control), the following controls may be applied:
Access Control to Data Processing Systems. 1.3. Access Control to Use Specific Areas of Data Processing Systems
Access Control to Data Processing Systems. Subcontractor implements suitable measures to prevent its data processing systems from being used or logically accessed by unauthorized persons. This is accomplished by:
Access Control to Data Processing Systems. TestMonitor will implement suitable measures to prevent its data processing systems from being used by unauthorized persons. This will be accomplished by: • identification and password required; SSO; 2FA • identification of the terminal user to the data importers systems. • automatic time-out user ID when several erroneous passwords are entered.
Access Control to Data Processing Systems. Crowdin will implement suitable measures to prevent its data processing systems from being used by unauthorized persons. This will be accomplished by: ● identification of the terminal user to the data importers systems; ● automatic time-out of user terminal if left idle, identification and password required to reopen; ● automatic turn-off of the user ID when several erroneous passwords are entered, log file of events, (monitoring of break-in-attempts);
