Access Control to Use Specific Areas of Data Processing Systems. Data Importer implements suitable measures within the applications so that the persons entitled to use the data processing system are only able to access the data within the scope and to the extent covered by its access permission (authorization) and that personal data cannot be read, copied or modified or removed without proper authorization, in particular: o For Data Importer personnel policies are in place and trained related to the access to personal data.
Access Control to Use Specific Areas of Data Processing Systems. Data processor commits that the persons entitled to use its data processing system are only able to access the data within the scope and to the extent covered by its access permission (authorization) and that personal data cannot be read, copied or modified or removed without authorization. This shall be accomplished by: ● staff policies in respect of access rights to the personal data; ● allocation of individual terminals and/or terminal user; ● as far as possible, monitoring capability in respect of individuals who delete, add or modify the personal data and regular update of authorization profiles; ● release of data to only authorized persons; ● policies controlling the retention of backup copies; and ● as far as possible, use of state of the art encryption technologies. Transmission Control Data processor implements suitable measures to prevent the personal data from being read, copied, altered or deleted by unauthorized parties during the transmission thereof or during the transport of the data media. This is accomplished by: ● use of state-of-the-art firewall and encryption technologies to protect the gateways and pipelines through which the data travels; ● as far as possible, all data transmissions are logged, monitored and tracked. Input Control Data processor implements suitable measures to ensure that it is possible to check and establish whether and by whom personal data have been input into data processing systems or removed. This is accomplished by: ● authentication of the authorized personnel; individual authentication credentials such as user IDs that, once assigned, cannot be re-assigned to another person (including subsequently) ● utilization of user codes (passwords) of at least eight characters or the system maximum permitted number and modification at first use; ● following a policy according to which all staff of Data processor who have access to personal data processed for Customers shall reset their AD passwords at a minimum once per year; ● providing that entries to data processing facilities (the rooms housing the computer hardware and related equipment) are capable of being locked; ● automatic log-off of user ID's (requirement to re-enter password to use the relevant work station) that have not been used for a substantial period of time; and ● electronic recording of entries. Job Control Data processor ensures that personal data may only be processed in accordance with written instructions issued by exporter. This is accomplished ...
Access Control to Use Specific Areas of Data Processing Systems. Measures to ensure that persons entitled to use Humanity data processing systems are only able to access the data within the scope and to the extent covered by their respective access permission (authorization) and that Customer Data cannot be read, copied or modified or removed without authorization, to include by:
Access Control to Use Specific Areas of Data Processing Systems. Bugcrowd commits that the persons entitled to use its data processing system are only able to access the data within the scope and to the extent covered by its access permission (authorization) and that personal data cannot be read, copied or modified or removed without authorization. This shall be accomplished by: • staff policies in respect of each staff member's access rights to the personal data; • allocation of individual terminals and/or terminal user, and identification characteristics exclusive to specific functions; • monitoring capability in respect of individuals who delete, add or modify the personal data and at least yearly monitoring and update of authorization profiles; • release of data to only authorized persons; • policies controlling the retention of backup copies; and • use of state of the art encryption technologies.
Access Control to Use Specific Areas of Data Processing Systems. Service Provider implements suitable measures within the applications so that the persons entitled to use the data processing system are only able to access the data within the scope and to the extent covered by its access permission (authorization) and that personal data cannot be read, copied or modified or removed without proper authorization, in particular: o For Service Provider personnel policies are in place and trained related to the access to personal data.
Access Control to Use Specific Areas of Data Processing Systems. Subcontractor commits that the persons entitled to use its data processing system are only able to access the data within the scope and to the extent covered by its access permission (authorization) and that personal data cannot be read, copied or modified or removed without authorization. This shall be accomplished by:
Access Control to Use Specific Areas of Data Processing Systems. TestMonitor will ensure that the persons entitled to use the TestMonitor data processing systems are only able to access the data within the scope and to the extent covered by their respective access permission (authorization). TestMonitor will ensure that Personal Data cannot be read, copied or modified, or removed without authorization. This will be accomplished by: • ISO27001 certification and training • employee policies and training in respect of each employee’s access rights to the personal data. • effective and measured disciplinary action against individuals who access personal data without authorization. • release of data to only authorized persons. • control of files, controlled and documented destruction of data; and • policies controlling the retention of back-up copies.
Access Control to Use Specific Areas of Data Processing Systems. Commit that the persons entitled to use the data processing system are only able to access the data within the scope and to the extent covered by its access permission (authorization) and that personal data cannot be read, copied, modified or removed without authorization. This shall be accomplished by: - Appropriate access control is maintained to the systems and personal data is highly protected in line with industry standard data classification and treatment policies. Employees who have elevated level of access are required to undertake mandatory information security awareness training. - All users are required to use named accounts and access to systems and data is logged. Transmission Control - Implement suitable measures to prevent the personal data from being read, copied, altered or deleted by unauthorized parties during the transmission thereof or during the transport of the data media. This is accomplished by: - Personal Data is encrypted during transmission using up to date versions of TLS or other security protocols using strong encryption algorithms and keys or is transferred over private network connectivity. Input Control - Implement suitable measures to ensure that it is possible to check and establish whether and by whom personal data have been input into data processing systems or removed. This is accomplished by: - Utilization of user identification credentials, authentication of the authorized personnel, session time outs etc. Job Control - Ensure that personal data may only be processed lawfully. This is accomplished by: - Adherence to the instructions provided for processing, training of staff to maintain awareness of security and privacy requirements, maintenance of logs and auditing activity.
Access Control to Use Specific Areas of Data Processing Systems. Processor commits that the persons entitled to use its data processing system are only able to access the data within the scope and to the extent covered by its access permission (authorization) and that Personal Data cannot be read, copied or modified or removed without authorization. This shall be accomplished by: ● staff policies and training in respect of each staff member’s access rights to the Personal Data; ● allocation of individual user accounts; ● utilisation of audit trail; ● release of data to only authorized persons; and ● control of files, controlled and documented destruction of data Horn & Co. Final, May 3, 2018 Availability Control Processor implements suitable measures to ensure that Personal Data are protected from accidental destruction or loss. This is accomplished by; ● infrastructure redundancy; and ● data redundancy via data backup; Transmission Control Processor implements suitable measures to prevent the Personal Data from being read, copied, altered or deleted by unauthorized parties during the transmission thereof or during the transport of the data media. This is accomplished by: ● use of appropriate firewall and encryption technologies; and ● as far as possible, all data transmissions are logged and monitored Input Control Processor implements suitable measures to ensure that it is possible to check and establish whether and by whom Personal Data have been input into data processing systems or removed. This is accomplished by: ● an authorization policy for the input of data, as well as for the reading, alteration and deletion of stored data (role based access management rules); ● authentication of the authorized personnel; ● utilization of user codes (passwords); ● all users who have access to Personal Data shall reset their passwords as specified in the relevant password policy; and ● areas housing the computer hardware and related equipment are capable of being locked.
Access Control to Use Specific Areas of Data Processing Systems. Crowdin will ensure that the persons entitled to use the Crowdin data processing systems are only able to access the data within the scope and to the extent covered by their respective access permission (authorization). Crowdin will ensure that Personal Data cannot be read, copied or modified or removed without authorization. This will be accomplished by: ● employee policies and training in respect of each employee's access rights to the personal data; ● effective and measured disciplinary action against individuals who access personal data without authorization; ● release of data to only authorized persons; ● control of files, controlled and documented destruction of data; and ● policies controlling the retention of back-up copies.
