ANNEX II TO THE STANDARD CONTRACTUAL CLAUSES. This Annex forms part of the Clauses and must be completed and signed by the parties and sets forth a description of the technical and organizational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. The data importer implements the following measures: • pseudonymization and encryption of personal data • ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services • ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident Processes for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures in order to ensure the security of the processing • user identification and authorization Measures for the protection of data during transmission • protection of data during storage Measures for ensuring physical security of locations at which personal data are processed Measures for ensuring events logging • ensuring system configuration, including default configuration • internal IT and IT security governance and management Measures for certification/assurance of processes and products • ensuring data minimization • ensuring data quality Measures for ensuring limited data retention • ensuring accountability • allowing data portability and ensuring erasure For transfers to (sub-) processors, also describe the specific technical and organizational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter The measures set forth above are required of sub-processors to the extent, and based upon, the nature of the processing carried out by the particular sub-processor.
ANNEX II TO THE STANDARD CONTRACTUAL CLAUSES. This Annex forms part of the Clauses and has been agreed by the parties by virtue of their signing the DPA. Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached): Reliability of Personnel: To the extent permitted by law, Entrust conducts background checks on all employees before employment, and employees and contractors receive information security training during onboarding as well as on an annual basis. All employees are required to read and sign Entrust’s information security policies. Compliance, audits, and certifications: Entrust, with the full commitment of its senior leadership, strongly believes that the fundamental principle to its success in innovation is its information security strategy. This strategy is based on adherence to enterprise-wide governance, a set of controls and strict compliance with federal, financial, international, and industry regulations and policies. Entrust’s corporate information security management system (ISMS) is ISO 27001 compliant. Additionally, Entrust maintains compliance certifications to various other standards and frameworks, depending on the product, service, and geographic location, including: • ISO 27701 • ISO 9000 • ISO 14000 • PCI CP • PCI SAQ • CAIQ Cloud Security Alliance • Webtrust – CAB Forum • NIST/FISMA • ETSI • Tscheme To ensure that the information security strategy is effective, Entrust enforces information security policies and procedures across its entire organization, as well as all business and technical projects. Governance, Risk and Compliance (GRC), Threat and Vulnerability Management (TVM), Security Architecture, Security Operations Center, Disaster Recovery, Business Continuity and Incident Response are the integral components of this strategy. Incident Response: At an operational level, Entrust has instituted a Security Incident Response Plan to oversee data security events identified or detected by the various technologies used to monitor and alert based on specific thresholds or circumstances. The objectives of the Security Incident Response Plan are to manage and coordinate data security incidents throughout all aspects of the Entrust computing environment regardless of location, product or process, as well as provide opportunities for educating our colleagues on risks and security controls in place. Security Operation Center (SOC): Entrust is committed to protecting...
ANNEX II TO THE STANDARD CONTRACTUAL CLAUSES. Partner shall adhere to Entrust’s Vendor Security Addendum as set forth at xxxxx://xxx.xxxxxxx.xxx/legal-compliance/security.
ANNEX II TO THE STANDARD CONTRACTUAL CLAUSES. Technical and Organizational Measures Including Technical and Organizational Measures to Ensure the Security of the Data. Technical and organizational security measures in RSA’s compliance programs include the following:
ANNEX II TO THE STANDARD CONTRACTUAL CLAUSES. This Appendix forms part of the Clauses and must be completed and signed by the parties. Description of the technical and organizational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. Measures of pseudonymization and encryption of personal data Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident Processes for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures in order to ensure the security of the processing Measures for user identification and authorization Measures for the protection of data during transmission Measures for the protection of data during storage Measures for ensuring physical security of locations at which personal data are processed Measures for ensuring events logging Measures for ensuring system configuration, including default configuration Measures for internal IT and IT security governance and management Measures for certification/assurance of processes and products Measures for ensuring data minimization Measures for ensuring data quality Measures for ensuring limited data retention Measures for ensuring accountability Measures for allowing data portability and ensuring erasure] For transfers to (sub-) processors, also describe the specific technical and organizational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub- processor, to the data exporter The measures set forth above are required of sub-processors to the extent, and based upon, the nature of the processing carried out by the particular sub-processor.
ANNEX II TO THE STANDARD CONTRACTUAL CLAUSES. TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
