Asset Management and Devices (A Sample Clauses

Asset Management and Devices (A. 8 Asset management) The organisation must have a register of the IT resources used for the processing of personal data on behalf of the data controller. This must be maintained by a specific resource, who also reviews and updates the list regularly, at least annually. All devices that are relevant in the handling and/or processing of the data controller’s data, including USB-keys and other mobile devices, must be protected, including hard disk encryp- tion, strong passwords used to protect against unauthorized access to personal data and ac- cess limitation to solely include employees with specific work-related purposes. Passwords must be stored in a hashed form. Login must automatically be blocked after 5 failed login at- tempts to protect against unauthorized access to personal data. If personal information can be processed on data processor’s employee-owned devices (BYOD) the devices must be adequately secured including encryption, forced adequate pass- words and access limitation to employees with specific work-related purposes, e.g., through sandboxing technologies. BYOD policies, guidelines and data protection policies must, upon request, be provided to the data controller – this also includes adopting a Mobile Device Man- agement (MDM) tool to enforce the above. The data processor must ensure control with all assets used to deliver services to the data controller which ensures that all data controller data are securely overwritten using specialised software before hardware decommissioning or reuse for other purposes. External media in use, including USB-keys, tablets, smartphones, etc. must be encrypted and securely erased or destroyed when decommissioned to protect against unauthorised access to personal data. Disks and removable media must be stored and protected against unauthorised access during repair, service and when transported, and must be handled in line with all security require- ments.
AutoNDA by SimpleDocs

Related to Asset Management and Devices (A

  • Asset Management Supplier will: i) maintain an asset inventory of all media and equipment where Accenture Data is stored. Access to such media and equipment will be restricted to authorized Personnel; ii) classify Accenture Data so that it is properly identified and access to it is appropriately restricted; iii) maintain an acceptable use policy with restrictions on printing Accenture Data and procedures for appropriately disposing of printed materials that contain Accenture Data when such data is no longer needed under the Agreement; iv) maintain an appropriate approval process whereby Supplier’s approval is required prior to its Personnel storing Accenture Data on portable devices, remotely accessing Accenture Data, or processing such data outside of Supplier facilities. If remote access is approved, Personnel will use multi-factor authentication, which may include the use of smart cards with certificates, One Time Password (OTP) tokens, and biometrics.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!