Data Access Control. The following measures are implemented to control that persons entitled to use data processing systems gain access only to the Personal Data when they have a right to access, and Personal Data is not read, copied, modified or removed without authorization in the course of processing, use and storage. a) User and administrator access to the data center facilities, servers, networking equipment, and host software is based on a role-based access rights model. A unique ID is assigned to ensure proper user-authentication management for users and administrators on all system components. b) The concept of least privilege is employed, allowing only the necessary access for users to accomplish their job function. When user accounts are created, user accounts are created to have minimal access. Access above these least privileges requires appropriate authorization. c) System administrator access privileges are reviewed on regular basis by appropriate personnel. d) Time stamped logging of access to and modification of Personal Data is in place. e) An incident response plan is in place to address the following at time of incident: • Roles, responsibilities, and communication and contact strategies in the event of a compromise. • Specific incident response procedures. • Coverage and responses of all critical system components
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Data Access Control. The following measures are implemented to control that persons entitled to use data processing systems gain access only to the Personal Data when they have a right to access, and Personal Data is not read, copied, modified or removed without authorization in the course of processing, use and storage.
a) User and administrator access to the data center facilities, servers, networking equipment, and host software is based on a role-role based access rights model. A unique ID is assigned to ensure proper user-authentication management for users and administrators on all system components.
b) The concept of least privilege is employed, allowing only the necessary access for users to accomplish their job function. When user accounts are created, user accounts are created to have minimal access. Access above these least privileges requires appropriate authorization.
c) System administrator IT access privileges are reviewed on a regular basis by appropriate personnel.
d) Time stamped logging of access to and modification of Personal Data is in place.
e) An incident response plan is in place to address the following at time of incident: • Roles, responsibilities, and communication and contact strategies in the event of a compromise. • Specific incident response procedures. • Coverage and responses of all critical system components.
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Data Access Control. The following measures are implemented to control that persons entitled to use data processing systems gain access only to the Personal Data when they have a right to access, and Personal Data is not read, copied, modified or removed without authorization in the course of processing, use and storage.
a) User and administrator access to the data center facilities, servers, networking equipment, and host software is based on a role-based access rights model. A unique ID is assigned to ensure proper user-authentication management for users and administrators on all system components.
b) The concept of least privilege is employed, allowing only the necessary access for users to accomplish their job function. When user accounts are created, user accounts are created to have minimal access. Access above these least privileges requires appropriate authorization.
c) System administrator IT access privileges are reviewed on a regular basis by appropriate personnel.
d) Time stamped logging of access to and modification of Personal Data is in place.p
e) An incident response plan is in place to address the following at time of incident: • Roles, responsibilities, and communication and contact strategies in the event of a compromise. • Specific incident response procedures. • Coverage and responses of all critical system components
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Data Access Control. The following measures are implemented to control that persons entitled to use data processing systems gain access only to the Personal Data when they have a right to access, and Personal Data is not read, copied, modified or removed without authorization in the course of processing, use and storage.
a) User and administrator access to the data center facilities, servers, networking equipment, and host software is based on a role-role based access rights model. A unique ID is assigned to ensure proper user-authentication management for users and administrators on all system components.
b) The concept of least privilege is employed, allowing only the necessary access for users to accomplish their job function. When user accounts are created, user accounts are created to have minimal access. Access above these least privileges requires appropriate authorization.
c) System administrator IT access privileges are reviewed on a regular basis by appropriate personnel.
d) Time stamped logging of access to and modification of Personal Data is in place.
e) An incident response plan is in place to address the following at time of incident: • Roles, responsibilities, and communication and contact strategies in the event of a compromise. • Specific incident response procedures. • Coverage and responses of all critical system components
Appears in 1 contract
Samples: Data Processing Agreement