Data Entry Control. Technical and organisational measures regarding recording and monitoring of the circumstances of data entry to enable retroactive review. System inputs are recorded in the form of log files therefore it is possible to review retroactively whether and by whom Personal Data was entered, altered or deleted.
Data Entry Control. We provide the possibility to verify the source of the entered data. Based on the stored history and logs, we can check whether and by whom personal data were entered, modified or deleted in the data processing systems.
Data Entry Control. Auditing and recording of the access transactions performed by Supplier’s employees to Company’s data, using log files, in case of processing on the Supplier’s systems.
Data Entry Control. Verification, whether and by whom personal data is entered into a Data Processing System, is changed or deleted, e.g.: Logging, Document Management
A.3.1 Availability Control
Data Entry Control. Objective: Identification whether and by whom personal data is entered, altered or removed in data processing systems Existing / implemented measures: • Order related service contracts • Responsibility rules • Process flow organization • Logging functions (input, change) • Document management system
Data Entry Control. Protection against unauthorised reading, copying, modification or removal within the system is ensured by the following measures. ● Standard authorisation profiles on a "need to know" basis ● Standard process for authorisation assignment ● Logging of accesses ● Secure storage of storage media ● Periodic review of assigned authorisations, especially for administrative user accounts ● Reuse of data media in compliance with data protection requirements ● Disposal of data media no longer required in accordance with data protection requirements ● Separation of internal and guest network ● Automatic logouts ● Clear desk policy (individual lockers) ● Clear-screen policy (sanctions for unlocked screens) ● Standard processes for employee changes/leavings
Data Entry Control. There is a possibility to subsequently review and determine whether and by whom personal data was entered into, altered in, or removed from data processing systems. Each Party has implemented the following input control measures on its systems, which are used for processing the personal data or which enable or convey access to such systems:
1. Creation and audit-proof storage of processing protocols.
2. Securing log files against manipulation.
3. Recording and evaluating unauthorized and failed login attempts.
4. Employees do not work directly at database level, but instead use applications to access the personal data.
Data Entry Control. The Operator implements appropriate measures to monitor whether data have been entered, changed or removed (deleted), and by whom. This is accomplished by: • Documentation of administration activities (user account setup, change management, access and authorisation procedures) • Archiving of password-reset and access requests • System log-files enabled by default • Storage of audit logs for audit trail analysis
Data Entry Control. 5.3.1 For using the Services, personal data is entered by the user. HTTP access logs include the authenticated user for most requests.
Data Entry Control. CT implements appropriate measures to monitor whether data have been entered, changed or removed (deleted), and by whom. This is accomplished by: • Documentation of administration activities (user account setup, change management, access and authorisation procedures) • Archiving of password-reset and access requests • System log-files enabled by default • Storage of audit logs for audit trail analysis
