Information Security Policies and Standards. The data importer will implement appropriate security requirements for staff and all subcontractors, service providers, or agents who have access to data exporter personal data (“Personal Data”). These are designed to: Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); Prevent Personal Data processing systems being used without authorization (logical access control); Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control); Ensure that Personal Data are processed solely in accordance with the data exporter’s instructions (“Instructions”) (control of instructions); and Ensure that Personal Data are appropriately protected against accidental destruction or loss (availability control). These rules are kept up to date, and revised whenever relevant changes are made to information systems that use, process, transmit or store Personal Data, or to how those systems are organized. Security policies and standards are monitored and maintained on an ongoing basis to ensure compliance.
Information Security Policies and Standards. Supplier must implement security requirements for staff and all subcontractors, suppliers, or agents who have access to Seagate Personal Information that are designed to:
Information Security Policies and Standards. Magic School will maintain written information security policies, standards and procedures addressing administrative, technical, and physical security controls and procedures. These policies, standards, and procedures shall be kept up to date, and revised whenever relevant changes are made to the information systems that use or store Personal Information.
Information Security Policies and Standards. Institution will implement security policies and requirements for the data that are designed to: • Physical Access Control. Prevent unauthorized persons from gaining access to data processing systems; • Data Access Control. Ensure that persons entitled to use a data processing system gain access only to such data as they are entitled to access in accordance with their access rights and that, in the course of processing or use, the data cannot be read, copied, modified or deleted without authorization; • Data Transfer Control. Ensure that the data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of data by means of data transmission facilities can be established and verified; • Audit Trail. Ensure the establishment of an audit trail to document whether and by whom data have been entered into, modified in, or removed from data processing; • Availability Control. Ensure that the data protected against accidental destruction or loss; and • Separation Control. Ensure that the data collected for different purposes or from Institution’s other customers can be stored and processed separately with separate access control policies based on clearly defined roles and responsibilities. Institution will conduct periodic review of the above policies and requirements and, as appropriate, revise its information security practices at least annually to ensure appropriate cyber and information security risk management or whenever there is a material change in Institution’s business practices that may reasonably affect the security, confidentiality or integrity of the data, provided that Institution will not modify its information security practices in a manner that will weaken or compromise the confidentiality, availability or integrity of the data.
Information Security Policies and Standards. Processor will implement security requirements for staff and all subcontractors, vendors or agents who have access to Personal Data that are designed to ensure a level of security appropriate to the risk and address the requirements detailed in these Security Standards. Processor will conduct periodic risk assessments and review and, as appropriate, revise its information security practices at least annually or whenever there is a material change in Processor’s business practices that may reasonably affect the security, confidentiality or integrity of Personal Data, provided that Processor will not modify its information security practices in a manner that will weaken or compromise the confidentiality, availability or integrity of Personal Data. Processor shall keep written records of such assessments and reviews. Processor will have in place documents that specify its policies and practices in relation to Personal Data that are accessible to the Data Subject, such as an online privacy policy. Physical Security The Processor will maintain commercially reasonable security systems at all Processor sites at which an information system that uses or houses Personal Data is located. The Processor reasonably and appropriately restricts access to such Personal Data and has in place practices to prevent unauthorized individuals from gaining access to Personal Data. Organizational Security Processor will maintain records specifying which media are used to store Personal Data. When media are to be disposed of or reused, procedures have been implemented to prevent any subsequent retrieval of any Personal Data stored on the media before they are withdrawn from the inventory. When media are to leave the premises at which the files are located as a result of maintenance operations, procedures have been implemented to prevent undue retrieval of Personal Data stored on them. Processor will implement security policies and procedures to classify sensitive information assets, clarify security responsibilities and promote awareness for employees. All Personal Data security incidents are managed in accordance with appropriate incident response procedures.
Information Security Policies and Standards. The Data Importer will implement security requirements for staff and all subcontractors, Service Providers, or agents who have access to Personal Data. These are designed to: • Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); • Prevent Personal Data processing systems being used without authorization (logical access control); • Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); • Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control); – Ensure the establishment of an audit trail to document whether and by whom Personal Data have been entered into, modified in, or removed from Personal Data Processing (entry control); – Ensure that Personal Data are Processed solely in accordance with the Instructions (control of instructions); • Ensure that Personal Data are protected against accidental destruction or loss (availability control); and • Ensure that Personal Data collected for different purposes can be processed separately (separation control). These rules are kept up to date and revised whenever relevant changes are made to the information system that uses or houses Personal Data, or to how that system is organized. 2. Physical Security The Data Importer will maintain commercially reasonable security systems at all Data Importer sites at which an information system that uses or houses Personal Data is located. The Data Importer reasonably restricts access to such Personal Data appropriately. Physical access control has been implemented for all data centers. Unauthorized access is prohibited through 24x7 onsite staff, biometric scanning and security camera monitoring. Data Centre physical security is audited by an independent firm. Surveillance camera on entry door is installed and security monitoring by building management is implemented. 3. Organizational Security When media are to be disposed of or reused, procedures have been implemented to prevent any subs...
Information Security Policies and Standards. The Data Importer will implement security requirements for staff and all subcontractors, Service Providers, or agents who have access to Personal Data. These are designed to: • Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); • Prevent Personal Data processing systems being used without authorization (logical access control); 1. Zásady a standardy zabezpečení údajů Dovozce údajů zavede bezpečnostní požadavky pro zaměstnance a všechny subdodavatele, poskytovatele služeb nebo zástupce, kteří mají přístup k osobním údajům. Ty jsou určeny k: • Zabránění neoprávněným osobám v přístupu k systémům zpracování osobních údajů (kontrola fyzického přístupu); • Zabránění tomu, aby byly systémy zpracování osobních údajů používány bez oprávnění (logická kontrola přístupu); • Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); • Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control); – Ensure the establishment of an audit trail to document whether and by whom Personal Data have been entered into, modified in, or removed from Personal Data Processing (entry control); – Ensure that Personal Data are Processed solely in accordance with the Instructions (control of instructions); • Ensure that Personal Data are protected against accidental destruction or loss (availability control); and • Ensure that Personal Data collected for different purposes can be processed separately (separation control). These rules are kept up to date and revised whenever relevant changes are made to the information system that uses or houses Personal Data, or to how that system is organized. • Zajištění toho, aby osoby oprávněné používat systémy zpracování osobních údajů měly přístup pouze k takovým osobním údajům, k nimž mají přístup v souladu s příslušnými přístupovými právy, a aby v průběhu zpracování nebo použití a po uložení nemohly být osobní údaje bez oprávnění čteny, kopírovány, upravovány ani m...
Information Security Policies and Standards. The Data Importer will implement security requirements for staff and all subcontractors, Service Providers, or agents who have access to Personal Data. These are designed to: • Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); • Prevent Personal Data processing systems being used without authorization (logical access control); • Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); • Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or TECHNICKÁ A ORGANIZAČNÍ OPATŘENÍ VČETNĚ TECHNICKÝCH A ORGANIZAČNÍCH OPATŘENÍ K ZAJIŠTĚNÍ ZABEZPEČENÍ ÚDAJŮ VYSVĚTLIVKY: Technická a organizační opatření musí být popsána konkrétně (nikoli obecně). Viz také obecnou poznámku na první stránce dodatku týkající se zejména potřeby jasně uvést, která opatření se vztahují na každé jednorázové nebo souborné předání. Popis technických a organizačních opatření zavedených dovozcem nebo dovozci údajů (včetně veškerých příslušných certifikací) za účelem zajištění vhodné úrovně zabezpečení s přihlédnutím k povaze, rozsahu, kontextu a účelu zpracování a rizikům pro práva a svobody fyzických osob. 1.
Information Security Policies and Standards. The Data Importer will implement security requirements for staff and all subcontractors, Service Providers, or agents who have access to Personal Data. These are designed to: • Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); • Prevent Personal Data processing systems being used without authorization (logical access control); • Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in C. PRÍSLUŠNÝ DOZORNÝ ORGÁN Uveďte príslušné dozorné orgány podľa doložky 13 Informácie o úrade na ochranu osobných údajov krajiny zdravotníckeho zariadenia sú uvedené na adrese: xxxxx://xxxx.xxxxxx.xx/about- edpb/about-edpb/members_en PRÍLOHA II T ECHNICKÉ A ORGANIZAČNÉ OPATRENIA V RÁTANE TECHNICKÝCH A ORGANIZAČNÝCH O PATRENÍ NA ZAISTENIE BEZPEČNOSTI ÚDAJOV VYSVETLIVKA: Technické a organizačné opatrenia je potrebné opísať v konkrétnych (nie všeobecných) pojmoch. Ďalšie informácie sú uvedené aj vo všeobecnej poznámke na prvej strane dodatku, najmä pokiaľ ide o potrebu jednoznačne uviesť, ktoré opatrenia sa vzťahujú na konkrétny prenos alebo súbor prenosov. Opis technických a organizačných opatrení zavedených dovozcami údajov (vrátane všetkých príslušných certifikácií) na zabezpečenie primeranej úrovne bezpečnosti, so zohľadnením povahy, rozsahu, kontextu a účelu spracovávania, ako aj rizík pre práva a slobody fyzických osôb. 1. Zásady a normy informačnej bezpečnosti Dovozca údajov zavedie bezpečnostné požiadavky pre personál a všetkých subdodávateľov, poskytovateľov služieb alebo zástupcov, ktorí majú prístup k osobným údajom. Tieto sú navrhnuté tak, aby: • zabránili neoprávneným osobám získať prístup do systémov spracovávania osobných údajov (fyzická kontrola prístupu), • zabránili používať systémy spracovávania osobných údajov bez oprávnenia (logická kontrola prístupu), • zaistili, že osoby oprávnené používať systém spracovávania osobných údajov získajú prístup len k tým osobným údajom, ku ktorým sú oprávnené pristupovať so svojimi prístupovými právami, a že v priebehu spracovávania alebo
Information Security Policies and Standards. The Data Importer will implement security requirements for staff and all subcontractors, vendors or agents who have access to Personal Data that are designed to: o Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); o Prevent Personal Data processing systems from being used without authorization (logical access control); o Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); o Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control); o Ensure the establishment of an audit trail to document whether and by whom Personal Data have been entered into, modified in or removed from Personal Data Processing (entry control); o Ensure that Personal Data are Processed solely in accordance with the Instructions of the Data Controller (control of instructions); o Ensure that Personal Data are protected against accidental destruction or loss (availability control); and o Ensure that Personal Data collected for different purposes can be processed separately (separation control).
