Information Security Policies and Standards. The Data Importer will implement security requirements for staff and all subcontractors, Service Providers, or agents who have access to Personal Data. These are designed to: • Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); • Prevent Personal Data processing systems being used without authorization (logical access control); • Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); • Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control); – Ensure the establishment of an audit trail to document whether and by whom Personal Data have been entered into, modified in, or removed from Personal Data Processing (entry control); – Ensure that Personal Data are Processed solely in accordance with the Instructions (control of instructions); • Ensure that Personal Data are protected against accidental destruction or loss (availability control); and • Ensure that Personal Data collected for different purposes can be processed separately (separation control). These rules are kept up to date and revised whenever relevant changes are made to the information system that uses or houses Personal Data, or to how that system is organized.
Information Security Policies and Standards. The data importer will implement appropriate security requirements for staff and all subcontractors, service providers, or agents who have access to data exporter personal data (“Personal Data”). These are designed to: • Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); • Prevent Personal Data processing systems being used without authorization (logical access control); • Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); • Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control); • Ensure that Personal Data are processed solely in accordance with the data exporter’s instructions (“Instructions”) (control of instructions); and • Ensure that Personal Data are appropriately protected against accidental destruction or loss (availability control). These rules are kept up to date, and revised whenever relevant changes are made to information systems that use, process, transmit or store Personal Data, or to how those systems are organized. Security policies and standards are monitored and maintained on an ongoing basis to ensure compliance.
Information Security Policies and Standards. Magic School will maintain written information security policies, standards and procedures addressing administrative, technical, and physical security controls and procedures. These policies, standards, and procedures shall be kept up to date, and revised whenever relevant changes are made to the information systems that use or store Personal Information.
Information Security Policies and Standards. Supplier must implement security requirements for staff and all subcontractors, suppliers, or agents who have access to Seagate Personal Information that are designed to:
1. Prevent unauthorized persons from gaining access to Seagate Personal Information processing systems (physical access control);
Information Security Policies and Standards. The Data Importer will implement security requirements for staff and all subcontractors, Service Providers, or agents who have access to Personal Data. These are designed to: • Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); • Prevent Personal Data processing systems being used without authorization (logical access control); • Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); • Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control); Technická a organizační opatření musí být popsána konkrétně (nikoli obecně). Viz také obecnou poznámku na první stránce dodatku týkající se zejména potřeby jasně uvést, která opatření se vztahují na každé jednorázové nebo souborné předání. Popis technických a organizačních opatření zavedených dovozcem nebo dovozci údajů (včetně veškerých příslušných certifikací) za účelem zajištění vhodné úrovně zabezpečení s přihlédnutím k povaze, rozsahu, kontextu a účelu zpracování a rizikům pro práva a svobody fyzických osob. 1.
Information Security Policies and Standards. BioCatch will implement security requirements for staff and all subprocessors or agents who have access to End User Data that are designed to ensure a level of security appropriate to the risk and address the requirements detailed in these Security Standards. BioCatch will conduct periodic risk assessments and review and, as appropriate, revise its information security practices at least annually or whenever there is a material change in BioCatch’s business practices that may reasonably affect the security, confidentiality or integrity of End User Data, provided that BioCatch will not modify its information security practices in a manner that will intentionally weaken or compromise the confidentiality, availability or integrity of End User Data. BioCatch shall keep written records of such assessments and review.
Information Security Policies and Standards. Cintas will implement security requirements for personnel with access to Personal Information that are designed to ensure a level of security appropriate to the risk and address the requirements detailed in this Schedule. Cintas will conduct periodic risk assessments and, as appropriate, revise its information security practices whenever there is a material change in Cintas’s business practices that may reasonably affect the security, confidentiality, or integrity of Personal Information, provided that Cintas will not modify its information security practices in a manner that will materially weaken Personal Information protection.
Information Security Policies and Standards. Institution will implement security policies and requirements for the data that are designed to: Physical Access Control. Prevent unauthorized persons from gaining access to data processing systems; Data Access Control. Ensure that persons entitled to use a data processing system gain access only to such data as they are entitled to access in accordance with their access rights and that, in the course of processing or use, the data cannot be read, copied, modified or deleted without authorization; Data Transfer Control. Ensure that the data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of data by means of data transmission facilities can be established and verified; Audit Trail. Ensure the establishment of an audit trail to document whether and by whom data have been entered into, modified in, or removed from data processing; Availability Control. Ensure that the data protected against accidental destruction or loss; and Separation Control. Ensure that the data collected for different purposes or from Institution’s other customers can be stored and processed separately with separate access control policies based on clearly defined roles and responsibilities. Institution will conduct periodic review of the above policies and requirements and, as appropriate, revise its information security practices at least annually to ensure appropriate cyber and information security risk management or whenever there is a material change in Institution’s business practices that may reasonably affect the security, confidentiality or integrity of the data, provided that Institution will not modify its information security practices in a manner that will weaken or compromise the confidentiality, availability or integrity of the data.
Information Security Policies and Standards. Processor will implement security requirements for staff and all subcontractors, vendors or agents who have access to Personal Data that are designed to ensure a level of security appropriate to the risk and address the requirements detailed in these Security Standards. Processor will conduct periodic risk assessments and review and, as appropriate, revise its information security practices at least annually or whenever there is a material change in Processor’s business practices that may reasonably affect the security, confidentiality or integrity of Personal Data, provided that Processor will not modify its information security practices in a manner that will weaken or compromise the confidentiality, availability or integrity of Personal Data. Processor shall keep written records of such assessments and reviews. Processor will have in place documents that specify its policies and practices in relation to Personal Data that are accessible to the Data Subject, such as an online privacy policy. The Processor will maintain commercially reasonable security systems at all Processor sites at which an information system that uses or houses Personal Data is located. The Processor reasonably and appropriately restricts access to such Personal Data and has in place practices to prevent unauthorized individuals from gaining access to Personal Data. Processor will maintain records specifying which media are used to store Personal Data. When media are to be disposed of or reused, procedures have been implemented to prevent any subsequent retrieval of any Personal Data stored on the media before they are withdrawn from the inventory. When media are to leave the premises at which the files are located as a result of maintenance operations, procedures have been implemented to prevent undue retrieval of Personal Data stored on them. Processor will implement security policies and procedures to classify sensitive information assets, clarify security responsibilities and promote awareness for employees. All Personal Data security incidents are managed in accordance with appropriate incident response procedures.
Information Security Policies and Standards. Seller has implemented and will maintain written information security policies, standards and procedures that are consistent with Applicable Data Privacy Laws, and that are designed and implemented to:
a. Prevent unauthorized persons from gaining physical access to Personal Data Processing systems (e.g. physical access controls);
b. Designate one or more employees, or competent subcontractors, to coordinate the Information Security Program;
c. Prevent Personal Data Processing systems from being used without authorization (e.g. logical access control);
d. Ensure that employees gain access only to such Personal Data as they are entitled to access and that Personal Data cannot be read, copied, modified or deleted without authorization (e.g. data access controls); and
e. Ensure that all systems that Process Personal Data are the subject of a vulnerability management program that includes regular vulnerability scanning and remediation.
