Information Security Policies and Standards. The Data Importer will implement security requirements for staff and all subcontractors, Service Providers, or agents who have access to Personal Data. These are designed to: • Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); • Prevent Personal Data processing systems being used without authorization (logical access control); • Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); • Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control); – Ensure the establishment of an audit trail to document whether and by whom Personal Data have been entered into, modified in, or removed from Personal Data Processing (entry control); – Ensure that Personal Data are Processed solely in accordance with the Instructions (control of instructions); • Ensure that Personal Data are protected against accidental destruction or loss (availability control); and • Ensure that Personal Data collected for different purposes can be processed separately (separation control). These rules are kept up to date and revised whenever relevant changes are made to the information system that uses or houses Personal Data, or to how that system is organized.
Information Security Policies and Standards. The data importer will implement appropriate security requirements for staff and all subcontractors, service providers, or agents who have access to data exporter personal data (“Personal Data”). These are designed to: Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); Prevent Personal Data processing systems being used without authorization (logical access control); Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control); Ensure that Personal Data are processed solely in accordance with the data exporter’s instructions (“Instructions”) (control of instructions); and Ensure that Personal Data are appropriately protected against accidental destruction or loss (availability control). These rules are kept up to date, and revised whenever relevant changes are made to information systems that use, process, transmit or store Personal Data, or to how those systems are organized. Security policies and standards are monitored and maintained on an ongoing basis to ensure compliance.
Information Security Policies and Standards. Magic School will maintain written information security policies, standards and procedures addressing administrative, technical, and physical security controls and procedures. These policies, standards, and procedures shall be kept up to date, and revised whenever relevant changes are made to the information systems that use or store Personal Information.
Information Security Policies and Standards. Supplier must implement security requirements for staff and all subcontractors, suppliers, or agents who have access to Seagate Personal Information that are designed to:
1. Prevent unauthorized persons from gaining access to Seagate Personal Information processing systems (physical access control);
Information Security Policies and Standards. The Data Importer will implement security requirements for staff and all subcontractors, Service Providers, or agents who have access to Personal Data. These are designed to: • Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); • Prevent Personal Data processing systems being used without authorization (logical access control); • Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); • Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control); Technická a organizační opatření musí být popsána konkrétně (nikoli obecně). Viz také obecnou poznámku na první stránce dodatku týkající se zejména potřeby jasně uvést, která opatření se vztahují na každé jednorázové nebo souborné předání. Popis technických a organizačních opatření zavedených dovozcem nebo dovozci údajů (včetně veškerých příslušných certifikací) za účelem zajištění vhodné úrovně zabezpečení s přihlédnutím k povaze, rozsahu, kontextu a účelu zpracování a rizikům pro práva a svobody fyzických osob. 1.
Information Security Policies and Standards. The Data Importer will implement security requirements for staff and all subcontractors, Service Providers, or agents who have access to Personal Data. These are designed to: • Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); • Prevent Personal Data processing systems being used without authorization (logical access control); • Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, PŘÍLOHA II TECHNICKÁ A ORGANIZAČNÍ OPATŘENÍ VČETNĚ TECHNICKÝCH A ORGANIZAČNÍCH OPATŘENÍ K ZAJIŠTĚNÍ ZABEZPEČENÍ ÚDAJŮ VYSVĚTLIVKY: Technická a organizační opatření musí být popsána konkrétně (nikoli obecně). Viz také obecnou poznámku na první stránce dodatku týkající se zejména potřeby jasně uvést, která opatření se vztahují na každé jednorázové nebo souborné předání. Popis technických a organizačních opatření zavedených dovozcem nebo dovozci údajů (včetně veškerých příslušných certifikací) za účelem zajištění vhodné úrovně zabezpečení s přihlédnutím k povaze, rozsahu, kontextu a účelu zpracování a rizikům pro práva a svobody fyzických osob. 1.
Information Security Policies and Standards. Seller has implemented and will maintain written information security policies, standards and procedures that are consistent with Applicable Data Privacy Laws, and that are designed and implemented to:
a. Prevent unauthorized persons from gaining physical access to Personal Data Processing systems (e.g. physical access controls);
b. Designate one or more employees, or competent subcontractors, to coordinate the Information Security Program;
c. Prevent Personal Data Processing systems from being used without authorization (e.g. logical access control);
d. Ensure that employees gain access only to such Personal Data as they are entitled to access and that Personal Data cannot be read, copied, modified or deleted without authorization (e.g. data access controls); and
e. Ensure that all systems that Process Personal Data are the subject of a vulnerability management program that includes regular vulnerability scanning and remediation.
Information Security Policies and Standards. Supplier must implement security requirements for staff and all subcontractors, suppliers, or agents who have access to Seagate Personal Information that are designed to:
(a) Prevent unauthorized persons from gaining access to Seagate Personal Information processing systems (physical access control);
(b) Prevent Seagate Personal Information processing systems being used without authorization (logical access control);
(c) Ensure that persons entitled to use a Seagate Personal Information processing system can only gain access to such Seagate Personal Information as they are entitled to access in accordance with their approved access rights and that, in the course of processing or use and after storage Seagate Personal Information cannot be read, copied, modified or deleted without authorization (data access control);
(d) Ensure that Seagate Personal Information cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of Seagate Personal Information by means of data transmission facilities can be established and verified (data transfer control);
(e) Ensure the establishment of an audit trail to document whether and by whom Seagate Personal Information have been entered into, modified in, transferred or removed from Seagate Personal Information processing (entry control);
(f) Ensure that Seagate Personal Information is processed solely in accordance with the instructions (control of instructions);
(g) Ensure that Seagate Personal Information is protected against accidental destruction or loss (availability control); and
(h) Ensure that Seagate Personal Information collected for different purposes can be processed separately (separation control). Supplier will conduct periodic risk assessments and review and, as appropriate, revise its information security practices at least annually or whenever there is a material change in Supplier’s business practices that may reasonably affect the security, confidentiality or integrity of Seagate Personal Information, provided that Supplier will not modify its information security practices in a manner that will weaken or compromise the confidentiality, availability or integrity of Seagate Personal Information.
Information Security Policies and Standards. The Data Importer will implement security requirements for staff and all subcontractors, Service Providers, or agents who have access to Personal Data. These are designed to: • Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); • Prevent Personal Data processing systems being used without authorization (logical access control); • Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); • Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control); – Ensure the establishment of an audit trail to document whether and by whom Personal Data have been entered into, modified in, or removed from Personal Data Processing (entry control); veškerých příslušných certifikací) za účelem zajištění vhodné úrovně zabezpečení s přihlédnutím k povaze, rozsahu, kontextu a účelu zpracování a rizikům pro práva a svobody fyzických osob. 1.
Information Security Policies and Standards. Institution will implement security policies and requirements for the data that are designed to: Physical Access Control. Prevent unauthorized persons from gaining access to data processing systems; Data Access Control. Ensure that persons entitled to use a data processing system gain access only to such data as they are entitled to access in accordance with their access rights and that, in the course of processing or use, the data cannot be read, copied, modified or deleted without authorization; Data Transfer Control. Ensure that the data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of data by means of data transmission facilities can be established and verified; Audit Trail. Ensure the establishment of an audit trail to document whether and by whom data have been entered into, modified in, or removed from data processing; Availability Control. Ensure that the data protected against accidental destruction or loss; and Separation Control. Ensure that the data collected for different purposes or from Institution’s other customers can be stored and processed separately with separate access control policies based on clearly defined roles and responsibilities. Institution will conduct periodic review of the above policies and requirements and, as appropriate, revise its information security practices at least annually to ensure appropriate cyber and information security risk management or whenever there is a material change in Institution’s business practices that may reasonably affect the security, confidentiality or integrity of the data, provided that Institution will not modify its information security practices in a manner that will weaken or compromise the confidentiality, availability or integrity of the data.
