Common use of Logging Clause in Contracts

Logging. Al network traffic and all server logs are monitored and logged. The following activities are logged in systems, databases and networks: • All access attempts • All searches and • Activities carried out by system administrators and others with special rights • Security incidents including (i) deactivation of logging, (ii) changes to system rights and (iii) failed log-on attempts The Supplier does not work with shared log-ins. Therefore, it will always be possible to identify which employee performed a specific activity. The relevant log files are stored and protected against manipulation and technical errors. The log files are continuously reviewed to ensure normal operation and to examine unintended incidents. All external access to systems and databases where processing of personal data takes places, is filtered through a secure firewall with a restrictive protocol. A port and IP address filtration has been implemented to ensure limited access to ports and specific IP addresses. Anti-virus software and Intrusion Prevention System (IPS) have been installed on all systems and databases where processing of personal data take place, to protect against hostile attacks. The anti- virus software is continuously updated. Protection against XSS and SQL injections is implemented in all services. The internal network of the Supplier can only be accessed by authorized persons.

Logging. Al All network traffic and all server logs are monitored and logged. The following activities are logged in systems, databases and networks: • All access attempts attempts; • All searches and searches; • Activities carried out by system administrators and others with special rights rights; • Security incidents incidents, including (i) deactivation of logging, (ii) changes to system rights rights, and (iii) failed log-on attempts The Supplier does not work operate with shared log-ins. Therefore, it ins so the Supplier will always be possible able to identify which employee performed a specific activity. The relevant log files are stored and protected against manipulation and technical errors. The log files are continuously reviewed to ensure normal operation and to examine unintended incidents. All external access to systems and databases where processing of personal data takes places, place is filtered through a secure firewall with a restrictive protocol. A port The Supplier has implemented port- and IP address filtration has been implemented to ensure limited access to ports and specific IP addresses. Anti-virus Antivirus software and Intrusion Prevention System (IPS) have been is installed on all systems and databases where processing of personal data take takes place, to protect against hostile attacks. The anti- virus antivirus software is continuously updated. Protection against XSS and SQL injections is implemented in all services. The Suppliers internal network of the Supplier can networks are only be accessed by accessible for authorized persons.