Organizational Measures. (a) Employees Employees follow a security awareness training program on a yearly basis, including detection of social engineering, phishing, password management etc. They are required to apply a strong password policy and to use a password manager to limit password reuse. Multi-factor authentication is required whenever possible, including on the tools that Reveal develops to operate the service.
(b) Securing Devices
Organizational Measures. 2.1 Security plan and document
(a) The measures adopted to comply with these security requirements shall be the subject of the Company’s Information Security Policies and set out in a security portal, which shall be kept up to date, and revised whenever relevant changes are made to the information system(s) or to technical or organizational measures.
(b) The Information Security Policies shall address:
(i) Security measures relating to the modification and maintenance of the system(s) used to Process Data, including development and maintenance of applications, appropriate vendor support and an inventory of hardware and software;
(ii) Physical security, including security of the buildings or premises where Data Processing occurs, security of data equipment and telecommunication infrastructure and environmental controls; and
(iii) Security of computers and telecommunication systems including procedures for managing back-up copies, procedures dealing with computer viruses, procedures for managing signal/codes, security for software implementation, security related to databases, security for connecting systems to the Internet, inspection of circumvention of data system(s), mechanisms for keeping account of attempts to break system security or gain unauthorized access.
(c) The security plan shall include all Dynatrace policies, as updated from time to time, including but not limited to:
(i) Code of Business Conduct and Ethics
(ii) Global Data Protection Policy
(iii) Dynatrace IT Acceptable Use Policy
(iv) System Security Policies: • Dynatrace Network Access Policy • Dynatrace Physical Security Policy • Dynatrace Network Account Password Policy • Dynatrace Returning of Assets of Terminated Employees Policy • Dynatrace Security Policy • Dynatrace Security Awareness Policy • Dynatrace Vulnerability Management Policy • Dynatrace Workstation Security Policy
(d) The security plan shall be available to staff who have access to Data and the information systems, and must cover the following aspects at a minimum:
(i) The scope, with a detailed specification of protected resources;
(ii) The measures, standards, procedures, code of conduct rules and norms to guarantee security, including the control, inspection and supervision of the information systems;
(iii) The procedures for reporting, managing and responding to incidents; and
(iv) The procedures for making back-up copies and recovering Data including the member of staff who undertook the Processing activity, the Data ...
Organizational Measures. A. Information Security Governance
Organizational Measures a. IT security policy
b. Security roles and responsibilities
Organizational Measures. We take strict measures to ensure that privacy is upheld and do our best to help our clients do the same with strict privacy features, the ability to turn off all logging and or anonymize IPs. Only support/developers have access to account users’ information to be able to better support the user, along with fixing issues if they arise. If the EU is the only selected PoPs within an account, all data will flow through our EU locations, without any data being transmitted outside of the EU. The same applies with EU Storage, data stored on our Edge Storage Zones would only be held within the EU and would not be transferred outside, unless configured to do so. We evaluate all companies we work with to make sure they adhere to all GDPR laws and data protection requirements. We keep all raw logs within memory which is removed every 20-30 seconds, so no data is kept past that time.
Organizational Measures. The implementation and operational effectiveness of all below controls are mandatory. The below organizational measures are derived from Our Third-Party Information Security Risk requirements, which align to leading industry standards. Control Title Control Description Reference to Industry Standard Implemented? (Yes/No)
3.1.1 Industry Standards Supplier follows industry standards and laws, regulations, and applicable guidelines. Supplier is certified against (at a minimum) the ISO 27001 standard and has a periodic cycle ofinternal and external audits to ensure the continued compliance of all applicable security controls. Supplier shall submit a copy of any industry standard accreditation applicable to theproducts or services it is providing to Trellix (e.g., ISO27001, PCI-DSS or SSAE16/18-SOC 2 audits performed by an independent auditor within the last year) and provide annual updates of the accreditation during the term of the Services Agreement. Supplier shall also inform Trellix of its adherence to data protection certification. ISO 27001 A.12.
7.1 Privacy & Protection of Personal Data Supplier takes measures to ensure protection of Personal Data as required with relevant legislation such as the GDPR. At a minimum, Supplier encrypts data at rest and in transit as required by law, regulation, and applicable guidelines. ISO 27001 A.18.
Organizational Measures. Employee security incident detection: All employees are trained on the detection and report- ing of security breaches (e.g., undetectable computer hardware, anti-virus software mes- sages). • Reporting systems: There are technical procedures in place that enable employees to report anomalies and anomalies in technical systems to the responsible persons.
Organizational Measures. 1) The Participant must follow the Rules for Participation in Lion Heart Utopia – Olympic Cross Triathlon and any other regulations of the Organizer as may be applicable, in addition to the race regulations, the official race program/ race information;
2) In case of non-compliance, the Organizer has the right to exclude the Participant from the Event and/or announce the disqualification as he deems convenient, should the order of the Event or the safety of other Participants of the Event be endangered;
3) In case of according medical indications the medical staff is authorized to exclude a Participant from the race for his own safety and/or to deny him further participation in the Event;
4) If the bib is altered in any manner whatsoever, especially if the promotional logo and race number have been made invisible or unrecognizable or the race timing bracelet and / or GPS device have been lost then the Participant may be excluded from participation in the Event, in any case he will be excluded from the results (disqualification);
5) If the physical or mental condition of the Participant hinders his / her safe further participation in the race the Organizer and/or medical assistants have the right to disqualify the Participant and take him / her out of the race and the official ranking;
6) If the Participant fails to meet the cut-off times between the different stages of the race and / or between the different checkpoints in any given discipline the Organizer has the right to disqualify the Participant and take them out of the race for his / her and the overall safety of all involved.
Organizational Measures. The implementation and operational effectiveness of all below controls are mandatory. The below organizational measures are derived from McAfee’s Third-Party Information Security Risk requirements, which align to leading industry standards.
3.1.1 Industry Standards Supplier follows industry standards and laws, regulations, and applicable guidelines. Supplier is certified against (at a minimum) the ISO 27001 standard and has a periodic cycle of internal and external audits to ensure the ISO 27001 A.12.
7.1 continued compliance of all applicable security controls. Supplier shall submit a copy of any industry standard accreditation applicable to the products or services it is providing to McAfee Enterprise (e.g., ISO27001, PCI-DSS or SSAE16/18-SOC 2 audits performed by an independent auditor within the last year) and provide annual updates of the accreditation during the term of the Agreement. Supplier shall also inform McAfee Enterprise of its adherence to data protection certification. Privacy & Protection of Personal Data Supplier takes measures to ensure protection of Personal Data as required with relevant legislation such as the GDPR. At a minimum, Supplier encrypts data at rest and in transit as required by law, regulation, and applicable guidelines. ISO 27001 A.18.
Organizational Measures. Clear responsibilities: Internal responsibilities for data security issues are defined. • Confidentiality requirements of employees: Employees are obliged to maintain secrecy be- yond the duration of their employment. In particular, employees may only transfer personal data to third parties upon the express instruction of a supervisor. • Training and information activities: Employees are trained on data security issues (internally or externally) and adequately informed about data security issues (such as password secu- rity). • Orderly termination of employment relationships: Upon termination of an employment rela- tionship, all accounts of the leaving employee are immediately blocked for that employee and all keys of the leaving employee are collected. • Management of computer hardware: Records are kept on the distribution of end devices to specific employees (e.g., PC, laptop, mobile phone). • Input control: Control procedures are implemented to control the accuracy of personal data. • No duplicates of user accounts: Each person should have their own user account — the shar- ing of user accounts is prohibited.
