Organizational Measures Sample Clauses

Organizational Measures. 2.1 Security plan and document (a) The measures adopted to comply with these security requirements shall be the subject of the Company’s Information Security Policies and set out in a security portal, which shall be kept up to date, and revised whenever relevant changes are made to the information system(s) or to technical or organizational measures. (b) The Information Security Policies shall address: (i) Security measures relating to the modification and maintenance of the system(s) used to Process Data, including development and maintenance of applications, appropriate vendor support and an inventory of hardware and software; (ii) Physical security, including security of the buildings or premises where Data Processing occurs, security of data equipment and telecommunication infrastructure and environmental controls; and (iii) Security of computers and telecommunication systems including procedures for managing back-up copies, procedures dealing with computer viruses, procedures for managing signal/codes, security for software implementation, security related to databases, security for connecting systems to the Internet, inspection of circumvention of data system(s), mechanisms for keeping account of attempts to break system security or gain unauthorized access. (c) The security plan shall include all Dynatrace policies, as updated from time to time, including but not limited to: (i) Code of Business Conduct and Ethics (ii) Global Data Protection Policy (iii) Dynatrace IT Acceptable Use Policy (iv) System Security Policies: • Dynatrace Network Access Policy • Dynatrace Physical Security Policy • Dynatrace Network Account Password Policy • Dynatrace Returning of Assets of Terminated Employees Policy • Dynatrace Security Policy • Dynatrace Security Awareness Policy • Dynatrace Vulnerability Management Policy • Dynatrace Workstation Security Policy (d) The security plan shall be available to staff who have access to Data and the information systems, and must cover the following aspects at a minimum: (i) The scope, with a detailed specification of protected resources; (ii) The measures, standards, procedures, code of conduct rules and norms to guarantee security, including the control, inspection and supervision of the information systems; (iii) The procedures for reporting, managing and responding to incidents; and (iv) The procedures for making back-up copies and recovering Data including the member of staff who undertook the Processing activity, the Data ...

Organizational Measures a. IT security policy b. Security roles and responsibilities

Organizational Measures. The implementation and operational effectiveness of all below controls are mandatory. The below organizational measures are derived from Our Third-Party Information Security Risk requirements, which align to leading industry standards. Control Title Control Description Reference to Industry Standard Implemented? (Yes/No) 3.1.1 Industry Standards Supplier follows industry standards and laws, regulations, and applicable guidelines. Supplier is certified against (at a minimum) the ISO 27001 standard and has a periodic cycle ofinternal and external audits to ensure the continued compliance of all applicable security controls. Supplier shall submit a copy of any industry standard accreditation applicable to theproducts or services it is providing to Trellix (e.g., ISO27001, PCI-DSS or SSAE16/18-SOC 2 audits performed by an independent auditor within the last year) and provide annual updates of the accreditation during the term of the Services Agreement. Supplier shall also inform Trellix of its adherence to data protection certification. ISO 27001 A.12. 7.1 Privacy & Protection of Personal Data Supplier takes measures to ensure protection of Personal Data as required with relevant legislation such as the GDPR. At a minimum, Supplier encrypts data at rest and in transit as required by law, regulation, and applicable guidelines. ISO 27001 A.18.

Organizational Measures. Privacy and Security Policies Clear internal guidelines and policy documents that comply with the GDPR and describe how personal data is handled. Awareness and Employee Training Regular training and awareness programs on data protection and security practices. Incident Response and Reporting Procedures A procedure for reporting data breaches and a response plan for security incidents. Data Processing Agreements with Third Parties (Subprocessors) Establishing agreements with third parties that have access to data, defining security and privacy requirements. Documentation and Logs Detailed documentation of processing activities and maintaining logs to ensure transparency and for audit purposes. Limitation of Data Storage and Data Minimization Only collecting, processing, and storing strictly necessary personal data. Access Restrictions Implementation of policies that ensure limited access to personal data based on role and necessity within the organization. Regular Evaluation of Security Measures Continuous evaluation and adjustment of technical and organizational measures, taking into account new threats and technological developments.

Organizational Measures. Domain Measure

Organizational Measures. We take strict measures to ensure that privacy is upheld and do our best to help our clients do the same with strict privacy features, the ability to turn off all logging and or anonymize IPs. Only support/developers have access to account users’ information to be able to better support the user, along with fixing issues if they arise. If the EU is the only selected PoPs within an account, all data will flow through our EU locations, without any data being transmitted outside of the EU. The same applies with EU Storage, data stored on our Edge Storage Zones would only be held within the EU and would not be transferred outside, unless configured to do so. We evaluate all companies we work with to make sure they adhere to all GDPR laws and data protection requirements. We keep all raw logs within memory which is removed every 20-30 seconds, so no data is kept past that time.

Organizational Measures. A. Information Security Governance

Organizational Measures. Employee security incident detection: All employees are trained on the detection and report- ing of security breaches (e.g., undetectable computer hardware, anti-virus software mes- sages). • Reporting systems: There are technical procedures in place that enable employees to report anomalies and anomalies in technical systems to the responsible persons.

Organizational Measures. With regard to organizational protection the Data Importer undertakes to apply at least the following measures: · The security measures set forth in Exhibit F (Security) and Exhibit D (HIPAA and GLBA – Business Associate Agreement) to the Agreement to which these Standard Contractual Clauses are attached. · The security measures set forth in Exhibit F (Security) and Exhibit G (Background Investigations) D.