Organizational Security Measures. Responsibility – Service Provider shall implement and maintain reasonable measures to assign responsibility for management of information security with respect to implementing the Security Program. This includes hiring staff with reasonable skill and experience. Service Provider will, to the extent permitted by applicable law, conduct or procure background checks for all Service Provider employees who have access to Community Data in the course of performing their job functions.
Organizational Security Measures. 2.1 Delightex's employees sign a non disclosure agreement when being hired and are introduced to the IT security policies and data processing procedures and other relevant information related to the employees' processing of personal data.
2.2 The Company has implemented a procedure that ensures the withdrawal of assets and user rights upon resignation of employees.
Organizational Security Measures. 2.1 Project STEM employees sign a non disclosure agreement when being hired and are introduced to the IT security policies and data processing procedures and other relevant information related to the employees' processing of personal data.
2.2 The Company has implemented a procedure that ensures the withdrawal of assets and user rights upon resignation or termination of employees.
Organizational Security Measures. ▪ The roles and responsibilities in the field of data security are described, staffed and known internally ▪ Implementation of an appropriate information security management system ▪ Security guidelines for the handling of information are defined, adopted by the management and communicated to the employees ▪ Existence of adequate incident management (response to security breaches) ▪ An attack identification and reporting is in place (incident response) ▪ A documented Change Management process for IT systems that process personal data in the context of the present agreement ▪ Information about technical vulnerabilities about the systems and software (assets) used is collected and assessed in terms of impact ▪ Adequate response to identified technical vulnerabilities (e.g. shutdown / separation of services and systems, monitoring, adapting firewalls) ▪ Awareness measures for all users regarding data protection and data security ▪ Training measures or appropriate in-house education in data protection ▪ Classification of all information according to its protection needs (e.g. confidentiality, availability, integrity) ▪ Separation of production systems and development / test systems ▪ Only synthetic data, i.e. no genuine or personal data, is processed in the test and development environment ▪ Prohibition of the storage of personal data in source code (repositories) ▪ Regulations on the mobile / private use of terminal devices (e.g. smartphones, notebooks) by employees have been made ▪ Regular verification of the intended use of information and IT systems (e.g. audits by IT security or data protection officers) ▪ Process for regular review of the effectiveness of all protective measures and, where appropriate, their adaption (PDCA cycle) Please use the following field (free text) for details of additional or other measures you have implemented or if you would like to provide more specific information on the above items: If organizational security measures are not relevant to the services subject to the present agreement, please briefly state the reasons below:
Organizational Security Measures. Firehorse uses the following organizational security measures to preserve the confidentiality of Customer Data: • Confidentiality obligations in employment, contractor and Sub-Processor contracts. • Access controls to the Customer Data in accordance with Section 8 of Part II. • Physical access controls such as locks and security passes.
Organizational Security Measures. 11.1.1 That it has a designated individual who functions as data protection officer.
11.1.2 That it has implemented appropriate data protection policies that provide for organization, physical and technical security measures, taking into account the nature, scope, context, and purposes of the processing, as well as the risks posed to the rights and freedoms of data subject.
11.1.3 That it shall maintain records that sufficiently describe its data processing system and identify the duties and responsibilities of those individuals who will have access to personal data.
11.1.4 That its employees shall operate and hold the Personal Data under strict confidentiality. This obligation shall continue even upon termination of the employee's employment.
Organizational Security Measures. Where appropriate, personal information controllers and personal information processors shall comply with the following guidelines for organizational security: xxx
e. Processing of Personal Data. Any natural or juridical person or other body involved in the processing of personal data shall develop, implement and review:
Organizational Security Measures a. That it has a designated individual who functions as data protection officer.
b. That it has implemented appropriate data protection policies that provide for organization, physical and technical security measures, taking into account the nature, scope, context, and purposes of the processing, as well as the risks posed to the rights and freedoms of data subject.
c. The policies shall provide for documentation, regular review, evaluation, and updating of the privacy and security policies and practices.
Organizational Security Measures. Data protection responsibilities fixed in writing Information security responsibilities fixed in writing Appropriate information security management system in place Appropriate incident management in place (response to security breaches) An attack identification and reporting is in place (incident response) A documented Change Management process for IT systems that process personal data in the context of the present agreement A documented and tested Patch Management for IT systems that process personal data in the Systems and software (assets) that may be affected by technical vulnerabilities are identified (e.g. manufacturer, version, place installed) Availability of possible responses in the event of technical vulnerabilities: o Segregation of the systems affected o Deactivation of the service affected o Amendment of access opportunities, such as via firewalls o Changes to monitoring o Raising users' awareness Classification of information Only synthetic data, i.e. no genuine or personal data, is processed in the test and development environment There are regulations in place governing the use of mobile end devices (e.g. smart phones, notebooks) A process to regularly assess the efficacy of all protection measures and potentially adapt them to ensure secure processing of personal data Please use the following field (free text) for details of additional or other measures you have implemented or if you would like to provide more specific information on the above items: If organizational security measures are not relevant to the services subject to the present agreement, please briefly state the reasons below:
Organizational Security Measures