Record of Incidents. There shall be a procedure for notification and management of incidents that affect personal data and a register established for recording the type of incident, the moment it occurred, or if appropriate, was detected, the person making the notification, to whom it was communicated, the effect arising from it and the corrective measures applied. The data importer shall take the measures that guarantee the correct identification and authentication of the users. The data importer shall establish a mechanism that permits the unequivocal and personalized identification of any user who tries to access the information system and the verification of his authorization. The security document shall establish the frequency, which under no circumstances shall be less than yearly, with which the passwords shall be changed. While in force, passwords shall be stored in an unintelligible way.
Appears in 5 contracts
Samples: Data Processing Agreement, Data Processing and Transfer Agreement, Data Processing Agreement
