Security of Data Processing Clause Samples

Security of Data Processing. 5.1 AWS has implemented and will maintain the technical and organisational measures for the AWS Network as described in the AWS Security Standards and this Section. In particular, AWS has implemented and will maintain the following technical and organisational measures: (a) security of the AWS Network as set out in Section 1.1 of the AWS Security Standards; (b) physical security of the facilities as set out in Section 1.2 of the AWS Security Standards; (c) measures to control access rights for AWS employees and contractors in relation to the AWS Network as set out in Section 1.1 of the AWS Security Standards; and (d) processes for regularly testing, assessing and evaluating the effectiveness of the technical and organisational measures implemented by AWS as described in Section 2 of the AWS Security Standards. 5.2 Customer may elect to implement technical and organisational measures in relation to Customer Data. Such technical and organisational measures include the following which may be obtained by Customer from AWS as described in the Documentation, or directly from a third party supplier: (a) pseudonymisation and encryption to ensure an appropriate level of security; (b) measures to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services that are being operated by Customer; (c) measures to allow Customer to backup and archive appropriately in order to restore availability and access to Customer Data in a timely manner in the event of a physical or technical incident; and (d) processes for regularly testing, assessing and evaluating the effectiveness of the technical and organisational measures implemented by Customer.

Security of Data Processing. MicroStrategy has implemented and will maintain appropriate technical and organizational measures, including, as appropriate, a) security of the MicroStrategy network; b) physical security of the facilities; c) measures to control access rights for MicroStrategy employees and contractors in relation to the MicroStrategy network; and d) processes for regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures implemented by MicroStrategy. You may elect to implement appropriate technical and organizational measures in relation to Customer Data, directly from our Sub- Processor. Such appropriate technical and organizational measures include: a) pseudonymisation and encryption to ensure an appropriate level of security; b) measures to ensure the ongoing confidentiality, integrity, availability, and resilience of the processing systems and services provided by you to third parties; c) measures to allow you to backup and archive appropriately to restore availability and access to Customer Data in a timely manner in the event of a physical or technical incident; and d) processes for regularly testing, assessing, and evaluating the effectiveness of the technical and organizational measures implemented by you.

Security of Data Processing. 5.1 AWS has implemented and will maintain the technical and organizational measures for the AWS Network as described in the Security Standards and this Section. In particular, AWS has implemented and will maintain the following technical and organizational measures: (a) security of the AWS Network as set out in Section 1.1 of the Security Standards; (b) physical security of the facilities as set out in Section 1.2 of the Security Standards; (c) measures to control access rights for authorized personnel to the AWS Network as set out in Section 1.3 of the Security Standards; and (d) processes for regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures implemented by AWS as described in Section 2 of the Security Standards. 5.2 Customer can elect to implement technical and organizational measures to protect Customer Data. Such technical and organizational measures include the following which can be obtained by Customer from AWS as described in the Documentation, or directly from a third-party supplier: (a) pseudonymization and encryption to ensure an appropriate level of security; (b) measures to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services that are operated by Customer; measures to allow Customer to backup and archive appropriately in order to restore availability and access to Customer Data in a timely manner in the event of a physical or technical incident; and (c) processes for regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures implemented by Customer.

Security of Data Processing. 8.1. Scaleway undertakes to implement appropriate technical and organizational measures to guarantee the security of Personal Data, notably to protect them from a security breach leading, accidentally or unlawfully, to destruction, loss, alteration, disclosure or unauthorized access (hereinafter the “Personal Data Breach”), in particular by implementing the following measures (more details available on Scaleway’s Website): 8.1.1. Secured critical data storage; 8.1.2. measures to guarantee the confidentiality, integrity, availability and resilience of processing systems and services; 8.1.3. procedure for regular testing, analysis and evaluation of the effectiveness of the technical and organizational measures; 8.1.4. measures to ensure the physical security of places where Personal Data is processed; 8.1.5. measures to ensure event logging; 8.1.6. information systems security management measures; 8.1.7. certification measures; 8.1.8. user authentication; 8.1.9. measures enabling data to be updated by the Client; 8.1.10. measures ensuring data minimization; 8.1.11. measures to ensure compliance with the principle of data protection by design and by default; 8.1.12. measures ensuring limited data retention; 8.1.13. measures to raise staff awareness regarding security and data protection; 8.1.14. measures allowing the Client to exercise its rights (in particular its right of access, rectification, deletion or even data portability). 8.2. These technical and organizational measures (▇▇▇) are detailed on the dedicated page of the Scaleway website. 8.3. In accordance with article 8.3 of the General Terms and Conditions, the Client is responsible for the risks inherent to the Services and software and must ensure it has implemented adequate Security Measures with regard to such risks (in particular backup measures, retention period, access control policy, encryption of data). 8.4. The Client remains solely responsible for the adequacy of the subscribed Services with the activities it carries out through said Services and with the regulations applicable to these activities. This also includes its Content, to which Scaleway doesn’t access.

Security of Data Processing. MicroStrategy has implemented and will maintain appropriate technical and organizational measures, including, as appropriate: a) security of the MicroStrategy network; b) physical security of the facilities; c) measures to control access rights for MicroStrategy employees and contractors in relation to the MicroStrategy network; and d) processes for regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures implemented by MicroStrategy.

Security of Data Processing. 7.1. Without derogating from the foregoing, Ermetic has implemented and will maintain the technical and organizational security measures for the User Data as described in Ermetic Security Standards attached as Appendix 2 to this DPA.

Security of Data Processing. The technical and organizational security measures implemented by Coalfire, include, as appropriate, the measures referred to in Article 32(1) of the GDPR.

Security of Data Processing. 4.1. Each Party shall implement and maintain (in accordance with Article 32 of the UK GDPR appropriate technical and organisational measures, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances and purpose of the processing, as well as the different probability of occurrence and the severity of the risk of the rights and freedoms of the persons concerned in order to ensure a level of protection appropriate to such risk. Such measures will include, but shall not be limited to: 4.1.1. the pseudonymisation and encryption of Personal Data, where appropriate; 4.1.2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of relevant Processing systems and services; 4.1.3. the ability to restore the availability and access to the Personal Data in a timely manner in the event of a physical or technical incident, including a Personal Data Breach; 4.1.4. a process for regularly testing, assessing and evaluating the effectiveness of the technical and organisational measures in order to ensure the security of the Processing of Personal Data.

Security of Data Processing. 10.1 Article 32 GDPR stipulates that, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the data controller and data processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. 10.2 The data controller shall evaluate the risks to the rights and freedoms of natural persons inherent in the processing and implement measures to mitigate those risks. Depending on their relevance, the measures may include the following: a. Pseudonymisation and encryption of personal data; b. the ability to ensure ongoing confidentiality, integrity, availability and resilience of processing systems and services; c. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; d. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. 10.3 According to Article 32 GDPR, the data processor shall also – independently from the data controller 10.4 Furthermore, the data processor shall assist the data controller in ensuring compliance with the data controller’s obligations pursuant to Articles 32 GDPR, by inter alia providing the data controller with information concerning the technical and organisational measures already implemented by the data processor pursuant to Article 32 GDPR along with all other information necessary for the data controller to comply with the data controller’s obligation under Article 32 GDPR. 10.5 If subsequently – in the assessment of the data controller – mitigation of the identified risks require further measures to be implemented by the data processor, than those already implemented by the data processor pursuant to Article 32 GDPR, if applicable the data controller shall specify these additional measures to be implemented in Appendix C. 10.6 IRIS Connect’s Security Measures, Controls and Assistance.