Security of Data Processing. 5.1 AWS has implemented and will maintain the technical and organisational measures for the AWS Network as described in the AWS Security Standards and this Section. In particular, AWS has implemented and will maintain the following technical and organisational measures:
(a) security of the AWS Network as set out in Section 1.1 of the AWS Security Standards;
(b) physical security of the facilities as set out in Section 1.2 of the AWS Security Standards;
(c) measures to control access rights for AWS employees and contractors in relation to the AWS Network as set out in Section 1.1 of the AWS Security Standards; and
(d) processes for regularly testing, assessing and evaluating the effectiveness of the technical and organisational measures implemented by AWS as described in Section 2 of the AWS Security Standards.
5.2 Customer may elect to implement technical and organisational measures in relation to Customer Data. Such technical and organisational measures include the following which may be obtained by Customer from AWS as described in the Documentation, or directly from a third party supplier:
(a) pseudonymisation and encryption to ensure an appropriate level of security;
(b) measures to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services that are being operated by Customer;
(c) measures to allow Customer to backup and archive appropriately in order to restore availability and access to Customer Data in a timely manner in the event of a physical or technical incident; and
(d) processes for regularly testing, assessing and evaluating the effectiveness of the technical and organisational measures implemented by Customer.
Security of Data Processing. MicroStrategy has implemented and will maintain appropriate technical and organizational measures, including, as appropriate,
a) security of the MicroStrategy network;
b) physical security of the facilities;
c) measures to control access rights for MicroStrategy employees and contractors in relation to the MicroStrategy network; and
d) processes for regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures implemented by MicroStrategy. You may elect to implement appropriate technical and organizational measures in relation to Customer Data, directly from our Sub- Processor. Such appropriate technical and organizational measures include:
a) pseudonymisation and encryption to ensure an appropriate level of security;
b) measures to ensure the ongoing confidentiality, integrity, availability, and resilience of the processing systems and services provided by you to third parties;
c) measures to allow you to backup and archive appropriately to restore availability and access to Customer Data in a timely manner in the event of a physical or technical incident; and
d) processes for regularly testing, assessing, and evaluating the effectiveness of the technical and organizational measures implemented by you.
Security of Data Processing. 5.1 AWS has implemented and will maintain the technical and organizational measures for the AWS Network as described in the Security Standards and this Section. In particular, AWS has implemented and will maintain the following technical and organizational measures:
(a) security of the AWS Network as set out in Section 1.1 of the Security Standards;
(b) physical security of the facilities as set out in Section 1.2 of the Security Standards;
(c) measures to control access rights for authorized personnel to the AWS Network as set out in Section 1.3 of the Security Standards; and
(d) processes for regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures implemented by AWS as described in Section 2 of the Security Standards.
5.2 Customer can elect to implement technical and organizational measures to protect Customer Data. Such technical and organizational measures include the following which can be obtained by Customer from AWS as described in the Documentation, or directly from a third-party supplier:
(a) pseudonymization and encryption to ensure an appropriate level of security;
(b) measures to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services that are operated by Customer; measures to allow Customer to backup and archive appropriately in order to restore availability and access to Customer Data in a timely manner in the event of a physical or technical incident; and
(c) processes for regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures implemented by Customer.
Security of Data Processing. Lative shall implement and maintain technical and organizational measures for the protection of the security, confidentiality and integrity of Personal Data, including protection against unauthorized or unlawful processing, accidental or unlawful destruction, loss or alteration or damage, and unauthorized disclosure or access, in accordance with the Lative Security Standards and including, as appropriate:
3.8.1 the pseudonymisation and encryption of Customer Data;
3.8.2 the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and Lative Services;
3.8.3 the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
3.8.4 a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. Lative will not materially decrease the overall security of the Lative Services during an Agreement term.
Security of Data Processing. 10.1 Article 32 GDPR stipulates that, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the data controller and data processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
10.2 The data controller shall evaluate the risks to the rights and freedoms of natural persons inherent in the processing and implement measures to mitigate those risks. Depending on their relevance, the measures may include the following:
a. Pseudonymisation and encryption of personal data;
b. the ability to ensure ongoing confidentiality, integrity, availability and resilience of processing systems and services;
c. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
d. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
10.3 According to Article 32 GDPR, the data processor shall also – independently from the data controller
10.4 Furthermore, the data processor shall assist the data controller in ensuring compliance with the data controller’s obligations pursuant to Articles 32 GDPR, by inter alia providing the data controller with information concerning the technical and organisational measures already implemented by the data processor pursuant to Article 32 GDPR along with all other information necessary for the data controller to comply with the data controller’s obligation under Article 32 GDPR.
10.5 If subsequently – in the assessment of the data controller – mitigation of the identified risks require further measures to be implemented by the data processor, than those already implemented by the data processor pursuant to Article 32 GDPR, if applicable the data controller shall specify these additional measures to be implemented in Appendix C.
10.6 IRIS Connect’s Security Measures, Controls and Assistance.
Security of Data Processing. 4.1. Each Party shall implement and maintain (in accordance with Article 32 of the UK GDPR appropriate technical and organisational measures, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances and purpose of the processing, as well as the different probability of occurrence and the severity of the risk of the rights and freedoms of the persons concerned in order to ensure a level of protection appropriate to such risk. Such measures will include, but shall not be limited to:
4.1.1. the pseudonymisation and encryption of Personal Data, where appropriate;
4.1.2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of relevant Processing systems and services;
4.1.3. the ability to restore the availability and access to the Personal Data in a timely manner in the event of a physical or technical incident, including a Personal Data Breach;
4.1.4. a process for regularly testing, assessing and evaluating the effectiveness of the technical and organisational measures in order to ensure the security of the Processing of Personal Data.
Security of Data Processing. 5.1. MBBM VAS has implemented and will maintain the technical and organisational measures for the MBBM VAS Network as described in the MBBM VAS Security Standards and this Section. In particular, MBBM VAS has implemented and will maintain the following technical and organisational measures:
5.1.1. security of the MBBM VAS Network as set out in Section 1.1 of the MBBM VAS Security Standards;
5.1.2. physical security of the facilities as set out in Section 1.2 of the MBBM VAS Security Standards;
5.1.3. measures to control access rights for MBBM VAS employees and contractors to the MBBM VAS Network as set out in Section 1.1 of the MBBM VAS Security Standards; and
5.1.4. processes for regularly testing, assessing and evaluating the effectiveness of the technical and organisational measures implemented by MBBM as described in Section 2 of the MBBM VAS Security Standards.
Security of Data Processing. 7.1. Without derogating from the foregoing, Ermetic has implemented and will maintain the technical and organizational security measures for the User Data as described in Ermetic Security Standards attached as Appendix 2 to this DPA.
Security of Data Processing. MicroStrategy has implemented and will maintain appropriate technical and organizational measures, including, as appropriate:
a) security of the MicroStrategy network;
b) physical security of the facilities;
c) measures to control access rights for MicroStrategy employees and contractors in relation to the MicroStrategy network; and
d) processes for regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures implemented by MicroStrategy.
Security of Data Processing. 6.1. ZEIT has implemented and will maintain appropriate technical and organizational measures for the ZEIT Network as described in this Section. In particular, ZEIT has implemented and will maintain the following technical and organizational measures:
a. security of the ZEIT Network as set out in the ZEIT Security Standards;
b. physical security of the facilities as set out in the ZEIT Security Standards;
c. measures to control access rights for ZEIT employees and contractors in relation to the ZEIT Network as set out in the ZEIT Security Standards; and
d. processes for regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures implemented by ZEIT as described in the ZEIT Security Standards.
6.2. Customer may elect to implement technical and organizational measures in relation to Customer Data. Such technical and organizational measures include the following which may be obtained by Customer from ZEIT, or directly from a third party supplier:
a. pseudonymization and encryption to ensure an appropriate level of security;
b. measures to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services that are being operated by Customer;
c. measures to allow Customer to backup and archive appropriately in order to restore availability and access to Customer Data in a timely manner in the event of a physical or technical incident; and
d. processes for regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures implemented by Customer.