Security of Data a. Each of the parties shall:
Security of Premises 6A.5 The Customer shall be responsible for maintaining the security of the Premises in accordance with its standard security requirements. The Supplier shall comply with all reasonable security requirements of the Customer while on the Premises and shall ensure that the Supplier’s Staff comply with such requirements.
Security of processing (a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter ‘personal data breach’). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.
Security Requirements 11.1 The Supplier shall comply, and shall procure the compliance of the Suppliers Personnel, with the Security Policy and the Security Plan and the Supplier shall ensure that the Security Plan produced by the Supplier fully complies with the Security Policy.
Security and Validation Procedures The SC shall apply to the Meter Data of the SC Metered Entities that it represents, the security and validation procedures prescribed by the relevant Local Regulatory Authority. If the relevant Local Regulatory Authority has not prescribed any such procedures, the SC shall apply the procedures set forth in the Metering Protocol of the ISO Tariff. Meter Data submitted by an SC for SC Metered Entities shall conform to these standards unless the ISO has, at its discretion, exempted the SC from these standards.