Technical and Organisational Measures. (1) Before the commencement of processing, the Supplier shall document the execution of the necessary Technical and Organisational Measures, set out in advance of the awarding of the Order or Contract, specifically with regard to the detailed execution of the contract, and shall present these documented measures to the Client for inspection. Upon acceptance by the Client, the documented measures become the foundation of the contract. Insofar as the inspection/audit by the Client shows the need for amendments, such amendments shall be implemented by mutual agreement.
(2) The Supplier shall establish the security in accordance with Article 28 Paragraph 3 Point c, and Article 32 GDPR in particular in conjunction with Article 5 Paragraph 1, and Paragraph 2 GDPR. The measures to be taken are measures of data security and measures that guarantee a protection level appropriate to the risk concerning confidentiality, integrity, availability and resilience of the systems. The state of the art, implementation costs, the nature, scope and purposes of processing as well as the probability of occurrence and the severity of the risk to the rights and freedoms of natural persons within the meaning of Article 32 Paragraph 1 GDPR must be taken into account. [Details in Appendix 1]
(3) The Technical and Organisational Measures are subject to technical progress and further development. In this respect, it is permissible for the Supplier to implement alternative adequate measures. In so doing, the security level of the defined measures must not be reduced. Substantial changes must be documented.
Technical and Organisational Measures. 8.1 The information security regime implemented by the Provider shall be compliant with all relevant legislation, and shall conform to recognised Good Industry Practice.
8.2 Appropriate technical, security and organisational measures shall be taken by the Provider to safeguard against accidental or unlawful destruction, damage, loss, alteration, unauthorised disclosure of or access to, Personal Data.
8.3 The Provider shall apply organisational and technical controls such as network and system specific security, physical security, user access privileges, user passwords, including but not limited to the following to ensure that:
8.3.1 irrespective of whether Personal Data is at rest or in transit, the controls deployed are appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction or damage taking account of the nature and sensitivity of Personal Data;
8.3.2 physical measures provide effective protection for information, systems and services from unauthorised access, theft, interference or damage;
8.3.3 procedures are in place to identify and resolve software and system faults and failures, including the identification of malicious software;
8.3.4 access to Personal Data is role based for legitimate business purposes in accordance with the “need to know” principle and that user permissions are controlled and granted and removed in line with job responsibilities;
8.3.5 sufficiently complex password controls are implemented for all authorised personnel with role based access to Personal Data;
8.3.6 passwords, usernames and access codes are not disclosed to any other person (whether employed by the Provider or not) and that all passwords and security codes are kept securely;
8.3.7 remote access to the Providers’ secure network requires two factor authentication (something the user knows and a token they have);
8.3.8 where Personal Data is not stored solely on secure networks:
(i) only portable devices owned and controlled by the Provider are used to transport Personal Data and devices with built- in hard drives, deploy recognised industry standard encryption software;
(ii) only the minimum necessary Personal Data is transported on portable devices or in paper form
(iii) systems are in place to account for the movement of paper documents removed from and returned to the secure environment;
(iv) paper documents are kept secure and returned to the secure environment without delay and are not left in unatte...
Technical and Organisational Measures. The Supplier shall, taking into account the state of technical development and the nature of Processing, implement and maintain appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful Processing, destruction or accidental loss, alteration, or unauthorised disclosure of the Personal Data.
Technical and Organisational Measures. 4.1 The Supplier shall implement and maintain, at its cost and expense, appropriate technical and organisational measures in relation to the processing of Protected Data by the Supplier:
4.1.1 such that the processing will meet the requirements of Data Protection Laws and ensure the protection of the rights of Data Subjects;
4.1.2 so as to ensure a level of security in respect of Protected Data processed by it that is appropriate to the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed; and
4.1.3 without prejudice to clause 6.1, insofar as is possible, to assist the Charity in the fulfilment of the Charity’s obligations to respond to Data Subject Requests relating to Protected Data.
4.2 Without prejudice to clause 4.1, the Supplier shall, in respect of the Protected Data processed by it under this Agreement comply with the requirements regarding security of processing set out in Data Protection Laws (as applicable to Data Processors), all relevant Charity Policies and this Agreement.
Technical and Organisational Measures. Axis has implemented the technical and organisational measures set out in the Security Annex to ensure a level of security appropriate to the risks for rights and freedoms of natural persons posed by Axis’ processing operations. Data Controller hereby confirms and approves that the measures described in the Security Annex are appropriate for Axis’ processing of personal data under GDPR. Axis shall ensure that only persons that need access to personal data in order to fulfil their work tasks as part of the Services have access to personal data, and that such persons are subject to appropriate confidentiality undertakings.
Technical and Organisational Measures shall implement and maintain, at its cost and expense, the technical and organisational measures:
Technical and Organisational Measures. (1) The Contractor undertakes towards the Customer to comply with the technical and organisational measures required to comply with the applicable data protection regulations. This includes in particular the provisions of Art. 32
Technical and Organisational Measures. 1. Any Processing of Personal Data will take place on data processing systems for which commercially reasonable technical and organizational measures for protecting Personal Data have been implemented. ON24 will maintain reasonable and appropriate technical, physical, and administrative measures to protect Client Personal Data under its possession or control against unauthorized or unlawful Processing or accidental loss, destruction or damage, taking into account the harm that might result from unauthorized or unlawful processing or accidental loss, destruction or damage and the sensitivity of the Client Personal Data.
2. Security measures will be designedto:
(a) deny unauthorized persons access to data-processing equipment used for processing Personal Data (equipment access control);
(b) prevent the unauthorized reading, copying, modification or removal of media (data media control);
(c) prevent the unauthorized input of Personal Data and the unauthorized inspection, modification or deletion of stored Personal Data (storage control);
(d) prevent the use of automated data-processing systems by unauthorized persons using data communication equipment (user control);
(e) provide that persons authorized to use an automated data-processing system only have access to the Personal Data covered by their access authorization (data access control);
(f) enable ON24 to verify and establish to which individuals Client Personal Data have been or may be transmitted or made available using data communication equipment (communication control);
(g) enable identification of which Client Personal Data have been put into automated data-processing systems and when and by whom the input was made (input control);
(h) prevent the unauthorized reading, copying, modification or deletion of Client Personal Data during transfers of those data or during transportation of storage media (transport control);
(i) include commercially reasonable disaster recovery procedures to provide for the continuation of services under the Agreement and backup of Client Personal Data; and
(j) include appropriate technical security solutions are implemented and managed to protect the confidentiality, integrity and availability of Client Personal Data.
3. Where appropriate, data will be encrypted in transmission and at rest, using industry-standard cryptographic techniques and secure management of keys.
4. ON24 will take reasonable steps to ensure the reliability of its employees and other personnel havin...
Technical and Organisational Measures. Data importer will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Personal Data uploaded to the Services, as described in the Security Documentation applicable to the specific Services purchased by data exporter, and accessible as made reasonably available by data importer. Data Importer will not materially decrease the overall security of the Services during a subscription term. Data Subject Requests shall be handled in accordance with section 3 of the DPA.
Technical and Organisational Measures. 4.1 The Processor must implement and maintain appropriate technical and organisational security measures ("TOMs") in accordance with the Schedule to prevent Personal Data Breaches and to be able to provide the support described in section 5.
4.2 The TOMs are subject to technical progress and further development. The Processor reserves the right to change the security measures taken.
