TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND. ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA XXXXXX XXXXXX.XXX™ PATIENT CARE NETWORK MEASURES Accreditations/Certifications 1. ISO 27001: Abbott and Xxxxxx.xxx is certified with the Information Security Management standard ISO/IEC 27001:2013. The ISO certification recognizes that Xxxxxx.xxx has established processes and standards that maintain the required levels of confidentiality, integrity and availability for customers. A current copy of the ISO certification for Xxxxxx.xxx is available upon request.
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND. ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA EXPLANATORY NOTE: The technical and organisational measures must be described in specific (and not generic) terms. See also the general comment on the first page of the Appendix, in particular on the need to clearly indicate which measures apply to each transfer/set of transfers. Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. If you have enquiries about the British Council possible measure for this Agreement, then please contact the British Council’s Information Governance & Risk Management Team (XxxxXxxxxxxxxx@xxxxxxxxxxxxxx.xxx) for further guidance - Delete this paragraph before finalising and signing the Agreement [Examples of possible measures: Measures of pseudonymisation and encryption of personal data Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing Measures for user identification and authorisation Measures for the protection of data during transmission Measures for the protection of data during storage Measures for ensuring physical security of locations at which personal data are processed Measures for ensuring events logging Measures for ensuring system configuration, including default configuration Measures for internal IT and IT security governance and management Measures for certification/assurance of processes and products Measures for ensuring data minimisation Measures for ensuring data quality Measures for ensuring limited data retention Measures for ensuring accountability Measures for allowing data portability and ensuring erasure] For transfers to (sub-) processors, also describe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter ………………………..
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND. ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. The technical and organizational measures (including any certifications held by the data importer) as well as the scope and the extent of the assistance required to respond to data subjects’ requests, are described in Attachment 2 the DPA. For transfers to (sub-) processors, also describe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter The technical and organisational measures that the data importer will impose on sub-processors are described in the DPA.
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND. ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND. ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. Technical Measures Technical Measures to Ensure Security of Processing
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND. ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons The technical and organizational measures (including end-to-end strong encryption on all data sent to the data importer, and certifications held by cloud service provider for physical and network security) as well as the scope and the extent of the assistance required to respond to data subjects’ requests, are described in the Addendum. For transfers to (sub-) processors, also describe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter. The technical and organisational measures that the data importer will impose on sub- processors are described in the Addendum. ANNEX III
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND. ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA The Airship Security Measures in this Annex describe the technical and organisational measures Airship implemented to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. The Standard Contractual Clauses implemented by European Commission’s Implementing Decision (EU) 2021/914 of 4 June 2021 include the examples of possible technical and organizational measures below with the corresponding Airship Security Measures mapped alongside each example for reference:
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND. ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA runZero is committed to implementing appropriate technical and organizational security measures to meet its obligations. runZero has internally documented policies and controls designed to ensure the security of customer and internal data. These policies refer to all data collected from employees, candidates, users, customers, vendors, or other parties that provide information to us. runZero employees must follow these policies. Contractors, consultants, partners and any other external entities are also covered. Generally, these policies include anyone we collaborate with or who acts on our behalf and may need access to data. To help comply with these policies and controls, we will: • Classify all data and apply appropriate controls for each level • Employ encryption of all customer data in transit and at rest to minimum industry standards • Perform periodic reviews of all our security policies and controls • Schedule annual penetration tests of the platform and remediate appropriately • Perform annualized security training for all runZero employees • Utilize centralized monitoring and logging of all runZero production systems ANNEX III
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND. ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context, and purpose of the processing, and the risks for the rights and freedoms of natural persons. Technical controls in place include: • Data encryption at rest (standard is Self-Encrypting Drives at AES256) • Data encryption in transit as access is using HTTPS and TLS 1.2, connection via HTTP is not permitted. Option is site to site VPN using AES 256. • Backups are encrypted using AES 256 • Access to cryptographic keys is only by authorized eGain data custodians who undertake training and sign additional rules of behavior • Data pattern masking (requirements configured by the Controller) ensures data not required, such as credit cards, are not captured (agents also do not see any masked information); this masking is irreversible. • A customer data protection portal that allows the Customer to meet the obligations of Data Subjects’ rights such as erasure (right to be forgotten) and obtain a copy of the data in an electronic industry-recognized format for portability. • Controller can ensure integrity/accuracy of the personal data using the eGain Services Administration Console • Robust DR/BC and restore capability to ensure that the data is available as required by the Controller (options for Customer on the level required) • Internal and external vulnerability checks on a bi-weekly basis • IPS/IDS in place • Multi-zonal environment with access to only adjacent zones by approved devices on approved ports • Default setting of ‘deny all’ for rules • Access Control lists in place • Option to IP whitelist to known IP address • Internal multifactor authentication in use • Option for Controller to use single sign-on • Technical system segregation (i.e. test and dev are separate to the production environment) • A security information and event management (SIEM) system in place for access and event monitoring and early detection of incidents • Automation or support and maintenance is in place to reduce the requirement for system and data access by employees as much as possible • Erasure of all data at contract termination to NIST 800 88 r1 standards and certificate of destruction supplied Organisational Controls in place include: • Contracted availability requirement between Controller and ...
