TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA. EXPLANATORY NOTE:

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA. Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons For transfers to (sub-) processors, also describe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter.

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA. Description of the technical and organizational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. Data Encryption at rest (standard is Self-Encrypting Drives at AES256) Data Encryption in transit as access is using HTTPS and TLS 1.2, connection via HTTP is not permitted. Option is site to site VPN using AES 256. Backups are encrypted using AES 256 Access to cryptographic keys is only by authorized eGain data custodians who undertake training and sign additional rules of behavior. Data Pattern Masking (requirements configured by the controller) ensures data such as credit cards if not required are not captured (agents also do not see any masked information), this is irreversible. A Customer Data Protection Portal that allows the customer to meet the data subjects’ rights such as erasure (right to be forgotten), copy of the data in an electronic industrial recognized format for portability. Controller can ensure integrity/accuracy of the personal data using the eGain Services Administration Console Robust DR/BC and restore capability to ensure that the data is available as required by the controller (options for customer on the level required) Internal and external vulnerability checks on a bi-weekly basis IPS/IDS in place Multi-zonal environment with access to only adjacent zones by approved devices on approved ports Default setting of ‘deny all’ for rules Access Control lists in place Option to IP whitelist to known IP address Internal multifactor authentication in use Option for Controller to use single sign on Technical system segregation (i.e. test and dev are separate to the production environment) A Security Information and Event Management (SIEM) system in place for access and event monitoring and early detection of incidents Automation or support and maintenance is in place to reduce the requirement for system and data access by employees as much as possible Erasure of all data at contract termination to NIST 800 88 r1 standards and certificate of destruction supplied Organizational Controls in place include: Contractual clauses in place that meet the data protection requirements between controller / processor including EU Standard Contractual Clauses and Data Protection requirements covering GDPR Article 28 and Article 46 requirement...

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA. Information Security Program: 1) Data Center and Network Security:

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA. Surecomp utilizes Amazon Web Services (“Cloud Provider”) and relies to a great extent on the technical security measures adopted by Cloud Provider. In addition to the security measures adopted by Cloud Provider, and to the extent data processing activities occur outside the Cloud provider system, Surecomp has implemented the following technical and organizational measures to ensure the security of Client Personal Data:

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA. EXPLANATORY NOTE: The technical and organisational measures must be described in specific (and not generic) terms. See also the general comment on the first page of the Appendix, in particular on the need to clearly indicate which measures apply to each transfer/set of transfers. See Exhibit A to the MSA

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA. MODULE ONE: Transfer controller to controller

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA. Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. For transfers to (sub-) processors, alsodescribe the specific technical and organisational measures to be taken by the (sub -) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter INTERNATIONAL DATA TRANSFER ADDENDUM TO THE EU COMMISSION STANDARD CONTRACTUAL CLAUSES VERSION B1.0, in force 21 March 2022

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA Sample Clauses

Filter & Search

Related Clauses

Parent Clauses

Sub-Clauses