TECHNICAL AND ORGANIZATION SECURITY MEASURES Sample Clauses

TECHNICAL AND ORGANIZATION SECURITY MEASURES. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall in relation to company name controller Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk. In assessing the appropriate level of security, the Processor shall take account in particular of the risks that are presented by processing, in particular from a Personal Data Breach. The Processor shall take appropriate technical and organizational security measures to protect Personal Data against accidental loss or damage and unauthorized access, use, disclosure, alteration or destruction and to ensure the confidentiality, security, integrity, and availability of Personal Data. Measures to be undertaken by the Processor shall include: The measures to securely dispose of Personal Data taking into account available technology so that such information cannot be practicably read or reconstructed Limiting access to Personal Data to Processor personnel: Processor has taken reasonable steps to ensure the reliability of Processor personnel who are granted the minimum access level(s) to the Personal Data that are necessary to carry out their job role in performance of Processor’s obligations; have been trained in the proper handling of Personal Data; are subject to written obligations of confidentiality in respect of Personal Data and only process Personal Data in accordance with the given instructions Implementing logging and auditing techniques for access to the personal data Processor processes on behalf of the company name controller Encryption of all personal Data processed on behalf of the company name controller where such processing takes place using laptops or other electronic portable devices Use of encryption of personal data as appropriate taking into account the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss alteration, unauthorized disclosure of, or access to personal data. The processor must have policies and procedures based on the ISO27001 framework. Processor shall regularly test, assess and evaluate the effectiveness of the technical and organizational security measures Processor has implemented. Upon company name controller written request, Processor shall provide company name ...
Sample 1
AutoNDA by SimpleDocs
TECHNICAL AND ORGANIZATION SECURITY MEASURES. This Appendix describes the technical and organizational security measures and procedures that Trimble shall, as a minimum, maintain to protect the security of personal data created, collected, received, or otherwise obtained. Trimble will keep documentation of technical and organizational measures identified below to facilitate audits and for the conservation of evidence. Trimble will conduct periodic reviews of its security practices and evaluate the adequacy of its measures and reserves the right to modify the standards set forth below. In addition Trimble has been granted the ISO 27001-certificate, that can be found under this link: xxxxx://xxx.xxxxxxxxx.xxx/certificate-directory?certificateNumber=1650760-4 Trimble implements suitable measures in order to prevent unauthorized persons from gaining access to the data processing equipment where the personal data are processed or used. This is accomplished by: - establishing security areas; 24 hours security service provided by property owner; - protection and restriction of access paths; - securing the data processing equipment; - establishing access authorizations for staff and third parties, including the respective documentation; - regulations on card-keys; - restriction on card-keys; - all access to the data centre where personal data are hosted is logged, monitored, and tracked; and - the data centre where personal data are hosted is secured by a security alarm system, and other appropriate security measures. Trimble implements suitable measures to prevent its data processing systems from being used by unauthorized persons. This is accomplished by: - identification of the terminal and/or the terminal user to Trimble systems; - automatic time-out of user terminal if left idle, identification and password required to reopen; - automatic turn-off of the user ID when several erroneous passwords are entered, log file of events (monitoring of break-in-attempts); - issuing and safeguarding of identification codes; - dedication of individual terminals and/or terminal users, identification characteristics exclusive to specific functions; - staff policies in respect of each staff access rights to personal data (if any), informing staff about their obligations and the consequences of any violations of such obligations, to ensure that staff will only access personal data and resources required to perform their job duties and training of staff on applicable privacy duties and liabilities; - all access to data con...
Sample 1
TECHNICAL AND ORGANIZATION SECURITY MEASURES. Introduction
Sample 1
TECHNICAL AND ORGANIZATION SECURITY MEASURES. This Appendix describes the technical and organizational security measures and procedures that the Data Processor shall, as a minimum, maintain to protect the security of personal data created, collected, received, or otherwise obtained. Data Processor will keep documentation of technical and organizational measures identified below to facilitate audits and for the conservation of evidence. All communication with Trimble Quadri occurs over HTTPS, ensuring communication is encrypted. with TLS (SSL). All customer data is stored for high-availability and durability. Data generated within Trimble Xxxxxx is stored in secure databases which are backed-up daily. The Trimble Quadri application security model prevents customer data cross-over and ensures complete customer data segregation and privacy.
Sample 1

Related to TECHNICAL AND ORGANIZATION SECURITY MEASURES

  • Technical and Organizational Measures The following sections define SAP’s current technical and organizational measures. SAP may change these at any time without notice so long as it maintains a comparable or better level of security. Individual measures may be replaced by new measures that serve the same purpose without diminishing the security level protecting Personal Data.

  • Technical and Organisational Measures (1) Before the commencement of processing, the Supplier shall document the execution of the necessary Technical and Organisational Measures, set out in advance of the awarding of the Order or Contract, specifically with regard to the detailed execution of the contract, and shall present these documented measures to the Client for inspection. Upon acceptance by the Client, the documented measures become the foundation of the contract. Insofar as the inspection/audit by the Client shows the need for amendments, such amendments shall be implemented by mutual agreement. (2) The Supplier shall establish the security in accordance with Article 28 Paragraph 3 Point c, and Article 32 GDPR in particular in conjunction with Article 5 Paragraph 1, and Paragraph 2 GDPR. The measures to be taken are measures of data security and measures that guarantee a protection level appropriate to the risk concerning confidentiality, integrity, availability and resilience of the systems. The state of the art, implementation costs, the nature, scope and purposes of processing as well as the probability of occurrence and the severity of the risk to the rights and freedoms of natural persons within the meaning of Article 32 Paragraph 1 GDPR must be taken into account. [Details in Appendix 1] (3) The Technical and Organisational Measures are subject to technical progress and further development. In this respect, it is permissible for the Supplier to implement alternative adequate measures. In so doing, the security level of the defined measures must not be reduced. Substantial changes must be documented.

  • Security Measures Lessee hereby acknowledges that the rental payable to Lessor hereunder does not include the cost of guard service or other security measures, and that Lessor shall have no obligation whatsoever to provide same. Lessee assumes all responsibility for the protection of the Premises, Lessee, its agents and invitees and their property from the acts of third parties.

  • Certification Regarding Business with Certain Countries and Organizations Pursuant to Subchapter F, Chapter 2252, Texas Government Code, PROVIDER certifies it is not engaged in business with Iran, Sudan, or a foreign terrorist organization. PROVIDER acknowledges this Purchase Order may be terminated if this certification is or becomes inaccurate.

  • Safety Measures Awarded vendor shall take all reasonable precautions for the safety of employees on the worksite, and shall erect and properly maintain all necessary safeguards for protection of workers and the public. Awarded vendor shall post warning signs against all hazards created by the operation and work in progress. Proper precautions shall be taken pursuant to state law and standard practices to protect workers, general public and existing structures from injury or damage.

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks. (2) The Information Security Program shall require encryption of any Personal Information in electronic format while in transit or in storage, and enhanced controls and standards for transport and disposal of physical media containing Personal Information. DTI shall, and shall require its agents, contractors and subcontractors who access or use Personal Information or Confidential Information to, regularly test key controls, systems and procedures relating to the Information Security Program ("ISP Tests"). DTI shall advise the Funds of any material issues identified in the ISP Tests potentially affecting the Information Security Program. (3) DTI shall comply with its Information Security Program.

  • Security Safeguards Contractor shall store and process District Data in accordance with commercial best practices, including implementing appropriate administrative, physical, and technical safeguards that are no less rigorous than those outlined in SANS Top 20 Security Controls, as amended, to secure such data from unauthorized access, disclosure, alteration, and use. Contractor shall ensure that all such safeguards, including the manner in which District Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with all applicable federal and state data protection and privacy laws, regulations and directives, including without limitation C.R.S. § 00-00-000 et seq., as well as the terms and conditions of this Addendum. Without limiting the foregoing, and unless expressly agreed to the contrary in writing, Contractor warrants that all electronic District Data will be encrypted in transmission and at rest in accordance with NIST Special Publication 800-57, as amended.

  • Contractor and Employee Security Precautions The security aspects of working at the Correctional Facility are critical. The following security precautions are part of the site conditions and are a part of this Contract. All persons coming on the site in any way connected with this Work shall be made aware of them, and it is the (General) Contractor’s responsibility to check and enforce them.

  • SERVICE MONITORING, ANALYSES AND ORACLE SOFTWARE 11.1 We continuously monitor the Services to facilitate Oracle’s operation of the Services; to help resolve Your service requests; to detect and address threats to the functionality, security, integrity, and availability of the Services as well as any content, data, or applications in the Services; and to detect and address illegal acts or violations of the Acceptable Use Policy. Oracle monitoring tools do not collect or store any of Your Content residing in the Services, except as needed for such purposes. Oracle does not monitor, and does not address issues with, non-Oracle software provided by You or any of Your Users that is stored in, or run on or through, the Services. Information collected by Oracle monitoring tools (excluding Your Content) may also be used to assist in managing Oracle’s product and service portfolio, to help Oracle address deficiencies in its product and service offerings, and for license management purposes. 11.2 We may (i) compile statistical and other information related to the performance, operation and use of the Services, and (ii) use data from the Services in aggregated form for security and operations management, to create statistical analyses, and for research and development purposes (clauses i and ii are collectively referred to as “Service Analyses”). We may make Service Analyses publicly available; however, Service Analyses will not incorporate Your Content, Personal Data or Confidential Information in a form that could serve to identify You or any individual. We retain all intellectual property rights in Service Analyses. 11.3 We may provide You with the ability to obtain certain Oracle Software (as defined below) for use with the Services. If we provide Oracle Software to You and do not specify separate terms for such software, then such Oracle Software is provided as part of the Services and You have the non-exclusive, worldwide, limited right to use such Oracle Software, subject to the terms of this Agreement and Your order (except for separately licensed elements of the Oracle Software, which separately licensed elements are governed by the applicable separate terms), solely to facilitate Your use of the Services. You may allow Your Users to use the Oracle Software for this purpose, and You are responsible for their compliance with the license terms. Your right to use any Oracle Software will terminate upon the earlier of our notice (by web posting or otherwise) or the end of the Services associated with the Oracle Software. Notwithstanding the foregoing, if Oracle Software is licensed to You under separate terms, then Your use of such software is governed by the separate terms. Your right to use any part of the Oracle Software that is licensed under the separate terms is not restricted in any way by this Agreement.

  • Technical Safeguards 1. USAC and DSS will process the data matched and any data created by the match under the immediate supervision and control of authorized personnel to protect the confidentiality of the data, so unauthorized persons cannot retrieve any data by computer, remote terminal, or other means. 2. USAC and DSS will strictly limit authorization to these electronic data areas necessary for the authorized user to perform their official duties. All data in transit will be encrypted using algorithms that meet the requirements of the Federal Information Processing Standard (FIPS) Publication 140-2 or 140-3 (when applicable). 3. Authorized system users will be identified by User ID and password, and individually tracked to safeguard against the unauthorized access and use of the system. System logs of all user actions will be saved, tracked and monitored periodically. 4. USAC will transmit data to DSS via encrypted secure file delivery system. For each request, a response will be sent back to USAC to indicate success or failure of transmission.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!