Data Access Control. Persons entitled to use data processing systems gain access only to the Personal Data that they have a right to access, and Personal Data must not be read, copied, modified or removed without authorization in the course of processing, use and storage. Measures: • As part of the SAP Security Policy, Personal Data requires at least the same protection level as “confidential” information according to the SAP Information Classification standard. • Access to Personal Data is granted on a need-to-know basis. Personnel have access to the information that they require in order to fulfill their duty. SAP uses authorization concepts that document grant processes and assigned roles per account (user ID). All Customer Data is protected in accordance with the SAP Security Policy. • All production servers are operated in the Data Centers or in secure server rooms. Security measures that protect applications processing Personal Data are regularly checked. To this end, SAP conducts internal and external security checks and penetration tests on its IT systems. • SAP does not allow the installation of software that has not been approved by SAP. • An SAP security standard governs how data and data carriers are deleted or destroyed once they are no longer required.
Data Access Control. Persons entitled to use data processing systems gain access only to the Personal Data that they have a right to access, and Personal Data must not be read, copied, modified or removed without authorization in the course of processing, use and storage.
Data Access Control. As part of the SAP Security Policy, Personal Data requires at least the same protection level as “confidential” information according to the SAP Information Classification standard. • Access to Personal Data is granted on a need-to-know basis. Personnel have access to the information that they require in order to fulfil their duty. SAP uses authorization concepts that document grant processes and assigned roles per account (user ID). All Customer Data is protected in accordance with the SAP Security Policy. • All production servers are operated in the Data Centers or in secure server rooms. Security measures that protect applications processing Personal Data are regularly checked. To this end, SAP conducts internal and external security checks and/or penetration tests on its IT systems. • Processes and policies to detect the installation of unapproved software on production systems. • An SAP security standard governs how data and data carriers are deleted or destroyed once they are no longer required.
Data Access Control. Persons entitled to use data processing systems gain access only to the Personal Data that they have a right to access, and Personal Data must not be read, copied, modified or removed without authorization in the course of processing, use and storage. 데이터 액세스 제어. 데이터 처리 시스템을 사용할 권한이 있는 사람은 액세스할 권한이 있는 개인 정보에 대한 액세스만 얻으며, 처리, 사용, 저장하는 중에 권한 없이 개인 정보를 읽거나 복사하거나 수정하거나 제거할 수 없습니다. Measures: 조치: • As part of the SAP Security Policy, Personal Data requires at least the same protection level as “confidential” information according to the SAP Information Classification standard. SAP 보안 정책의 일환으로, 개인 정보는 SAP 정보 등급 표준에 따른 "비밀" 정보와 최소 동일한 수준의 보호가 요구됩니다. • Access to Personal Data is granted on a need-to-know basis. Personnel have access to the information that they require in order to fulfill their duty. SAP uses authorization concepts that document grant processes and assigned roles per account (user ID). All Customer Data is protected in accordance with the SAP Security Policy. 개인 정보에 대한 액세스 권한은 알아야 할 필요가 있는 경우에만 부여됩니다. 인력은 업무 완수를 위해 필요한 정보에 대해 액세스 권한을 갖게 됩니다. SAP 는 부여 과정 및 각 계정(사용자 ID)에 대해 배정된 역할을 문서화하는 권한 부여 개념을 사용합니다. 모든 고객 정보는 SAP 보안 정책에 따라 보호됩니다. • All production servers are operated in the Data Centers or in secure server rooms. Security measures that protect applications processing Personal Data are regularly checked. To this end, SAP conducts internal and external security checks and penetration tests on its IT systems. 모든 운영 서버는 데이터 센터 또는 안전한 서버실 내에서 가동됩니다. 개인 정보 처리 애플리케이션을 보호하는 보안 조치에 대해 정기 점검이 이루어집니다. 이를 위해 SAP 는 자체 IT 시스템에 대한 내부 및 외부 보안 점검 및 침투 테스트를 수행합니다. • SAP does not allow the installation of software that has not been approved by SAP. SAP 는 SAP 가 승인하지 않은 소프트웨어의 설치를 허용하지 않습니다. • An SAP security standard governs how data and data carriers are deleted or destroyed once they are no longer required. SAP 보안 표준은 더 이상 필요하지 않은 데이터 및 데이터 매체를 삭제 또는 파기하는 방법을 규정합니다.
Data Access Control. Persons entitled to use data processing systems gain access only to the Personal Data that they have a right to access, and Personal Data must not be read, copied, modified or removed without authorization in the course of processing, use and storage. 資料存取控制。有權使用資料處理系統之個人將僅對其有權存取之個人資料進行存取,並且在處理、使用、儲存過程中,未經授權不得閱讀、複製、修改或移除個人資料。 Measures: 措施: • As part of the SAP Security Policy, Personal Data requires at least the same protection level as “confidential” information according to the SAP Information Classification standard. 作為 SAP 安全政策之一部分,個人資料之保護程度至少應達 SAP 資訊分級標準規定之「機密」資訊等級。 • Access to Personal Data is granted on a need-to-know basis. Personnel have access to the information that they require in order to fulfill their duty. SAP uses authorization concepts that document grant processes and assigned roles per account (user ID). All Customer Data is protected in accordance with the SAP Security Policy. 在「有知情需要」的基礎上授予個人資料的存取權限。各人員可以存取用於履行職責的必要資訊。SAP 所使用的授權概念會記錄授予程序,及每個帳戶指派的角色 (使用者 ID)。所有客戶資料均按照 SAP 安全政策加以保護。 • All production servers are operated in the Data Centers or in secure server rooms. Security measures that protect applications processing Personal Data are regularly checked. To this end, SAP conducts internal and external security checks and penetration tests on its IT systems. 所有生產伺服器皆於資料中心或安全無虞之伺服器機房中運作。保護處理個人資料之應用程式之安全措施接受定 期檢查。有鑑於此,SAP 於其 IT 系統上進行內外部安全檢查和滲透測試。 • SAP does not allow the installation of software that has not been approved by SAP. SAP 不允許安裝未獲 SAP 核准之軟體。 • An SAP security standard governs how data and data carriers are deleted or destroyed once they are no longer required. SAP 安全標準可管制如何刪除或銷毀不再需要的資料及資料載體。
Data Access Control. The following measures are implemented to control that persons entitled to use data processing systems gain access only to the Personal Data when they have a right to access, and Personal Data is not read, copied, modified or removed without authorization in the course of processing, use and storage.
Data Access Control. Persons entitled to use data processing systems gain access only to the Personal Data that they have a right to access, and Personal Data must not be read, copied, modified or removed without authorization in the course of processing, use and storage./ Kendali Akses Data. Orang-orang yang berhak untuk menggunakan sistem pemrosesan data memperoleh akses hanya ke Data Pribadi yang berhak mereka akses, dan Data Pribadi tidak dapat dibaca, disalin, dimodifikasi, atau dihapus tanpa pengesahan selama pemrosesan, penggunaan, dan penyimpanan. Measures:/ Tindakan: • As part of the SAP Security Policy, Personal Data requires at least the same protection level as “confidential” information according to the SAP Information Classification standard./ Sebagai bagian dari Kebijakan Keamanan SAP, Data Pribadi mensyaratkan setidaknya tingkat perlindungan yang sama sebagaimana informasi “rahasia” sesuai dengan standar Klasifikasi Informasi SAP. • Access to Personal Data is granted on a need-to-know basis. Personnel have access to the information that they require in order to fulfill their duty. SAP uses authorization concepts that document grant processes and assigned roles per account (user ID). All Customer Data is protected in accordance with the SAP Security Policy./ Akses ke Data Pribadi diberikan seperlunya saja (need-to-know basis). Personel memiliki akses ke informasi yang mereka butuhkan untuk memenuhi tugas mereka. SAP menggunakan konsep pengesahan yang mendokumentasikan proses pemberian dan peran yang ditetapkan per akun (ID pengguna). Seluruh Data Pelanggan dilindungi sesuai dengan Kebijakan Keamanan SAP. • All production servers are operated in the Data Centers or in secure server rooms. Security measures that protect applications processing Personal Data are regularly checked. To this end, SAP conducts internal and external security checks and penetration tests on its IT systems./ Semua server produksi dioperasikan pada Pusat Data atau dalam ruang server yang aman. Tindakan keamanan yang melindungi aplikasi yang memproses Data Pribadi diperiksa secara berkala. Untuk mencapai tujuan ini, SAP menjalankan pemeriksaan keamanan internal dan eksternal serta uji penetrasi pada sistem TI-nya. • SAP does not allow the installation of software that has not been approved by SAP./ SAP tidak mengizinkan instalasi perangkat lunak yang belum disetujui oleh SAP. • An SAP security standard governs how data and data carriers are deleted or destroyed once they are no longer requi...
Data Access Control. Technical and organisational measures regarding the on-demand structure of the authorisation concept, data access rights and monitoring and recording of the same: Measures regarding data access control are targeted on the basis that only such data can be accessed for which an access authorisation exists and that data cannot be read, copied, changed or deleted in an unauthorised manner during the processing and after the saving of such data. Access to data necessary for the performance of the particular task is ensured within the systems and applications by a corresponding role and authorisation concept. In accordance to the “least privilege” and "need-to-know" principles, each role has only those rights which are necessary for the fulfilment of the task to be performed by the individual person. To maintain data access control, state of the art encryption technology is applied to the Personal Data itself where deemed appropriate to protect sensitive data based on risk.
Data Access Control. Provider applies the controls set out below regarding the access and use of Personal Data:
Data Access Control. The goal of data access control is that employees and authorised third parties can access data only within the framework of their access authorisation. In addition, it should be ensured that Personal Data cannot be read, copied, altered or removed (deleted) without authorisation when it is being handled. This applies to both to data stored in DP systems as well as for that which is on machine-readable data media or on paper.
