Disclosure control. It must be ensured that personal data cannot be read, copied, modified, or removed by unauthorised parties during electronic transmission, during transport or during storage to data carriers and that it can be verified to which locations or sites a transmission of personal data is provided for by means of data transfer. • Documentation of retrieval and transmission processes • Determination of the persons authorised for transmission or transport • Regulations regarding dispatch method and determination of transport route • Use of safe transport containers • Securing of the transmission and transport route • Data encryption • Monitoring of transportation time • Completeness and correctness check (after the transfer) • Use of a VPN
Disclosure control. Technical and organizational measures to ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage on storage media (manual or electronic), and that it can be verified to which companies or other legal entities Personal Data are disclosed, include: · Encryption/tunneling; · Logging; and · Transport security.
Disclosure control. 4.1 Aspects of the disclosure of personal data must be controlled: electronic transfer, data transport, transmission control, etc.
Disclosure control. The Service Provider must control all aspects of the disclosure of data: electronic transfer, data transport, transmission control, etc. (i.e. measures to transport, transmit and communicate or store data on data media (manual or electronic) and measures for subsequent checking must be in place).
Disclosure control. Technical (protection when saving and transferring data) Entco will ensure the integrity of Customer Personal Data stored and disclosed within the data processing systems and applications through the use of plausibility checks and/or verification procedures. The confidentiality of Customer Personal Data outside Entco's area of responsibility (for example, third-party networks and radio networks) will be ensured through authentication and/or encryption. Remote access to networks that house Customer's systems and applications will be encrypted and only granted after authentication. Several factors will be associated with particularly sensitive data (for example, password and hardware token). Networks that house Customer's systems and applications will be separated from other networks through the use of proxies, firewalls "with stateful inspection", and a network address translation (NAT). In addition to Secure Socket Layer (SSL) encryption and the use of VPN technology, secure Internet communication will be achieved through the use of firewall systems and continuously updated virus software. Data carriers will be transported in encrypted form only.
Disclosure control. 4.1 Classification of documents in terms of confidentiality, integrity and availability and respective handling
Disclosure control. Vendor will deliver technology and processes designed to minimize access for illegitimate processing. • Workstations will be configured with password protected screensavers.
Disclosure control. No unauthorised reading, copying, changing or removal during electronic transfer or transportation Extract from the measures taken at PTV Planung Transport Verkehr AG: Use of VPNs Encryption of laptop hard drives Input control Identification of whether personal data have been entered in systems, changed or removed and if so, by whom Extract from the measures taken at PTV Planung Transport Verkehr AG: Logging of all input in the central CRM and the other relevant programmes
Disclosure control. Aspects of the disclosure of personal data must be controlled: electronic transfer, data transport, transmission control, etc. Measures to transport, transmit and communicate or store data on data media (manual or electronic) and for subsequent checking: • Encryption/tunneling (VPN = Virtual Private Network) • Logging • Transport security
Disclosure control. This measure ensures that Personal Data is not accessible (for reading, copying, modification or deletion) when being electronically sent over public networks to other parties or stored on other data media, except as necessary for the provision of Services in accordance with the relevant Agreement. A multi-layer security approach depends on maintaining appropriate security measures and procedures at five different levels within the production environment: Perimeter
