Common use of Electronic Access Control Clause in Contracts

Electronic Access Control. No unauthorized use of the Data Processing and Data Storage Systems, e.g.: (secure) passwords, automatic blocking/locking mechanisms, two-factor authentication, encryption of data carriers/storage media; The measures of electronic access controls are: • Use of unique IDs for all employees • Password policy defining password complexity requirements • Use of password manager • Enforcement of secure passwords • Multi-factor authentication in identity providers • Automatic blocking (e.g. wrong password, timeout) • Secure deposition of master and administrative passwords of all relevant IT systems • User rights are assigned to unique IDs • Usage of Mobile Device Management • Full-disk encryption of mobile devices and monitored via MDM • Usage of cryptographic methods that are state of the art, e.g., TLSv1.2+ • Data center operations outsourced • Regulation of data organization inclusive logging, reporting of data usage • Usage of data protection bin