Organization control Sample Clauses
The Organization Control clause establishes the authority and procedures by which an organization manages and directs its internal operations or the conduct of its members. Typically, this clause outlines who holds decision-making power, how policies are enforced, and the mechanisms for oversight within the organization. By clearly defining these controls, the clause ensures effective governance, reduces the risk of unauthorized actions, and maintains organizational order.
Organization control. The Supplier shall take reasonable steps to arrange the internal organization in such a way that it meets the specific requirements of data protection and implement and maintain the following measures:
6.1. Maintain a written information security policy that is approved annually by Supplier management team and published and communicated to all Supplier employees and relevant third parties.
6.2. Maintain a dedicated security and compliance function to design, maintain and operate security in support of its “trust platform” in line with industry standards. This function shall focus on system integrity, risk acceptance, risk analysis and assessment, risk evaluation, risk management and treatment statements of applicability and vendor management.
6.3. Undergo regular independent 3rd party security reviews and provide audit reports such as SSAE16 or ISAE3402.
6.4. Maintain data protection, security awareness and compliance program, procedures and tools which address information security threats and best practices; as well as information security policies, procedures, and controls in place to protect Data.
6.5. Maintain, and provide Avaya access to, upon request, reporting policies, procedures, and tools which provide relevant documentation and reporting on the implementation, effectiveness, and, if necessary, remediation, of the appropriate safeguards related to the processing of Data.
6.6. Maintain a written data classification and handling policy and an inventory of records with classification with physical and electronic location provided.
6.7. Ensure that consequences for policy violations are established, communicated, and acted upon.
Organization control. Laerdal maintains its internal organization in a manner that meets the requirements of data protection and security. This includes: Constantly improving internal data processing policies and procedures, guidelines, work instructions, process descriptions and regulations for programming, testing and release, insofar as they relate to the Personal Data transferred by the customer. ISO27001 Certificate GDPR and other relevant country requirements are adopted for Personal data processing, storing and in transmission
Organization control. The Supplier shall take reasonable steps to arrange the internal organization in such a way that it meets the specific requirements of data protection and implement and maintain the following measures:
6.1. Maintain a written information security policy that is approved annually by Supplier management team and published and communicated to all Supplier employees and relevant third parties.
6.2. Maintain a dedicated security and compliance function to design, maintain and operate security in support of its “trust platform” in line with industry standards. This function shall focus on system integrity, risk acceptance, risk analysis and assessment, risk evaluation, risk management and treatment statements of applicability and vendor management.
6.3. Undergo regular independent 3rd party security reviews and provide audit reports such as SSAE16 or ISAE3402.
Organization control a) An external data protection officer is appointed by the Contractor.
b) The commissioned data protection officer is supported in his work by an internal employee (“Lead-function data protection”).
c) All employees of the Contractor are trained in data protection questions and present data protection concepts at least once per year. Training materials are available in writing and as training videos.
d) For employees of the Contractor, there apply internal guidelines and work instructions on i. handling of personal data in a home office / mobile office,
Organization control a) An external data protection officer is appointed by the Contractor.
b) The commissioned data protection officer is supported in his work by an internal employee (“Lead-function data protection”).
c) All employees of the Contractor are trained in data protection questions and present data protection concepts at least once per year. Training materials are available in writing and as training videos.
d) For employees of the Contractor, there apply internal guidelines and work instructions on
a. handling of personal data in a home office / mobile office,
b. use of the operational Internet access and the operational email accounts,
c. use of private devices for operational activities (Bring your own device).
e) All employees of the Contractor are obligated in writing to confidentiality as regards data protection.
Organization control. 6.1. Avaya will ensure that in case of commissioned data processing, the Personal Data are processed strictly in accordance with the instructions of Customer.
6.2. Customer will provide clear instructions to Avaya regarding the scope of the processing of personal data, and Avaya will adhere to these instructions.
Organization control. Ensuring that the in-house organization meets the special requirements of data protection.