Organization control. The Supplier shall take reasonable steps to arrange the internal organization in such a way that it meets the specific requirements of data protection and implement and maintain the following measures: 6.1. Maintain a written information security policy that is approved annually by Supplier management team and published and communicated to all Supplier employees and relevant third parties. 6.2. Maintain a dedicated security and compliance function to design, maintain and operate security in support of its “trust platform” in line with industry standards. This function shall focus on system integrity, risk acceptance, risk analysis and assessment, risk evaluation, risk management and treatment statements of applicability and vendor management. 6.3. Undergo regular independent 3rd party security reviews and provide audit reports such as SSAE16 or ISAE3402.
Appears in 2 contracts
Sources: Technical and Organizational Measures, Technical and Organizational Measures