Organizational Measures. (a) Employees Employees follow a security awareness training program on a yearly basis, including detection of social engineering, phishing, password management etc. They are required to apply a strong password policy and to use a password manager to limit password reuse. Multi-factor authentication is required whenever possible, including on the tools that Reveal develops to operate the service.
Organizational Measures. 2.1 Security plan and document
Organizational Measures. The implementation and operational effectiveness of all below controls are mandatory. The below organizational measures are derived from Our Third-Party Information Security Risk requirements, which align to leading industry standards. Control Title Control Description Reference to Industry Standard Implemented? (Yes/No)
Organizational Measures. A. Information Security Governance Data importer has established a personnel structure for information security governance, including but not limited to, a designated employee with overall responsibility for information security government (e.g., a chief information security officer) and other personnel with assigned roles and responsibilities for information security. Roles and responsibilities have been formally defined for all members of the information security team and have been documented.
Organizational Measures a. IT security policy Security policies are shared with all staff, they are reviewed following incidents and are updated periodically. A policy on the acceptable use of corporate assets and their safekeeping is available.
Organizational Measures. Employee security incident detection: All employees are trained on the detection and report- ing of security breaches (e.g., undetectable computer hardware, anti-virus software mes- sages). • Reporting systems: There are technical procedures in place that enable employees to report anomalies and anomalies in technical systems to the responsible persons.
Organizational Measures a. Update the Exporter’s register of international transfers in order to identify all cross-border data flows, reviewing the appropriate safeguards adopted in each case.
Organizational Measures. Clear responsibilities: Internal responsibilities for data security issues are defined. • Confidentiality requirements of employees: Employees are obliged to maintain secrecy be- yond the duration of their employment. In particular, employees may only transfer personal data to third parties upon the express instruction of a supervisor. • Training and information activities: Employees are trained on data security issues (internally or externally) and adequately informed about data security issues (such as password secu- rity). • Orderly termination of employment relationships: Upon termination of an employment rela- tionship, all accounts of the leaving employee are immediately blocked for that employee and all keys of the leaving employee are collected. • Management of computer hardware: Records are kept on the distribution of end devices to specific employees (e.g., PC, laptop, mobile phone). • Input control: Control procedures are implemented to control the accuracy of personal data. • No duplicates of user accounts: Each person should have their own user account — the shar- ing of user accounts is prohibited.
Organizational Measures. 1.1. Submittable has appointed one or more security officers responsible for coordinating and monitoring the security rules and procedures.
Organizational Measures. With regard to organizational protection the Data Importer undertakes to apply at least the following measures: Security Management · The security measures set forth in Exhibit F (Security) and Exhibit D (HIPAA and GLBA – Business Associate Agreement) to the Agreement to which these Standard Contractual Clauses are attached. Personnel Security (Human Resources Security) · The security measures set forth in Exhibit F (Security) and Exhibit G (Background Investigations) D.