Organizational Measures. The implementation and operational effectiveness of all below controls are mandatory. The below organizational measures are derived from Our Third-Party Information Security Risk requirements, which align to leading industry standards. Control Title Control Description Reference to Industry Standard Implemented? (Yes/No) 3.1.1 Industry Standards Supplier follows industry standards and laws, regulations, and applicable guidelines. Supplier is certified against (at a minimum) the ISO 27001 standard and has a periodic cycle ofinternal and external audits to ensure the continued compliance of all applicable security controls. Supplier shall submit a copy of any industry standard accreditation applicable to theproducts or services it is providing to Trellix (e.g., ISO27001, PCI-DSS or SSAE16/18-SOC 2 audits performed by an independent auditor within the last year) and provide annual updates of the accreditation during the term of the Services Agreement. Supplier shall also inform Trellix of its adherence to data protection certification. ISO 27001 A.12. 7.1 Privacy & Protection of Personal Data Supplier takes measures to ensure protection of Personal Data as required with relevant legislation such as the GDPR. At a minimum, Supplier encrypts data at rest and in transit as required by law, regulation, and applicable guidelines. ISO 27001 A.18.
Appears in 2 contracts
Sources: Data Processing and Security Agreement, Data Processing and Security Agreement