System Access Control. Data processing systems used to provide the Cloud Service must be prevented from being used without authorization. Measures: • Multiple authorization levels are used when granting access to sensitive systems, including those storing and processing Personal Data. Authorizations are managed via defined processes according to the SAP Security Policy • All personnel access SAP’s systems with a unique identifier (user ID). • SAP has procedures in place so that requested authorization changes are implemented only in accordance with the SAP Security Policy (for example, no rights are granted without authorization). In case personnel leaves the company, their access rights are revoked. • SAP has established a password policy that prohibits the sharing of passwords, governs responses to password disclosure, and requires passwords to be changed on a regular basis and default passwords to be altered. Personalized user IDs are assigned for authentication. All passwords must fulfill defined minimum requirements and are stored in encrypted form. In the case of domain passwords, the system forces a password change every six months in compliance with the requirements for complex passwords. Each computer has a password-protected screensaver. • The company network is protected from the public network by firewalls. • SAP uses up–to-date antivirus software at access points to the company network (for e-mail accounts), as well as on all file servers and all workstations. • Security patch management is implemented to provide regular and periodic deployment of relevant security updates. Full remote access to SAP’s corporate network and critical infrastructure is protected by strong authentication.
System Access Control. Multiple authorization levels are used when granting access to sensitive systems, including those storing and processing Personal Data. Authorizations are managed via defined processes according to the SAP Security Policy. • All personnel access SAP’s systems with a unique identifier (user ID). • SAP has policies designed to provide that no rights are granted without authorization and in case personnel leaves the company their access rights are revoked. • SAP has established a password policy that prohibits the sharing of passwords, governs responses to password disclosure, and requires passwords to be changed on a regular basis and default passwords to be altered. Personalized user IDs are assigned for authentication. All passwords must fulfill defined minimum requirements and are stored in encrypted form. In the case of domain passwords, the system forces a password change every six months in compliance with the requirements for complex passwords. Each computer has a password-protected screensaver. • The company network is protected from the public network by firewalls. • SAP uses up–to-date antivirus software at access points to the company network (for e-mail accounts), as well as on all file servers and all workstations. • Security patch management processes to deploy relevant security updates on a regular and periodic basis. • Full remote access to SAP’s corporate network and critical infrastructure is protected by authentication.
System Access Control. Data processing systems used to provide the Cloud Service must be prevented from being used without authorization.
System Access Control. Data processing systems used to provide the Cloud Service must be prevented from being used without authorization. // システムアクセス制御 「クラウドサービス」✰提供✰ために使用されるデータ処理システムでは、権限✰ない使用を防止しなければならない。 Measures: // 対策 • Multiple authorization levels are used when granting access to sensitive systems, including those storing and processing Personal Data. Authorizations are managed via defined processes according to the SAP Security Policy // 機密に関するシステム(「個人データ」✰格納及び処理を行うシステムを含む)に対してアクセス権を付与する際は、複数✰権限付与レベルが用いられる。権限は、「SAP セキ➦リティポリシー」に従った明確なプロセスで管理される。 • All personnel access SAP’s systems with a unique identifier (user ID). // すべて✰職員は、固有✰識別情報(ユーザー ID)を使用して、SAP ✰システムにアクセスする。 • SAP has procedures in place to so that requested authorization changes are implemented only in accordance with the SAP Security Policy (for example, no rights are granted without authorization). In case personnel leaves the company, their access rights are revoked. // SAP では、要請された権限✰変更が、「SAP セキ➦リティポリシー」に従って✰み実行されるようにする手続きが導入されている (たとえば、承認なしにいかなる権利も付与されないなど)。職員が退職する場合、そ✰アクセス権は取り消される。 • SAP has established a password policy that prohibits the sharing of passwords, governs responses to password disclosure, and requires passwords to be changed on a regular basis and default passwords to be altered. Personalized user IDs are assigned for authentication. All passwords must fulfill defined minimum requirements and are stored in encrypted form. In the case of domain passwords, the system forces a password change every six months in compliance with the requirements for complex passwords. Each computer has a password-protected screensaver. // SAP では、パスワード✰共有を禁じ、パスワード✰開示に対する対応を定めるとともに、定期的にパスワードを変更しデフォルト✰パスワードは変更することを要求する、パスワードポリシーを定めている。個人専用✰ユーザー ID が、認証✰ために割り当てられる。すべて✰パスワードは定められた最小要件を満たしていなければならず、暗号化された形式で保存される。ドメインパスワードについては、システムにより、6 カ月ごとに、複雑なパスワード✰要件に従ったパスワード✰変更が義務付けられる。各コンピ➦ーターには、パスワードで保護されたスクリーンセーバーが備えられている。 • The company network is protected from the public network by firewalls. // 会社✰ネットワークは、ファイアウォールにより、公共ネットワークから保護されている。 • SAP uses up–to-date antivirus software at access points to the company network (for e-mail accounts), as well as on all file servers and all workstations. // SAP は、会社✰ネットワークに対するアクセスポイント(電子メールアカウント用)に加えて、すべて✰ファイルサーバー及びすべて✰ワークステーションで、最新✰アンチウィルスソフトウェアを使用している。 • Security patch management is implemented to provide regular and periodic deployment of relevant security updates. Full remote access to SAP’s corporate network and critical infrastructure is protected by strong authentication. // 関連するセキ...
System Access Control. Data processing systems used to provide the Cloud Service must be prevented from being used without authorization./ Kendali Akses Sistem. Sistem pemrosesan data yang digunakan untuk menyediakan Layanan Cloud harus dicegah agar tidak digunakan tanpa pengesahan. Measures:/ Tindakan: • Multiple authorization levels are used when granting access to sensitive systems, including those storing and processing Personal Data. Authorizations are managed via defined processes according to the SAP Security Policy/ Sejumlah tingkat otorisasi digunakan ketika memberikan akses ke sistem-sistem yang sensitif, termasuk ke sistem yang menyimpan dan memproses Data Pribadi. Otorisasi dikelola melalui proses yang ditentukan sesuai dengan Kebijakan Keamanan SAP • All personnel access SAP’s systems with a unique identifier (user ID)./ Semua personel mengakses sistem-sistem SAP dengan identitas unik (ID pengguna). • SAP has procedures in place to so that requested authorization changes are implemented only in accordance with the SAP Security Policy (for example, no rights are granted without authorization). In case personnel leaves the company, their access rights are revoked./ SAP memiliki prosedur untuk memastikan bahwa perubahan pengesahan yang diminta telah diimplementasikan hanya sesuai dengan Kebijakan Keamanan SAP (misalnya, tidak ada hak yang diberikan tanpa pengesahan). Apabila personel berhenti bekerja pada perusahaan, hak mereka untuk mengakses akan dicabut. • SAP has established a password policy that prohibits the sharing of passwords, governs responses to password disclosure, and requires passwords to be changed on a regular basis and default passwords to be altered. Personalized user IDs are assigned for authentication. All passwords must fulfill defined minimum requirements and are stored in encrypted form. In the case of domain passwords, the system forces a password change every six months in compliance with the requirements for complex passwords. Each computer has a password-protected screensaver./ SAP telah menetapkan kebijakan kata sandi yang melarang pembagian kata sandi, mengatur respons terhadap pengungkapan kata sandi, dan meminta agar kata sandi diubah secara berkala dan kata sandi standar untuk diubah. ID pengguna yang dipersonalisasikan ditetapkan untuk otentikasi. Semua kata sandi harus memenuhi persyaratan minimum yang ditetapkan dan disimpan dalam formulir terenkripsi. Dalam kasus kata sandi domain, sistem meminta kata sandi untuk diubah setiap enam ...
System Access Control. 5.4 Automated Audit Trail
System Access Control. Data processing systems used to provide the Cloud Service must be prevented from being used without authorization. 시스템 액세스 제어. 클라우드 서비스를 제공하기 위해 사용되는 데이터 처리 시스템은 승인되지 않은 사용이 금지되어야 합니다. Measures: 조치: • Multiple authorization levels are used when granting access to sensitive systems, including those storing and processing Personal Data. Authorizations are managed via defined processes according to the SAP Security Policy 개인 정보를 저장하고 처리하는 시스템을 포함하여 중요한 시스템의 경우 여러 인증 단계를 사용하여 액세스를 허가합니다. 인증은 SAP 보안 정책에 따라 규정된 과정을 통해 관리됩니다. • All personnel access SAP’s systems with a unique identifier (user ID). 모든 인력은 고유 식별자(사용자 ID)를 이용해 SAP 시스템에 액세스합니다. • SAP has procedures in place to so that requested authorization changes are implemented only in accordance with the SAP Security Policy (for example, no rights are granted without authorization). In case personnel leaves the company, their access rights are revoked. SAP 는 요청된 권한 변경이 SAP 보안 정책에 따라서만 실행되도록 보장하기 위한 절차를 갖추고 있습니다(예: 허가 없이는 어떤 권한도 부여되지 않음). 인력이 퇴직할 경우, 해당 인력의 액세스 권한은 철회됩니다. • SAP has established a password policy that prohibits the sharing of passwords, governs responses to password disclosure, and requires passwords to be changed on a regular basis and default passwords to be altered. Personalized user IDs are assigned for authentication. All passwords must fulfill defined minimum requirements and are stored in encrypted form. In the case of domain passwords, the system forces a password change every six months in compliance with the requirements for complex passwords. Each computer has a password-protected screensaver. SAP 는 비밀번호 공유를 금지하고 비밀번호가 공개된 경우 취해야 할 대응책을 명시하고 정기적으로 비밀번호를 변경하도록 규정하며 기본 비밀번호가 달라지는 비밀번호 정책을 수립하고 있습니다. 인증을 위해 개인별 사용자 ID 가 배정됩니다. 모든 비밀번호는 규정된 최소 요건을 충족하고 암호화된 형태로 저장되어야 합니다. 도메인 비밀번호의 경우 복잡한 비밀번호 요건을 충족하는 비밀번호 변경이 시스템에 의해 6 개월마다 강제됩니다. 모든 컴퓨터에서 비밀번호로 보호된 화면 보호기가 작동됩니다. • The company network is protected from the public network by firewalls. 회사 네트워크는 방화벽에 의해 공용 네트워크로부터 보호됩니다. • SAP uses up–to-date antivirus software at access points to the company network (for e-mail accounts), as well as on all file servers and all workstations. SAP 는 회사 네트워크로 진입하는 액세스 지점(이메일 계정)과 모든 파일 서버 및 모든 워크스테이션에 최신 바이러스 차단 소프트웨어를 사용합니다. • Security patch management is implemented to provide regular and periodic deployment of relevant security updates. Full remote access to SAP’s corporate network and critical infrastructure is protected by strong authentication. 보안 패치 관리가 관련 보안 업데이트의 정기적인 배포를 제공하기 위해 시행됩니다. SAP 회사 네트워크 및 ...
System Access Control. The following measures are implemented to protect against the unauthorized access to and use of data processing systems used to provide Services on the Platform:
System Access Control. The following may, among other controls, be applied depending upon the particular Cloud Services ordered: authentication via passwords and/or two-factor authentication, documented authorization processes, documented change management processes, and logging of access on several levels. For Cloud Services hosted @Oracle: (i) log-ins to Cloud Services Environments by Oracle employees and Subprocessors are logged; (ii) logical access to the data centers is restricted and protected by firewall/VLAN; and (iii) intrusion detection systems, centralized logging and alerting, and firewalls are used.
System Access Control. Data processing systems used to provide the Cloud Service must be prevented from being used without authorization. Measures: • Multiple authorization levels are used when granting access to sensitive systems, including those storing and processing Personal Data. Authorizations are managed via defined processes according to the Qualtrics Security Policy • All personnel access Qualtrics’ systems with a unique identifier (user ID). • Qualtrics has procedures in place so that requested authorization changes are implemented only in accordance with the Qualtrics Security Policy (for example, no rights are granted without authorization). In case personnel leaves the company, their access rights are revoked. • Qualtrics has established a password policy that prohibits the sharing of passwords, governs responses to password disclosure, and requires passwords to be changed on a regular basis and default passwords to be altered. Personalized user IDs are assigned for authentication. All passwords must fulfill defined minimum requirements and are stored in encrypted form. In the case of domain passwords, the system forces a password change every six months in compliance with the requirements for complex passwords. Each computer has a password-protected screensaver. • The company network is protected from the public network by firewalls. • Qualtrics uses up–to-date antivirus software at access points to the company network (for e-mail accounts), as well as on all file servers and all workstations. • Security patch management is implemented to provide regular and periodic deployment of relevant security updates. Full remote access to Qualtrics’ corporate network and critical infrastructure is protected by strong authentication.
