TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA. EXPLANATORY NOTE: The technical and organisational measures must be described in specific (and not generic) terms. See also the general comment on the first page of the Appendix, in particular on the need to clearly indicate which measures apply to each transfer/set of transfers. Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. ● Imported subject data (Name and Email) is entered by the Exporter into our system after logging in with an encrypted password. The import process does not require PII to be transmitted. Extent of personal data imported is Name and Email. ● All other personal data is voluntarily added by the subject to their profile. ● Subjects voluntarily choose whether to have their profiles public and until this choice is presented to the subject, the profile is treated as hidden. ● No public connection to our database exists. ● In order to access the database, a secure connection through VPN must be established. ● Users with the ability to access the database are limited in order to minimize the possibility of a data breach. ● All database user accounts have strong, randomized passwords. ● The Data Center is equipped with physical security. ● Processes for erasure and portability exist. ● Defined process for “Right to be Forgotten” Requests exists. ● Accountability is reinforced with GDPR training for all employees ● Braintree (sub-processor) data transfer is encrypted and SAI does not see/store subjects’ personal payment information, i.e., credit card information. ● Hubspot (sub-processor) data transfer is encrypted. PII includes Name and Email, but may also contain other contact information that the subject has voluntarily provided to SAI. ● Comparative Agility (sub-processor) link is provided within an encrypted email. The Comparative Agility site is encrypted as well. ● Xxxx.xxx (sub-processor) data transfer is encrypted. PII is limited to a login token (based on first initial and last name) and Email. ● BadgeCert (sub-processor) data transfer is encrypted. PII is limited to Name, Email, Company (if provided subject), and Title (if provided by subject). ● LearnUpon (sub-processor) has an encrypted connection. Subjects voluntarily sign up for the platform. LearnUpon houses subje...
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA. Surecomp utilizes Amazon Web Services (“Cloud Provider”) and relies to a great extent on the technical security measures adopted by Cloud Provider. In addition to the security measures adopted by Cloud Provider, and to the extent data processing activities occur outside the Cloud provider system, Surecomp has implemented the following technical and organizational measures to ensure the security of Client Personal Data:
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA. Description of the technical and organizational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. Technical controls in place include: Data Encryption at rest (standard is Self-Encrypting Drives at AES256) Data Encryption in transit as access is using HTTPS and TLS 1.2, connection via HTTP is not permitted. Option is site to site VPN using AES 256. Backups are encrypted using AES 256 Access to cryptographic keys is only by authorized eGain data custodians who undertake training and sign additional rules of behavior. Data Pattern Masking (requirements configured by the controller) ensures data such as credit cards if not required are not captured (agents also do not see any masked information), this is irreversible. A Customer Data Protection Portal that allows the customer to meet the data subjects’ rights such as erasure (right to be forgotten), copy of the data in an electronic industrial recognized format for portability. Controller can ensure integrity/accuracy of the personal data using the eGain Services Administration Console Robust DR/BC and restore capability to ensure that the data is available as required by the controller (options for customer on the level required) Internal and external vulnerability checks on a bi-weekly basis IPS/IDS in place Multi-zonal environment with access to only adjacent zones by approved devices on approved ports Default setting of ‘deny all’ for rules Access Control lists in place Option to IP whitelist to known IP address Internal multifactor authentication in use Option for Controller to use single sign on Technical system segregation (i.e. test and dev are separate to the production environment) A Security Information and Event Management (SIEM) system in place for access and event monitoring and early detection of incidents Automation or support and maintenance is in place to reduce the requirement for system and data access by employees as much as possible Erasure of all data at contract termination to NIST 800 88 r1 standards and certificate of destruction supplied Organizational Controls in place include: Contractual clauses in place that meet the data protection requirements between controller / processor including EU Standard Contractual Clauses and Data Protection requirements covering GDPR ...
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA. Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. The technical and organisational measures (including the certifications held by the data importer) as well as the scope and the extent of the assistance required to respond to data subjects’ requests are described in the DPA. For transfers to (sub-) processors, also describe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter. The technical and organisational measures that the data importer will impose on sub-processors are described in the DPA.
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA. Information Security Program:
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA. EXPLANATORY NOTE: The technical and organisational measures must be described in specific (and not generic) terms. See also the general comment on the first page of the Appendix, in particular on the need to clearly indicate which measures apply to each transfer/set of transfers. Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. See Exhibit A to the MSA ANNEX III – LIST OF SUBPROCESSORS As displayed at xxxxxxx.xxx/xxxxxxxxxxxxx/ at the date of this Agreement.
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA. Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. The Security Measures applicable to the Services are described here:
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA. EXPLANATORY NOTE: The technical and organisational measures must be described in specific (and not generic) terms. See also the general comment on the first page of the Appendix, in particular on the need to clearly indicate which measures apply to each transfer/set of transfers. Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. See Exhibit A to the MSA
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA. Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. • see the relevant Product Notice available online at xxxxx://xxxx.xxxxxx.xxx/guide/ (marked as “GDPR Product Notice”), and • see the Acquia Security Annex available online at xxxxx://xxx.xxxxxx.xxx/sites/default/files/legal/acquia-security-annex.pdf (the version applicable as of signature of this DPA is attached hereto as Exhibit 1) For transfers to (sub-) processors, alsodescribe the specific technical and organisational measures to be taken by the (sub -) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter Acquia requires its sub-processors to adhere to technical and organizational measures which are at least as equivalent as those referenced in the Acquia Security Annex. Exhibit 3 Standard Data Protection Clauses to be issued by the Commissioner under S119A(1) Data Protection Act 2018 INTERNATIONAL DATA TRANSFER ADDENDUM TO THE EU COMMISSION STANDARD CONTRACTUAL CLAUSES VERSION B1.0, in force 21 March 2022 This Addendum has been issued by the Information Commissioner for Parties making Restricted Transfers. The Information Commissioner considers that it provides Appropriate Safeguards for Restricted Transfers when it is entered into as a legally binding contract.
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA. The privacy of your data is important to Instatus. The various measures we take to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons, can be found in Instatus’s Privacy Policy and Security Overview, Instatus establishes data processing agreements with all of its subprocessors that handle personal data, which require those subprocessors to adhere to the same, if not more stringent requirements, as Instatus. You can find out more about Instatus subprocessors here. SCHEDULE 5
