TECHNICAL AND ORGANIZATION SECURITY MEASURES Sample Clauses
The Technical and Organizational Security Measures clause defines the requirements for implementing safeguards to protect data and systems from unauthorized access, loss, or damage. It typically outlines specific security practices such as encryption, access controls, regular security assessments, and staff training that the parties must maintain. By establishing clear standards for data protection, this clause helps ensure compliance with legal obligations and mitigates the risk of data breaches or security incidents.
TECHNICAL AND ORGANIZATION SECURITY MEASURES. 5.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Vendor and each Vendor Affiliate shall in relation to the Company Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk.
5.2 In assessing the appropriate level of security, Vendor and each Vendor Affiliate shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach. Vendor shall take appropriate technical and organisational security measures to protect Personal Data against accidental loss or damage and unauthorised access, use, disclosure, alteration or destruction and to ensure the confidentiality, security, integrity, and availability of Personal Data. The measures to be undertaken by the Vendor shall include:
a. The measures to securely dispose of Personal Data taking into account available technology so that such information cannot be practicably read or reconstructed; and
b. Limiting access to Personal Data to Vendor Personnel: Vendor has taken reasonable steps to ensure the reliability of Vendor Personnel who are granted the minimum access level(s) to the Personal Data that are necessary to carry out their job role in performance of Vendor’s obligations under the Agreement; have been trained in the proper handling of Personal Data; are subject to written obligations of confidentiality in respect of Personal Data and only process Personal Data in accordance with Vendor’s instructions; and
c. Implementing logging and auditing techniques for access to the Personal Data Vendor processes on behalf of the Company; and
d. Encryption of all Personal Data Vendor processes on behalf of the Company where such processing takes place using laptops or other electronic portable devices; and
e. The use of encryption of Personal Data as appropriate taking into account the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss alteration, unauthorised disclosure of, or access to Personal Data. Zycus undergoes SSAE16 SOC1, SOC2 Type II audit by third party to ensure adequate security and confidentiality for all Company and Vendor data on a yearly basis. Zycus may share such audit reports for review by the Company upon request. The Vendor shall regularly t...
TECHNICAL AND ORGANIZATION SECURITY MEASURES. Introduction
TECHNICAL AND ORGANIZATION SECURITY MEASURES. This Appendix describes the technical and organizational security measures and procedures that the Data Processor shall, as a minimum, maintain to protect the security of personal data created, collected, received, or otherwise obtained. Data Processor will keep documentation of technical and organizational measures identified below to facilitate audits and for the conservation of evidence. All communication with Trimble Quadri occurs over HTTPS, ensuring communication is encrypted. with TLS (SSL). All customer data is stored for high-availability and durability. Data generated within Trimble ▇▇▇▇▇▇ is stored in secure databases which are backed-up daily. The Trimble Quadri application security model prevents customer data cross-over and ensures complete customer data segregation and privacy.
TECHNICAL AND ORGANIZATION SECURITY MEASURES. This Appendix describes the technical and organizational security measures and procedures that Trimble shall, as a minimum, maintain to protect the security of personal data created, collected, received, or otherwise obtained. Trimble will keep documentation of technical and organizational measures identified below to facilitate audits and for the conservation of evidence. Trimble will conduct periodic reviews of its security practices and evaluate the adequacy of its measures and reserves the right to modify the standards set forth below. In addition Trimble has been granted the ISO 27001-certificate, that can be found under this link: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/certificate-directory?certificateNumber=1650760-4 Trimble implements suitable measures in order to prevent unauthorized persons from gaining access to the data processing equipment where the personal data are processed or used. This is accomplished by: - establishing security areas; 24 hours security service provided by property owner; - protection and restriction of access paths; - securing the data processing equipment; - establishing access authorizations for staff and third parties, including the respective documentation; - regulations on card-keys; - restriction on card-keys; - all access to the data centre where personal data are hosted is logged, monitored, and tracked; and - the data centre where personal data are hosted is secured by a security alarm system, and other appropriate security measures. Trimble implements suitable measures to prevent its data processing systems from being used by unauthorized persons. This is accomplished by: - identification of the terminal and/or the terminal user to Trimble systems; - automatic time-out of user terminal if left idle, identification and password required to reopen; - automatic turn-off of the user ID when several erroneous passwords are entered, log file of events (monitoring of break-in-attempts); - issuing and safeguarding of identification codes; - dedication of individual terminals and/or terminal users, identification characteristics exclusive to specific functions; - staff policies in respect of each staff access rights to personal data (if any), informing staff about their obligations and the consequences of any violations of such obligations, to ensure that staff will only access personal data and resources required to perform their job duties and training of staff on applicable privacy duties and liabilities; - all access to data con...