Organizational Measures. 2.1 Security plan and document
Organizational Measures. (a) Employees Employees follow a security awareness training program on a yearly basis, including detection of social engineering, phishing, password management etc. They are required to apply a strong password policy and to use a password manager to limit password reuse. Multi-factor authentication is required whenever possible, including on the tools that Reveal develops to operate the service.
Organizational Measures. The implementation and operational effectiveness of all below controls are mandatory. The below organizational measures are derived from Our Third-Party Information Security Risk requirements, which align to leading industry standards. Control Title Control Description Reference to Industry Standard Implemented? (Yes/No)
Organizational Measures. A. Information Security Governance Data importer has established a personnel structure for information security governance, including but not limited to, a designated employee with overall responsibility for information security government (e.g., a chief information security officer) and other personnel with assigned roles and responsibilities for information security. Roles and responsibilities have been formally defined for all members of the information security team and have been documented.
Organizational Measures a. IT security policy Security policies are shared with all staff, they are reviewed following incidents and are updated periodically. A policy on the acceptable use of corporate assets and their safekeeping is available.
Organizational Measures. (i) Employee security incident detection: All relevant employees are instructed on the detection and reporting of security breaches (e.g., lost computer hardware, anti-virus software alerts).
Organizational Measures. The Terra Infinity management team, through an ongoing awareness program, has been actively participated in the development of an information security culture within the company and has a management structure in place to support the implementation of information security in its services with clear roles and responsibilities managed within the organization. Operations Management Several industry best practice processes and policies are in place to ensure the best possible confidentiality, availability and integrity of the platform. These policies align with stringent requirements in a number of areas, including: - Information security - Security of the hosting environment - Third-party access - Capacity control - Change management - Backup and recovery - Access control - documentation - Logging and monitoring - Incident response - Release management Security Team Terra Infinity has a team of security professionals who are responsible for the overall information security of the organization. Privacy Terra Infinity has implemented a number of industry-standard measures to prevent Personal Information from being read, copied, altered, or deleted during transmission or storage, altered or deleted during transmission or storage. This is accomplished through a variety of industry standard measures including: - Use of multi-layered firewalls, VPNs, and encryption technologies to Protection of gateways and pipelines - HTTPS encryption (also referred to as SSL or TLS connection) using secure cryptographic keys - Remote access to data centers is protected by multiple network security layers protected - Particularly sensitive customer data is protected while in storage by encryption and/or hashing (pseudonymization). Data centers Terra Infinity uses only state-of-the-art data centers from AWS Germany, Frankfurt, which have 365/24/7 security and monitoring services and follow only the most advanced security standards. More: xxxxx://xxx.xxxxxx.xxx/de/compliance/germany-data-protection/ Privacy Impact Assessment A data protection impact assessment according to Art. 35 DSGVO is not required. Justification:
Organizational Measures. Clear responsibilities: Internal responsibilities for data security issues are defined. • Confidentiality requirements of employees: Employees are obliged to maintain secrecy be- yond the duration of their employment. In particular, employees may only transfer personal data to third parties upon the express instruction of a supervisor. • Training and information activities: Employees are trained on data security issues (internally or externally) and adequately informed about data security issues (such as password secu- rity). • Orderly termination of employment relationships: Upon termination of an employment rela- tionship, all accounts of the leaving employee are immediately blocked for that employee and all keys of the leaving employee are collected. • Management of computer hardware: Records are kept on the distribution of end devices to specific employees (e.g., PC, laptop, mobile phone). • Input control: Control procedures are implemented to control the accuracy of personal data. • No duplicates of user accounts: Each person should have their own user account — the shar- ing of user accounts is prohibited.
Organizational Measures. The implementation and operational effectiveness of all below controls are mandatory. The below organizational measures are derived from McAfee Enterprise’s Third-Party Information Security Risk requirements, which align to leading industry standards. Organizational Measures Supplier has a specific resource assigned that is accountable for security management. All systems have malware management which includes up to date signature files running on all production systems. If administration of any systems or applications is performed outside the Suppliers secured intranet, it must be done through a secure channel (VPN or SSL) Control Title Control Description Reference to Industry Standard Implemented? (Yes/No)
Organizational Measures. 1.1. Submittable has appointed one or more security officers responsible for coordinating and monitoring the security rules and procedures.
