Common use of Security Measures Clause in Contracts

Security Measures. 11.1 Security and Training Both Parties shall adhere to the procedures set out in table 11.2 below, regarding the transfer and receipt of data. The Party/Parties receiving data agree, in accordance Article 32 of the GDPR, to implement appropriate technical and organisational measures to protect the shared personal data in their possession against unauthorised or unlawful processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the shared personal data transmitted, stored or otherwise processed. This may include, but is not limited to: ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ Policies, guidelines and procedures governing information security. Password protection for computer access. Automatic locking of idle PCs. Appropriate antivirus software and firewalls used to protect integrity and security of electronically processed data. Unique identifiers for every user with access to data. Employees have access only to personal data required for them to do their jobs. Appropriate security where remote access is allowed. Encryption of data held on portable devices. Data breach procedures. Appropriate physical security. Staff training and awareness. Monitoring of staff accessing data. Controlling physical access to IT systems and areas where paper-based data are stored. Adopting a clear desk policy. Appropriate techniques for destruction of data. Having back-ups of data off-site. Both Parties shall ensure that the security standards appropriate to the transfer of personal data under this agreement are adhered to. The Party/Parties receiving data shall ensure that all persons who have access to and who process the personal data are obliged to keep the personal data confidential. The Party/Parties receiving data shall ensure that employees having access to the data are properly trained and aware of their data protection responsibilities in respect of that data. Access to the data supplied by the Party disclosing data will be restricted to persons on the basis of least privilege, sufficient to allow such persons carry out their role. Each Party will keep the data secure and ensure that it is transferred securely in accordance with the procedures of this agreement.

Security Measures. 11.1 Security and Training Both Parties shall adhere to the procedures set out in table 11.2 below, regarding the transfer and receipt of data. The Party/Parties receiving data agree, in accordance Article 32 of the GDPR, to implement appropriate technical and organisational measures to protect the shared personal data in their possession against unauthorised or unlawful processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the shared personal data transmitted, stored or otherwise processed. This may include, but is not limited to: ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ Policies, guidelines and procedures governing information security. ▪ Password protection for computer access. ▪ Automatic locking of idle PCs. ▪ Appropriate antivirus software and firewalls used to protect integrity and security of electronically processed data. ▪ Unique identifiers for every user with access to data. ▪ Employees have access only to personal data required for them to do their jobs. ▪ Appropriate security where remote access is allowed. ▪ Encryption of data held on portable devices. ▪ Data breach procedures. ▪ Appropriate physical security. ▪ Staff training and awareness. ▪ Monitoring of staff accessing data. ▪ Controlling physical access to IT systems and areas where paper-based data are stored. ▪ Adopting a clear desk policy. ▪ Appropriate techniques for destruction of data. ▪ Having back-ups of data off-site. Both Parties shall ensure that the security standards appropriate to the transfer of personal data under this agreement are adhered to. The Party/Parties receiving data shall ensure that all persons who have access to and who process the personal data are obliged to keep the personal data confidential. The Party/Parties receiving data shall ensure that employees having access to the data are properly trained and aware of their data protection responsibilities in respect of that data. Access to the data supplied by the Party disclosing data will be restricted to persons on the basis of least privilege, sufficient to allow such persons carry out their role. Each Party will keep the data secure and ensure that it is transferred securely in accordance with the procedures of this agreement.

Security Measures. 11.1 Security and Training Both Parties Each Party shall adhere to the procedures set out in table 11.2 below, regarding the transfer and receipt of data. The Party/Parties receiving data agree, in accordance Article 32 of the GDPR, to implement appropriate technical and organisational measures to protect the shared personal data in their possession against unauthorised or unlawful processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the shared personal data transmitted, stored or otherwise processed. This may include, but is not limited to: ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ Policies, guidelines and procedures governing information security. Password protection for computer access. Automatic locking of idle PCs. Appropriate antivirus software and firewalls used to protect integrity and security of electronically processed data. Unique identifiers for every user with access to data. Employees have access only to personal data required for them to do their jobs. Appropriate security where remote access is allowed. Encryption of data held on portable devices. Data breach procedures. Appropriate physical security. Staff training and awareness. Monitoring of staff accessing data. Controlling physical access to IT systems and areas where paper-based data are stored. Adopting a clear desk policy. Appropriate techniques for destruction of data. Having back-ups of data off-site. Both Parties Each Party shall ensure that the security standards appropriate to the transfer of personal data under this agreement are adhered to. The Party/Parties receiving data shall ensure that all persons who have access to and who process the personal data are obliged to keep the personal data confidential. The Party/Parties receiving data shall ensure that employees having access to the data are properly trained and aware of their data protection responsibilities in respect of that data. Access to the data supplied by the Party disclosing data will be restricted to persons on the basis of least privilege, sufficient to allow such persons carry out their role. Each Party will keep the data secure and ensure that it is transferred securely in accordance with the procedures of this agreement.

Security Measures. 11.1 Security and Training Both Parties shall adhere to the procedures set out in table 11.2 below, regarding the transfer and receipt of data. The Party/Parties receiving data agree, in accordance Article 32 of the GDPR, to implement appropriate technical and organisational measures to protect the shared personal data in their possession against unauthorised or unlawful processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the shared personal data transmitted, stored or otherwise processed. This may include, but is not limited to: ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ • • • • • • • • • • • • • • • • Policies, guidelines and procedures governing information security. Password protection for computer access. Automatic locking of idle PCs. Appropriate antivirus software and firewalls used to protect integrity and security of electronically processed data. Unique identifiers for every user with access to data. Employees have access only to personal data required for them to do their jobs. Appropriate security where remote access is allowed. Encryption of data held on portable devices. Data breach procedures. Appropriate physical security. Staff training and awareness. Monitoring of staff accessing data. Controlling physical access to IT systems and areas where paper-based data are stored. Adopting a clear desk policy. Appropriate techniques for destruction of data. Having back-ups of data off-site. Both Parties shall ensure that the security standards appropriate to the transfer of personal data under this agreement are adhered to. The Party/Parties receiving data shall ensure that all persons who have access to and who process the personal data are obliged to keep the personal data confidential. The Party/Parties receiving data shall ensure that employees having access to the data are properly trained and aware of their data protection responsibilities in respect of that data. Access to the data supplied by the Party disclosing data will be restricted to persons on the basis of least privilege, sufficient to allow such persons carry out their role. Each Party will keep the data secure and ensure that it is transferred securely in accordance with the procedures of this agreement.

Security Measures. 11.1 Security and Training Both Parties shall adhere to the procedures set out in table 11.2 below, regarding the transfer and receipt of data. The Party/Parties receiving data agree, in accordance Article 32 of the GDPR, to implement appropriate technical and organisational measures to protect the shared personal data in their possession against unauthorised or unlawful processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the shared personal data transmitted, stored or otherwise processed. This may include, but is not limited to: ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪                 Policies, guidelines and procedures governing information security. Password protection for computer access. Automatic locking of idle PCs. Appropriate antivirus software and firewalls used to protect integrity and security of electronically processed data. Unique identifiers for every user with access to data. Employees have access only to personal data required for them to do their jobs. Appropriate security where remote access is allowed. Encryption of data held on portable devices. Data breach procedures. Appropriate physical security. Staff training and awareness. Monitoring of staff accessing data. Controlling physical access to IT systems and areas where paper-based data are stored. Adopting a clear desk policy. Appropriate techniques for destruction of data. Having back-ups of data off-site. Both Parties shall ensure that the security standards appropriate to the transfer of personal data under this agreement are adhered to. The Party/Parties receiving data shall ensure that all persons who have access to and who process the personal data are obliged to keep the personal data confidential. The Party/Parties receiving data shall ensure that employees having access to the data are properly trained and aware of their data protection responsibilities in respect of that data. Access to the data supplied by the Party disclosing data will be restricted to persons on the basis of least privilege, sufficient to allow such persons carry out their role. Each Party will keep the data secure and ensure that it is transferred securely in accordance with the procedures of this agreement.