Common use of AVAILABILITY AND RESILIENCE Clause in Contracts

AVAILABILITY AND RESILIENCE. The processing of personal data must occur on data processing systems that undergo regular, documented patch management. No systems may be connected in the network that are outside the maintenance cycles of the manufacturers (esp. no Windows XP, Windows Server 2003, etc.). Security- related patches must be installed within 72 hours after being announced. The continuous availability of personal data must be ensured by means of redundant storage media and data backups in accordance with the state of the art. Data centers and server rooms must correspond to the state of the art (temperature regulation, protection against fire, water penetration, etc.). The servers must have an uninterruptible power supply (UPS) that ensures a controlled shutdown without data loss. The company has implemented the requirements in the following manner: Regular documented patch management for the server Installation of security-critical patches within 72 hours Data storage on storage systems Spatially separated redundant data storage Uninterruptable power source Redundant air conditioning of the servers Early fire detection