Common use of DATA SECURITY AND SAFEGUARDS Clause in Contracts

DATA SECURITY AND SAFEGUARDS. The Supplier shall (i) implement and maintain appropriate organizational, operational, managerial, physical and technical measures to protect the Personal Data and any other Sanoma’s data against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure or access, especially where the Processing involves the transmission of data over a network; (ii) assess the measures necessary to ensure a level of security appropriate to the risks presented by the Processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; (iii) ensure that technical measures comply with industry standards and best practices such as ISO 27001/27002 (or equivalent, such as SSAE-16(2)); (iv) limit access to the Personal Data to authorized and properly trained personnel with a well-defined “need-to-know” basis, and who are bound by appropriate confidentiality obligations; (v) ensure by technical and organizational means that Personal Data is not Processed for different purposes (e.g. for the Supplier’s other customers’ purposes); (vi) ensure that the Personal Data is Processed separately from the data of other Supplier’s customers; and (vii) take all necessary precautions in performing the Services to prevent: loss and alteration of any data, unauthorized access to Sanoma’s IT environment, introduction of viruses to Sanoma’s systems, improper access to Sanoma’s IT environment and confidential information of Sanoma.