Information Security Measures. 7.1 The Processor shall take appropriate technical and organisational precautions to ensure the secure Processing of the Controller’s Personal Data, especially to prevent and protect the Personal Data from accidental loss, modification, destruction or damage. When assessing the appropriate level of such information security measures, the Processor must take into account the risks related to Processing the Personal Data, the level of technology, the implementation costs, the nature, scope, context, and purposes of the Processing, and the risks affecting the rights and freedoms of natural persons, which vary in likelihood and severity. At a minimum, the Processor undertakes to: 7.1.1 pseudonymise and encrypt the Personal Data to uphold their confidentiality, if necessary; 7.1.2 guarantee the continuous confidentiality, integrity, availability and fault-tolerance of the processing systems and services; 7.1.3 ensure the capability to restore availability and access to the Personal Data within a reasonable time in the event of a physical or technical failure; 7.1.4 create an operating model for testing, investigating and regularly assessing the effectiveness of the technical and organisational measures to ensure secure data processing; and 7.1.5 conduct information security audits on the Personal Data processing functions. 7.2 The Processor understands that the Personal Data is confidential and should be treated accordingly. The Processor shall ensure that the Personal Data is only processed by persons who are entitled to process them to provide the Service agreed upon in the Service Agreement. The Processor shall ensure that the persons entitled to process the Personal Data have undertaken to comply with a confidentiality obligation or are covered by an appropriate statutory confidentiality obligation.
Appears in 2 contracts
Sources: General Terms and Conditions, General Terms and Conditions