Information Security Policies and Standards Sample Clauses

Information Security Policies and Standards. The Data Importer will implement security requirements for staff and all subcontractors, Service Providers, or agents who have access to Personal Data. These are designed to: • Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); • Prevent Personal Data processing systems being used without authorization (logical access control); • Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); • Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control); – Ensure the establishment of an audit trail to document whether and by whom Personal Data have been entered into, modified in, or removed from Personal Data Processing (entry control); – Ensure that Personal Data are Processed solely in accordance with the Instructions (control of instructions); • Ensure that Personal Data are protected against accidental destruction or loss (availability control); and • Ensure that Personal Data collected for different purposes can be processed separately (separation control). These rules are kept up to date and revised whenever relevant changes are made to the information system that uses or houses Personal Data, or to how that system is organized.

Information Security Policies and Standards. Supplier must implement security requirements for staff and all subcontractors, suppliers, or agents who have access to Seagate Personal Information that are designed to: 1. Prevent unauthorized persons from gaining access to Seagate Personal Information processing systems (physical access control);

Information Security Policies and Standards. The data importer will implement appropriate security requirements for staff and all subcontractors, service providers, or agents who have access to data exporter personal data (“Personal Data”). These are designed to: ● Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); ● Prevent Personal Data processing systems being used without authorization (logical access control); ● Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); ● Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control); ● Ensure that Personal Data are processed solely in accordance with the data exporter’s instructions (“Instructions”) (control of instructions); and ● Ensure that Personal Data are appropriately protected against accidental destruction or loss (availability control). These rules are kept up to date, and revised whenever relevant changes are made to information systems that use, process, transmit or store Personal Data, or to how those systems are organized. Security policies and standards are monitored and maintained on an ongoing basis to ensure compliance.

Information Security Policies and Standards. The Data Importer will implement security requirements for staff and all subcontractors, Service Providers, or agents who have access to Personal Data. These are designed to: • Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); • Prevent Personal Data processing systems being used without authorization (logical access control); • Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and Úřad pro ochranu osobních údajů, Pplk. Sochora 27, 170 00 Praha 7; ▇▇▇▇▇://▇▇▇.▇▇▇▇.▇▇/ PŘÍLOHA II TECHNICKÁ A ORGANIZAČNÍ OPATŘENÍ VČETNĚ TECHNICKÝCH A ORGANIZAČNÍCH OPATŘENÍ K ZAJIŠTĚNÍ ZABEZPEČENÍ ÚDAJŮ VYSVĚTLIVKY: Technická a organizační opatření musí být popsána konkrétně (nikoli obecně). Viz také obecnou poznámku na první stránce dodatku týkající se zejména potřeby jasně uvést, která opatření se vztahují na každé jednorázové nebo souborné předání. Popis technických a organizačních opatření zavedených dovozcem nebo dovozci údajů (včetně veškerých příslušných certifikací) za účelem zajištění vhodné úrovně zabezpečení s přihlédnutím k povaze, rozsahu, kontextu a účelu zpracování a rizikům pro práva a svobody fyzických osob. 1.

Information Security Policies and Standards. The Data Importer will implement security requirements for staff and all subcontractors, Service Providers, or agents who have access to Personal Data. These are designed to: • Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); • Prevent Personal Data processing systems being used without authorization (logical access control); • Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); • Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or TECHNICKÁ A ORGANIZAČNÍ OPATŘENÍ VČETNĚ TECHNICKÝCH A ORGANIZAČNÍCH OPATŘENÍ K ZAJIŠTĚNÍ ZABEZPEČENÍ ÚDAJŮ VYSVĚTLIVKY: Technická a organizační opatření musí být popsána konkrétně (nikoli obecně). Viz také obecnou poznámku na první stránce dodatku týkající se zejména potřeby jasně uvést, která opatření se vztahují na každé jednorázové nebo souborné předání. Popis technických a organizačních opatření zavedených dovozcem nebo dovozci údajů (včetně veškerých příslušných certifikací) za účelem zajištění vhodné úrovně zabezpečení s přihlédnutím k povaze, rozsahu, kontextu a účelu zpracování a rizikům pro práva a svobody fyzických osob. 1.

Information Security Policies and Standards. Processor will implement security requirements for staff and all subcontractors, vendors or agents who have access to Personal Data that are designed to ensure a level of security appropriate to the risk and address the requirements detailed in these Security Standards. Processor will conduct periodic risk assessments and review and, as appropriate, revise its information security practices at least annually or whenever there is a material change in Processor’s business practices that may reasonably affect the security, confidentiality or integrity of Personal Data, provided that Processor will not modify its information security practices in a manner that will weaken or compromise the confidentiality, availability or integrity of Personal Data. Processor shall keep written records of such assessments and reviews. Processor will have in place documents that specify its policies and practices in relation to Personal Data that are accessible to the Data Subject, such as an online privacy policy. The Processor will maintain commercially reasonable security systems at all Processor sites at which an information system that uses or houses Personal Data is located. The Processor reasonably and appropriately restricts access to such Personal Data and has in place practices to prevent unauthorized individuals from gaining access to Personal Data. Processor will maintain records specifying which media are used to store Personal Data. When media are to be disposed of or reused, procedures have been implemented to prevent any subsequent retrieval of any Personal Data stored on the media before they are withdrawn from the inventory. When media are to leave the premises at which the files are located as a result of maintenance operations, procedures have been implemented to prevent undue retrieval of Personal Data stored on them. Processor will implement security policies and procedures to classify sensitive information assets, clarify security responsibilities and promote awareness for employees. All Personal Data security incidents are managed in accordance with appropriate incident response procedures.

Information Security Policies and Standards. Alicent will maintain written information security policies, standards and procedures addressing administrative, technical, and physical security controls and procedures. These policies, standards, and procedures shall be kept up to date, and revised whenever relevant changes are made to the information systems that use or store Personal Data.

Information Security Policies and Standards. XtendLive will implement and maintain industry- standard security requirements and measures for staff and all subcontractors, vendors, and agents who have access to Customer Personal Data, that are reasonably designed to: a. prevent unauthorized persons from gaining access to Customer Personal Data processing systems; b. prevent Customer Personal Data processing systems being used without authorization; c. ensure that persons entitled to use a Customer Personal Data processing system gain access only to such Customer Personal Data as they are entitled to access in accordance with their access rights and that, in the course of processing or use and after storage, Customer Personal Data cannot be read, copied, modified or deleted without authorization; d. ensure that Customer Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of Customer Personal Data by means of data transmission facilities can be established and verified; e. ensure the establishment of an audit trail to document whether and by whom Customer Personal Data have been entered into, modified in, or removed from Customer Personal Data processing; f. ensure that Customer Personal Data are processed solely in accordance with the instructions; g. ensure that Customer Personal Data are protected against accidental destruction or loss; and

Information Security Policies and Standards. BioCatch will implement security requirements for staff and all subprocessors or agents who have access to End User Data that are designed to ensure a level of security appropriate to the risk and address the requirements detailed in these Security Standards. BioCatch will conduct periodic risk assessments and review and, as appropriate, revise its information security practices at least annually or whenever there is a material change in BioCatch’s business practices that may reasonably affect the security, confidentiality or integrity of End User Data, provided that BioCatch will not modify its information security practices in a manner that will intentionally weaken or compromise the confidentiality, availability or integrity of End User Data. BioCatch shall keep written records of such assessments and review.