Common use of Information Security Policies and Standards Clause in Contracts

Information Security Policies and Standards. The data importer will implement appropriate security requirements for staff and all subcontractors, service providers, or agents who have access to data exporter personal data (“Personal Data”). These are designed to: ● Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); ● Prevent Personal Data processing systems being used without authorization (logical access control); ● Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); ● Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control); ● Ensure that Personal Data are processed solely in accordance with the data exporter’s instructions (“Instructions”) (control of instructions); and ● Ensure that Personal Data are appropriately protected against accidental destruction or loss (availability control). These rules are kept up to date, and revised whenever relevant changes are made to information systems that use, process, transmit or store Personal Data, or to how those systems are organized. Security policies and standards are monitored and maintained on an ongoing basis to ensure compliance.

Information Security Policies and Standards. The data importer will implement appropriate security requirements for staff and all subcontractors, service providers, or agents who have access to data exporter personal data (“Personal Data”). These are designed to: ● • Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); ● • Prevent Personal Data processing systems being used without authorization (logical access control); ● • Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); ● • Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control); ● • Ensure that Personal Data are processed solely in accordance with the data exporter’s instructions (“Instructions”) (control of instructions); and ● • Ensure that Personal Data are appropriately protected against accidental destruction or loss (availability control). These rules are kept up to date, and revised whenever relevant changes are made to information systems that use, process, transmit or store Personal Data, or to how those systems are organized. Security policies and standards are monitored and maintained on an ongoing basis to ensure compliance.

Information Security Policies and Standards. The data importer will implement appropriate security requirements for staff and all subcontractors, service providers, or agents who have access to data exporter personal data (“Personal Data”). These are designed to: ● • Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); ● • Prevent Personal Data processing systems being used without authorization (logical access control); ● • Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); ● • Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control); ● • Ensure that Personal Data are processed solely in accordance with the data exporter’s instructions (“Instructions”) (control of instructions); and ● • Ensure that Personal Data are appropriately protected against accidental destruction or loss (availability control). These rules are kept up to date, and revised whenever relevant changes are made to information systems that use, process, transmit or store Personal Data, or to how those systems are organized. Security policies and standards are monitored and maintained on an ongoing basis to ensure compliance.

Information Security Policies and Standards. The relevant data importer will implement appropriate security requirements for staff and all subcontractors, service providers, or agents who have access to data exporter personal data (“Personal Data”). These are designed to: ● • Prevent unauthorized persons from gaining access to Personal Data processing systems (physical access control); ● • Prevent Personal Data processing systems being used without authorization (logical access control); ● • Ensure that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to access in accordance with their access rights and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control); ● • Ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control); ● • Ensure that Personal Data are processed solely in accordance with the data exporter’s instructions (“Instructions”) (control of instructions); and ● • Ensure that Personal Data are appropriately protected against accidental destruction or loss (availability control). These rules are kept up to date, and revised whenever relevant changes are made to information systems that use, process, transmit or store Personal Data, or to how those systems are organized. Security policies and standards are monitored and maintained on an ongoing basis to ensure compliance.