Measures for ensuring accountability Sample Clauses

Measures for ensuring accountability a. Processor has documented procedures for the Processing of Personal Data. b. In the event that Processor is subject to an audit or investigation by a regulator, Processor is able to provide evidence of how Processor complies with the data protection requirements explained in this General Data Protection Policy. c. When developing or considering a new Processing activity, in particular implementing a new technology or IT system, or changing any existing Processing activities, the owner of the Processing activity shall inform the Data Protection Officer and shall provide the Data Protection Officer with all necessary information in order to keep the related documentation (such as notices, records of Processing activities, data Processing and data transfer agreements) up-to-date.

Measures for ensuring accountability. A. User has performed a data mapping exercise that is compliant with Data Protection Laws and has created an appropriate record of Processing activities in relation thereto. B. User has implemented a privacy program appropriate to the scope and nature of the Personal Data Processed, including, as applicable, reviewing and complying with self-regulatory frameworks where appropriate, conducting data protection impact assessments, and appointing a data protection officer (DPO) or other individuals responsible for privacy and data security as appropriate.

Measures for ensuring accountability. All critical devices, systems, datastores, and applications have event logging enabled. Logging events must contain what occurred, who or what caused the event, when the event occurred (i.e. timestamp), and the associated system applications or data affected by the events. Where possible, the following system, datastore, and application types of events should be logged: ● All authentication events (success and fail) ● Account or role creation, modification, or deletion ● Changes to system or application configuration ● All alerts raised by the access control system ● Administrator or operator activities Centrally collected event logs from systems, datastores, and applications. Access to centrally collected event logs is controlled by these teams and limited to “need to know” scenarios. Centrally collected event logs are retained for a period of no less than 12 months. Tonic uses AWS Control Tower to manage our AWS accounts and aggregate logs into audit and security environments to prevent tampering. Tonic has alarms on logging systems that ensure unexpected behavior is brought to the attention of staff. Erasure Requests: Tonic has implemented procedures for account deletion requests. End-users wishing to have their Personal Information should contact ▇▇▇▇▇▇▇@▇▇▇▇▇.▇▇ Tonic performs initial and annual due diligence activities on our sub-processors to ensure they provide an equivalent or greater level of security and data protection assurance than our own systems.

Measures for ensuring accountability. Octai maintains Records of Processing Activities and conducts Privacy Impact Assessments, where applicable, to ensure compliance with data protection requirements.

Measures for ensuring accountability. Adoption and implementation of data protection policies; • Execution of written agreements with Domo sub-processors who may have access to Subscriber Data; • Implementation of intrusion prevention and detection systems to monitor and log system resources for potential unauthorized access and generate alerts on attempted attacks; • Adoption of retention policies for logs, audit trails and other documentation that provides evidence of security, systems, and audit processes and procedures related to Subscriber Data; • Annual employee security and privacy awareness training.

Measures for ensuring accountability. Veritas has implemented suitable measures to monitor, in accordance with applicable privacy laws, access restrictions of Veritas’s system administrators and to ensure that they act in accordance with instructions received. This is accomplished by: • Individualappointment of system administrators; • Adoption of suitable measures to register system administrators’ access logs to the infrastructure and keep them secure, accurate and unmodified for a reasonable period of time; • Regular audits of system administrators’ activity to assess compliance with assigned tasks, the instructions received by Controller and applicable laws; and • Keeping an updated list with system administrators’ identification details (e.g., name, surname, function, or organizational area) and responsibilities. Veritas has implemented annual testing of the SaaS Solution and relevant processes including security incident response tests, Business Continuity and Disaster Recovery tests, Penetration testing.

Measures for ensuring accountability. ● ▇▇▇▇ has appointed a Data Protection Officer who can be contacted at ▇▇▇@▇▇▇▇.▇▇▇ and has appointed a Chief Information Security Officer to assist the Data Protection Officer with their role and to continuously monitor Jove’s data security practices; ● Jove has implemented policies on GDPR breach notifications, data retention and data subject access requests; Every user is entitled to the following: ▪ The right to access - You have the right to request JoVE for copies of your personal data. We may charge you a small fee for this service ▪ The right to rectification - You have the right to request that JoVE correct any information you believe is inaccurate. You also have the right to request JoVE to complete information you believe is incomplete. ▪ The right to erasure - You have the right to request that JoVE erase your personal data, under certain conditions. ▪ The right to restrict processing - You have the right to request that JoVE restrict the processing of your personal data, under certain conditions. ▪ The right to object to processing - You have the right to object to JoVE’s processing of your personal data, under certain conditions. ▪ The right to data portability - You have the right to request that JoVE transfer the data that we have collected to another organization, or directly to you, under certain conditions. ▪ If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: ▇▇▇▇@▇▇▇▇.▇▇▇

Measures for ensuring accountability. Commvault has implemented suitable measures to monitor, in accordance with applicable privacy laws, access restrictions of Commvault’s system administrators and to ensure that they act in accordance with instructions received. This is accomplished by: Individual appointment of system administrators; Adoption of suitable measures to register system administrators’ access logs to the infrastructure and keep them secure, accurate and unmodified for a reasonable period of time; Regular audits of system administrators’ activity to assess compliance with assigned tasks, the instructions received by Controller and applicable laws; Keeping an updated list with system administrators’ identification details (e.g. name, surname, function or organizational area) and responsibilities. Commvault has implemented annual testing of the SaaS Solution and relevant processes including security incident response tests, Business Continuity and Disaster Recovery tests, Penetration testing. For relevant certifications refer to: MSP has authorised and where necessary obtained the customer’s authorization for the use of the following sub-processors: For Commvault:

Measures for ensuring accountability. ○ L▇▇▇▇ has established clear roles and responsibilities for data protection within the organization. Ultimate accountability for data protection lies with the head of IT which is our Chief Operating Officer. ○ L▇▇▇▇ maintains records of processing activities and demonstrate compliance with GDPR requirements.