SECURITY AND TRAINING. 10.1 The Parties agree to implement appropriate technical and organisational measures to protect the Personal Data in their possession against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure, including but not limited to: a) ensuring IT equipment, including portable equipment is kept in lockable areas when unattended; b) not leaving portable equipment containing the Personal Data unattended; c) ensuring Staff use appropriate secure passwords for logging into systems or databases containing the Personal Data; d) ensuring that all IT equipment is protected by antivirus software, firewalls, passwords and suitable encryption devices; e) ensuring that any Special Category Personal Data is stored and transferred (including where stored or transferred on portable devices or removable media) using industry standard 256-bit AES encryption or suitable equivalent; f) limiting access to relevant databases and systems to those Staff who need to have access to the Personal Data, and ensuring that passwords are changed and updated regularly to prevent inappropriate access when individuals are no longer engaged by the Party; g) conducting regular threat assessment or penetration testing on systems; h) ensuring all Staff handling Personal Data have been made aware of their responsibilities with regards to handling of the Personal Data; and i) allowing for inspections and assessments to be undertaken by the other Party in respect of the security measures taken, or producing evidence of those measures if requested.
Appears in 3 contracts
Sources: Data Sharing Agreement, Data Sharing Agreement, Data Sharing Agreement