Common use of SECURITY AND TRAINING Clause in Contracts

SECURITY AND TRAINING. 10.1 The Data Discloser shall be responsible for the security of transmission of any Shared Personal Data in transmission to the Data Receiver by using appropriate technical methods. These are detailed below: Via a secure Sharepoint site, set up by The Brillant Club and in no circumstances by email. 10.2 The Parties agree to implement appropriate technical and organisational measures to protect the Shared Personal Data in their possession against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure, including but not limited to: a) Ensuring IT equipment, including portable equipment is kept in lockable areas when unattended; not leaving portable equipment containing the Shared Personal Data unattended; b) Ensuring that staff use appropriate secure passwords for logging into systems or databases containing the Shared Personal Data; c) Ensuring that all IT equipment is protected by antivirus software, firewalls, passwords and suitable encryption devices; d) In particular ensure that any Sensitive Personal Data is stored and transferred (including where stored or transferred on portable devices or removable media) using industry standard 256-bit AES encryption or suitable equivalent; e) Limiting access to relevant databases and systems to those of its officers, staff agents and sub-contractors who need to have access to the Personal Data, and ensuring that passwords are changed and updated regularly to prevent inappropriate access when individuals are no longer engaged by the Party; f) Conducting regular threat assessment or penetration testing on systems. g) Ensuring all staff handling Personal Data have been made aware of their responsibilities with regards to handling of Personal Data.

SECURITY AND TRAINING. 10.1 The Data Discloser shall be responsible for the security of transmission of any Shared Personal Data in transmission to the Data Receiver by using appropriate technical methods. These are detailed below: Via a secure Sharepoint site, set up by The Brillant Brilliant Club and in no circumstances by email. 10.2 The Parties agree to implement appropriate technical and organisational measures to protect the Shared Personal Data in their possession against unauthorised or unlawful processing and against processing, accidental loss, destruction, damage, alteration or disclosure, including but not limited to: a) Ensuring IT equipment, including portable equipment is kept in lockable areas when unattended; not leaving portable equipment containing the Shared Personal Data unattended; b) Ensuring that staff use appropriate secure passwords for logging into systems or databases containing the Shared Personal Data; c) Ensuring that all IT equipment is protected by antivirus software, firewalls, passwords and suitable encryption devices; d) In particular ensure that any Sensitive Personal Data is stored and transferred (including where stored or transferred on portable devices or removable media) using industry standard 256-bit AES encryption or suitable equivalent; e) Limiting access to relevant databases and systems to those of its officers, staff agents and sub-contractors who need to have access to the Personal Data, and ensuring that passwords are changed and updated regularly to prevent inappropriate access when individuals are no longer engaged by the Party; f) Conducting regular threat assessment or penetration testing on systems. g) Ensuring all staff handling Personal Data have been made aware of their responsibilities with regards to handling of Personal Data.