Common use of SECURITY AND TRAINING Clause in Contracts

SECURITY AND TRAINING. 10.1 The Data Discloser shall be responsible for the security of transmission of any Shared Personal Data in transmission to the Data Receiver by using appropriate technical methods. These are detailed below: 10.2 The Parties agree to implement appropriate technical and organisational measures to protect the Shared Personal Data in their possession against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure, including but not limited to: Ensuring IT equipment, including portable equipment is kept in lockable areas when unattended; Not leaving portable equipment containing the Personal Data unattended; Ensuring that staff use appropriate secure passwords for logging into systems or databases containing the Personal Data; Ensuring that all IT equipment is protected by antivirus software, firewalls, passwords and suitable encryption devices; In particular ensure that any Sensitive Personal Data is stored and transferred (including where stored or transferred on portable devices or removable media) using industry standard 256-bit AES encryption or suitable equivalent; limiting access to relevant databases and systems to those of its officers, staff agents and sub-contractors who need to have access to the Personal Data, and ensuring that passwords are changed and updated regularly to prevent inappropriate access when individuals are no longer engaged by the Party; Conducting regular threat assessment or penetration testing on systems. Ensuring all staff handling Personal Data have been made aware of their responsibilities with regards to handling of Personal Data. Allowing for inspections and assessments to be undertaken by the other Party in respect of the security measures taken, or producing evidence of those measures if requested.

SECURITY AND TRAINING. ‌ 10.1 The Data Discloser shall be responsible for the security of transmission of any Shared Personal Data in transmission to the Data Receiver by using appropriate technical methods. These are detailed below: The University will only share Shared Personal Data in compliance with its encryption policy (a copy of the current version can be found via the following link ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇.▇▇.▇▇/web/files/imps/encryption_policy_v1.3CURRENT.pdf) 10.2 The Parties agree to implement appropriate technical and organisational measures to protect the Shared Personal Data in their possession against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure, including but not limited to: o Ensuring IT equipment, including portable equipment is kept in lockable areas when unattended; o Not leaving portable equipment containing the Personal Data unattended; o Ensuring that staff use appropriate secure passwords for logging into systems or databases containing the Personal Data; o Ensuring that all IT equipment is protected by antivirus software, firewalls, passwords and suitable encryption devices; o In particular ensure that any Sensitive Personal Data is stored and transferred (including where stored or transferred on portable devices or removable media) using industry standard 256-bit AES encryption or suitable equivalent; limiting o Limiting access to relevant databases and systems to those of its officers, staff agents and sub-contractors who need to have access to the Personal Data, and ensuring that passwords are changed and updated regularly to prevent inappropriate access when individuals are no longer engaged by the Party; o Conducting regular threat assessment or penetration testing on systems. o Ensuring all staff handling Personal Data have been made aware of their responsibilities with regards to handling of Personal Data. o Allowing for inspections and assessments to be undertaken by the other Party in respect of the security measures taken, or producing evidence of those measures if requested.

SECURITY AND TRAINING. 10.1 The Data Discloser shall be responsible for the security of transmission of any Shared Personal Data in transmission to the Data Receiver by using appropriate technical methods. These are detailed below:. 10.2 The Parties agree to implement appropriate technical and organisational measures to protect the Shared Personal Data in their possession against unauthorised or unlawful processing and against processing, accidental loss, destruction, damage, alteration or disclosure, including but not limited to: : a) Ensuring IT equipment, including portable equipment is kept in lockable areas when unattended; Not not leaving portable equipment containing the Shared Personal Data unattended; ; b) Ensuring that staff use appropriate secure passwords for logging into systems or databases containing the Shared Personal Data; ; c) Ensuring that all IT equipment is protected by antivirus software, firewalls, passwords and suitable encryption devices; ; d) In particular ensure that any Sensitive Personal Data is stored and transferred (including where stored or transferred on portable devices or removable media) using industry standard 256-bit AES encryption or suitable equivalent; limiting ; e) Limiting access to relevant databases and systems to those of its officers, staff agents and sub-contractors who need to have access to the Personal Data, and ensuring that passwords are changed and updated regularly to prevent inappropriate access when individuals are no longer engaged by the Party; ; f) Conducting regular threat assessment or penetration testing on systems. . g) Ensuring all staff handling Personal Data have been made aware of their responsibilities with regards to handling of Personal Data. Allowing for inspections and assessments to be undertaken by the other Party in respect of the security measures taken, or producing evidence of those measures if requested.