Security of the Service. 1. Elements of the network infrastructure used to process personal data are secured against the loss of accessibility through application and provision of maintenance services provided by producers and distributors. 2. Periodical independent tests of the vulnerability of IT systems that process personal data to threats are carried out. 3. Security gaps are periodically scanned on the platforms and in the networks that process personal data so that general security standards connected specifically with system reinforcement are complied with. 4. As a result of penetration tests, vulnerability scanning and compliance assessment, a corrective program is run on a periodic basis according to a risk-based approach to make effective use of the tests’ results. 5. A training program regarding the rules of secure software has been developed and provided. 6. A software security testing program has been developed and provided. 7. The subcontractor and provider selection rules that have been developed guarantee adequate level of technical and organizational security of the services provided and the tasks performed. 8. The sub-processors and other service providers auditing standards and mechanisms have been developed and their implementation has been guaranteed.
Appears in 7 contracts
Sources: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement