TECHNICAL AND ORGANISATIONAL MEASURES Clause Samples
POPULAR SAMPLE Copied 14 times
TECHNICAL AND ORGANISATIONAL MEASURES. 8.1 The information security regime implemented by the Provider shall be compliant with all relevant legislation, and shall conform to recognised Good Industry Practice.
8.2 Appropriate technical, security and organisational measures shall be taken by the Provider to safeguard against accidental or unlawful destruction, damage, loss, alteration, unauthorised disclosure of or access to, Personal Data.
8.3 The Provider shall apply organisational and technical controls such as network and system specific security, physical security, user access privileges, user passwords, including but not limited to the following to ensure that:
8.3.1 irrespective of whether Personal Data is at rest or in transit, the controls deployed are appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction or damage taking account of the nature and sensitivity of Personal Data;
8.3.2 physical measures provide effective protection for information, systems and services from unauthorised access, theft, interference or damage;
8.3.3 procedures are in place to identify and resolve software and system faults and failures, including the identification of malicious software;
8.3.4 access to Personal Data is role based for legitimate business purposes in accordance with the “need to know” principle and that user permissions are controlled and granted and removed in line with job responsibilities;
8.3.5 sufficiently complex password controls are implemented for all authorised personnel with role based access to Personal Data;
8.3.6 passwords, usernames and access codes are not disclosed to any other person (whether employed by the Provider or not) and that all passwords and security codes are kept securely;
8.3.7 remote access to the Providers’ secure network requires two factor authentication (something the user knows and a token they have);
8.3.8 where Personal Data is not stored solely on secure networks:
(i) only portable devices owned and controlled by the Provider are used to transport Personal Data and devices with built- in hard drives, deploy recognised industry standard encryption software;
(ii) only the minimum necessary Personal Data is transported on portable devices or in paper form
(iii) systems are in place to account for the movement of paper documents removed from and returned to the secure environment;
(iv) paper documents are kept secure and returned to the secure environment without delay and are not left in unatte...
TECHNICAL AND ORGANISATIONAL MEASURES. 7.1. Taking into account the state of the art, the cost of implementation, and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor shall implement appropriate technical and organisational
(a) the pseudonymisation and encryption of personal data, especially during the transfer and storage of such data;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
7.2. The Processor declares and warrants that it has a Business Continuity / Disaster Recovery Plan, which allows the continuity of all the means required for the provision of the services of the Agreement and their uninterrupted and unobstructed provision to the Cyprus Energy Regulatory Authority and the availability of personal data.
7.2.1. Periodically update and test the above Business Continuity / Disaster Recovery Plan, in accordance with industry best practices;
7.2.2. Inform the Data Protection Officer of the Cyprus Energy Regulatory Authority without delay of any development, which may substantially affect its ability to carry out the processing effectively and in accordance with the Legislative Framework;
7.2.3. Inform the Data Protection Officer of the Cyprus Energy Regulatory Authority for any event of its inability to provide services, without delay from the occurrence of the event and immediately after its completion, unless otherwise specified in the Data Processing Addendum.
7.3. The Processor is obliged, when assessing the appropriate level of security of Processing, to take into account in particular the risks from such processing and especially from the personal data breach.
7.4. The technical and organisational measures governing any processing are specified in the relevant Data Processing Addendum.
TECHNICAL AND ORGANISATIONAL MEASURES shall implement and maintain, at its cost and expense, the technical and organisational measures:
TECHNICAL AND ORGANISATIONAL MEASURES. Axis has implemented the technical and organisational measures set out in the Security Annex to ensure a level of security appropriate to the risks for rights and freedoms of natural persons posed by Axis’ processing operations. Data Controller hereby confirms and approves that the measures described in the Security Annex are appropriate for Axis’ processing of personal data under GDPR. Axis shall ensure that only persons that need access to personal data in order to fulfil their work tasks as part of the Services have access to personal data, and that such persons are subject to appropriate confidentiality undertakings.
TECHNICAL AND ORGANISATIONAL MEASURES. The Supplier shall, taking into account the state of technical development and the nature of Processing, implement and maintain appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful Processing, destruction or accidental loss, alteration, or unauthorised disclosure of the Personal Data.
TECHNICAL AND ORGANISATIONAL MEASURES. (1) Before the commencement of processing, the Supplier shall document the execution of the necessary Technical and Organisational Measures, set out in advance of the awarding of the Order or Contract, specifically with regard to the detailed execution of the contract, and shall present these documented measures to the Client for inspection. Upon acceptance by the Client, the documented measures become the foundation of the contract. Insofar as the inspection/audit by the Client shows the need for amendments, such amendments shall be implemented by mutual agreement.
(2) The Supplier shall establish the security in accordance with Article 28 Paragraph 3 Point c, and Article 32 GDPR in particular in conjunction with Article 5 Paragraph 1, and Paragraph 2 GDPR. The measures to be taken are measures of data security and measures that guarantee a protection level appropriate to the risk concerning confidentiality, integrity, availability and resilience of the systems. The state of the art, implementation costs, the nature, scope and purposes of processing as well as the probability of occurrence and the severity of the risk to the rights and freedoms of natural persons within the meaning of Article 32 Paragraph 1 GDPR must be taken into account. [Details in Appendix 1]
(3) The Technical and Organisational Measures are subject to technical progress and further development. In this respect, it is permissible for the Supplier to implement alternative adequate measures. In so doing, the security level of the defined measures must not be reduced. Substantial changes must be documented.
TECHNICAL AND ORGANISATIONAL MEASURES. 4.1 The Supplier shall implement and maintain, at its cost and expense, appropriate technical and organisational measures in relation to the processing of Protected Data by the Supplier:
4.1.1 such that the processing will meet the requirements of Data Protection Laws and ensure the protection of the rights of Data Subjects;
4.1.2 so as to ensure a level of security in respect of Protected Data processed by it that is appropriate to the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed; and
4.1.3 without prejudice to clause 6.1, insofar as is possible, to assist the Charity in the fulfilment of the Charity’s obligations to respond to Data Subject Requests relating to Protected Data.
4.2 Without prejudice to clause 4.1, the Supplier shall, in respect of the Protected Data processed by it under this Agreement comply with the requirements regarding security of processing set out in Data Protection Laws (as applicable to Data Processors), all relevant Charity Policies and this Agreement.
TECHNICAL AND ORGANISATIONAL MEASURES. 7.1. Shireburn shall ensure that its processing of Client Data, including Personal Data, shall be undertaken in line with the Technical and Organisational Measures defined at ▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇▇▇▇▇▇▇▇▇▇/▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇▇▇, aimed at protecting Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, such measures being appropriate to the risks involved.
7.2. It is agreed that modifications to these Technical and Organisational Measures can be effected by Shireburn publishing the modified measures at ▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇▇▇▇▇▇▇▇▇▇/▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇▇▇ giving the client ten (10) days’ notice in accordance with clause 16 of this Agreement.
TECHNICAL AND ORGANISATIONAL MEASURES. (1) The Contractor undertakes towards the Customer to comply with the technical and organisational measures required to comply with the applicable data protection regulations. This includes in particular the provisions of Art. 32
TECHNICAL AND ORGANISATIONAL MEASURES. Data importer will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Personal Data uploaded to the Services, as described in the Security Documentation applicable to the specific Services purchased by data exporter, and accessible as made reasonably available by data importer. Data Importer will not materially decrease the overall security of the Services during a subscription term. Data Subject Requests shall be handled in accordance with section 3 of the DPA.