Technical and organisational precautions Sample Clauses

The 'Technical and organisational precautions' clause defines the requirement for parties to implement appropriate measures to protect data or information from unauthorized access, loss, or misuse. In practice, this clause typically obligates organizations to use safeguards such as encryption, secure access controls, regular security assessments, and staff training to ensure data security. Its core function is to mitigate risks related to data breaches and ensure compliance with relevant data protection laws, thereby protecting both parties from potential legal and reputational harm.
Technical and organisational precautions. The Data Processor must, as a minimum, take the technical and organisational steps described below in connection with the processing of personal data covered by the Data Processing Agreement. If more detailed technical and organisational steps are necessary to ensure compliance with clause 4 of the Data Processing Agreement, these steps must always be taken.
View SourceView Similar (6)
Technical and organisational precautions. The Data Processor must, as a minimum, take the technical and organisational steps described below in connection with the processing of personal data covered by the Data Processing Agreement. If more detailed technical and organisational steps are necessary to ensure compliance with clause 4 of the Data Processing Agreement, these steps must always be taken. The Data Processor must take the measures necessary to identify, evaluate and limit any reasonably foreseeable internal and external risks to the availability, confidentiality or integrity of all personal data covered by the Data Processing Agreement. The Data Processor must take appropriate technical steps to limit the risk of any unauthorised access. The Data Processor must evaluate and improve the effectiveness of these precautions when necessary. The Data Processor must document identified risks, as well as when a risk is reduced to an acceptable level. The above obligation involves the Data Processor carrying out a risk evaluation followed by measures to counter identified risks. This could include any relevant measures from the following list: Pseudonymisation and encryption of personal data Capability to ensure continued confidentiality, integrity, availability and resilience of processing systems and services Capability to correctly re-establish availability of and access to personal data in the case of a physical or technical incident A procedure for regular trial, assessment and evaluation of the effectiveness of the technical and organisational measures for ensuring security of processing. The Data Processor must have formal procedures for handling security incidents. The Data Processor must be able to document which employees are authorised to access personal data processed under the Data Processing Agreement. Output data materials are covered by the same instructions as input data materials, with the following addition: Output data may only be used by persons who are engaged in purposes for which the personal data is being processed, as well as for auditing, technical maintenance, operational monitoring and corrective measures etc. There must be a register of the mobile storage units used in connection with data processing. The Data Processor must regularly check that backups are readable. This must include a perspective of preparedness – for example, for significant changes in a system’s technical set-up.
View Source

Related to Technical and organisational precautions

  • Technical and Organisational Measures The Supplier shall, taking into account the state of technical development and the nature of Processing, implement and maintain appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful Processing, destruction or accidental loss, alteration, or unauthorised disclosure of the Personal Data.

  • Technical and Organizational Measures The following sections define SAP’s current technical and organizational measures. SAP may change these at any time without notice so long as it maintains a comparable or better level of security. Individual measures may be replaced by new measures that serve the same purpose without diminishing the security level protecting Personal Data.

  • Technical Safeguards 1. USAC and DSS will process the data matched and any data created by the match under the immediate supervision and control of authorized personnel to protect the confidentiality of the data, so unauthorized persons cannot retrieve any data by computer, remote terminal, or other means. 2. USAC and DSS will strictly limit authorization to these electronic data areas necessary for the authorized user to perform their official duties. All data in transit will be encrypted using algorithms that meet the requirements of the Federal Information Processing Standard (FIPS) Publication 140-2 or 140-3 (when applicable). 3. Authorized system users will be identified by User ID and password, and individually tracked to safeguard against the unauthorized access and use of the system. System logs of all user actions will be saved, tracked and monitored periodically. 4. USAC will transmit data to DSS via encrypted secure file delivery system. For each request, a response will be sent back to USAC to indicate success or failure of transmission.

  • Certification Regarding Business with Certain Countries and Organizations Pursuant to Subchapter F, Chapter 2252, Texas Government Code, PROVIDER certifies it is not engaged in business with Iran, Sudan, or a foreign terrorist organization. PROVIDER acknowledges this Purchase Order may be terminated if this certification is or becomes inaccurate.

  • SAFETY PRECAUTIONS AND PROGRAMS The Contractor shall be responsible for initiating, maintaining and supervising all safety precautions and programs in connection with the Work.