Technical and Organisational Security Measures Clause Samples

Technical and Organisational Security Measures. The Supplier shall implement and maintain the following technical and organisational security measures to protect the Protected Data:

Technical and Organisational Security Measures. 3.1 AuditBoard will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks that are presented by the processing of Personal Data, in particular protection against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data as outlined in Security Policy. 3.2 AuditBoard shall require screening of its personnel who may have access to Personal Data and shall require such personnel (i) to Process Personal Data in accordance with Customer’s instructions as set forth in this DPA, (ii) to receive appropriate training on their responsibilities regarding the handling and safeguarding of Personal Data; and

Technical and Organisational Security Measures. Policies and Procedures: IPSX has a comprehensive suite of policies relating to the assessment, development and implementation of controls that secure information and protect Personal Data. These include policies on IT and Information Security, Business Continuity, and Risk Management. All policies are subject to regular review. • Physical access: IPSX has robust measures in place in relation to matters such as office security and the disposal of material and devices.

Technical and Organisational Security Measures. 6.1.1 The Processor is responsible for implementing necessary technical and organisational measures to ensure an appropriate security level. The measures must be implemented with due regard to the current state of the art, costs of implementation and the nature, scope, context and purposes of the processing and the risk of varying likelihood and sever- ity to the rights and freedoms of natural persons. The Processor shall take the category of Personal data described in appendix 1 into consideration in the determination of such measures. 6.1.2 Processor has implemented the technical and organisational security measures as speci- fied in appendix 2 to this Agreement. 6.1.3 The Processor shall implement the suitable technical and organisational measures in such a manner that the processing by the Processor of Personal data meets the requirements of the applicable Personal data regulation. 6.1.4 Should the Processor implement any new technical or organizational security measures in the meaning of this Article, especially in connection with improvement and development of the Primary Service, technical progress and development of technical and organizational security measures, changes in the organization of the Processor, changes in any applica- ble law etc., the specification in the appendix 2 will be updated if necessary. Any change in the technical or organizational security measures must not reduce the level of technical or organizational security measures as specified at the date of signature of this Agreement. 6.1.5 The Parties agree that the provided safeguards and all technical and organisational measures to ensure an appropriate security level of Personal data as specified in appendix 2 are adequate at the date of conclusion of this Agreement.

Technical and Organisational Security Measures. Each Party will ensure that it has appropriate technical and organisational measures in place to reasonably ensure that the security, confidentiality, integrity, availability and resilience of Processing systems and services involved in the Processing of any Personal Data are commensurate with the risk in respect of such Personal Data and to guard against any Personal Data Breaches. Each party will periodically (i) test and monitor the effectiveness of its safeguards, controls, systems and procedures and (ii) identify reasonably foreseeable internal and external risks to the security, confidentiality and integrity of the Personal Data, and ensure these risks are addressed.

Technical and Organisational Security Measures. The Data Processor shall, taking into consideration the current technical capabilities, im- plementation costs and the nature of the processing in question, its scope, content, and purpose, in addition to the likelihood of risks materialising and their impact on the rights of physical individuals and their rights to freedom, implement appropriate technical and organisational measures to, among other things, prevent the occurrence of:  accidental or illegal destruction, loss, or change  unauthorised transfer, access or misuse 6.1 The Data Processor must be able to demonstrate to the Data Controller that the Data Processor has the necessary technical and organisational security measures in place. The Parties agree that the guarantees stated in Appendix 3 are sufficient at the moment of entering into this Data Processing Agreement. 6.2 Without undue delay and no later than 24 hours after the Data Processor has become aware of a security breach, the Data Processor shall notify the Data Controller in writing of this. This notification shall, at a minimum, and to the extent possible in light of the nature of the incident, include the following: 1) information on the nature of the found security breach, 2) what categories of registered individuals is affected by it, and 3) an approximate number of the affected registered individuals, including categories of com- prehensive personal data and the number of these in addition to what preventive or miti- gating measures the Data Processor has implemented as a result of the found security breach. 6.3 Upon written request, the records must be made available to the Data Controller or the supervising authorities.

Technical and Organisational Security Measures. 4.1. Stack will implement appropriate technical and organisational security measures appropriate to the risks that are presented by the processing of Personal Data, in particular protection against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data as set out in Appendix 4. 4.2. Stack will take reasonable steps to ensure that only authorised personnel have access to Personal Data and that any persons whom it authorises to access the Personal Data are under obligations of confidentiality. 4.3. Stack may arrange for a qualified and independent assessor to conduct an assessment of ▇▇▇▇▇’s policies and technical and organisational measures using an appropriate and accepted control standard or framework and assessment procedure for such assessments. Stack shall provide a report of such assessment to Customer upon written request.

Technical and Organisational Security Measures. Description of the technical and organisational measures implemented by the processor(s) / data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. Measure Description Measures of pseudonymisation and encryption of personal data Company warrants and represents that the Measures are in place and shall remain in place for the duration of the processing. Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing

Technical and Organisational Security Measures. HotelFlex maintains internal policies and procedures, or procures that its Subprocessors do so, which are designed to: