Technical Organizational Measures and Security Sample Clauses

Technical Organizational Measures and Security. 3.1 RWS shall implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing the Personal Data. The parties agree that the security measures as described in Exhibit A are appropriate to protect Personal Data against a Personal Data Breach. That these measures ensure a level of security appropriate to the risks presented by the Processing and the nature of the Personal Data to be protected having regard to the state of the art and the cost of their implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. 3.2 RWS shall ensure that any person authorized to process the Personal Data is subject to a strict duty of confidentiality and that they Process the Personal Data only for the purpose of delivering the Services under the Agreement. 3.3 At a minimum, RWS agrees to maintain a recognised standard of security either certified to ISO27001or SOC2 the scope of which contains the Security Measures identified at Exhibit A. The security measures will be reviewed on an annual basis and updated as RWS considers appropriate in order to protect the Personal Data against any new identified internal and external risks. RWS may modify its Security Measures from time to time and at any time, provided, however, that it will not materially reduce the level of protection as provided in this DPA. 3.4 RWS will maintain a Personal Data Breach Incident Response plan which will be reviewed annually.