Technical Security Measures Clause Samples

Technical Security Measures. 1.1 Delightex carries out regularly - and at least annually - an assessment of whether procedures, policies and records of processing activities must be updated. 1.2 Delightex has installed an antivirus program that is continuously updated for the systems and databases used to process personal data. 1.3 Delightex has ensured that external access to systems and databases used for processing personal data happens through secured firewall. 1.4 Delightex’ internal network is segmented in order to ensure limited access to systems and databases used to process personal data. 1.5 Delightex has ensured that access to personal data is isolated to users with a work-related need. 1.6 Delightex's systems and databases used for processing personal data are established with system monitoring with alarm. 1.7 Delightex uses effective encryption for the transmission of confidential and sensitive personal data via the internet and by email. 1.8 Delightex logs changes made by system administrators, changes in log settings, including the deactivation of logging, changes in system users permissions and failed attempts to login to Delightex's systems, databases and networks. 1.9 Delightex has ensured that implemented technical security measures are being tested continuously by the use of vulnerability scans and penetration tests. 1.10 Changes to systems, databases and network follow procedures that ensure maintenance with relevant updates and patches, including security patches. 1.11 Delightex has formalized procedures for the assignment and revocation of user access to personal data, after which user access is reassessed regularly, including whether rights can still be justified by a work-related need.

Technical Security Measures. 2.2. 技術的なセキュリティ対策 2.2.1. ACCESS ADMINISTRATION. Access to the Subscription Service by ServiceNow employees and contractors is protected by authentication and authorization mechanisms. User authentication is required to gain access to production and sub-production instances. Access privileges are based on job requirements and are revoked upon termination of employment or consulting relationships. Production infrastructure includes appropriate user account and password controls (e.g., the required use of VPN connections, complex passwords with expiration dates, and a two-factored authenticated connection) and is accessible for administration. 2.2.1. アクセス管理 ServiceNow の従業員および請負人によるサブスクリプション・サービスに対するアクセスは、認証および承認メカニズムにより保護されます。本番環境および準本番環境インスタンスへのアクセスにはユーザー認証が要求されます。アクセス特権は、業務上の必要性に応じ与えられ、雇用または委託関係の終了時に無効化します。本番環境は、適切なユーザーアカウントおよびパスワードコン トロール（例：VPN 接続、期✲付複雑パスワード、二要素認証接続の必須使用）を用いて管理目的でア クセス可能です。

Technical Security Measures. (a) Access Administration. Access to the Subscription Service by ServiceNow employees and contractors is protected by authentication and authorization mechanisms. User authentication is required to gain access to production and sub-production systems. Access privileges are based on job requirements and are revoked upon termination of employment or consulting relationship. Production infrastructure includes appropriate user account and password controls (for example, the required use of virtual private network connections, complex passwords with expiration dates, and a two-factored authenticated connection) and is accessible for administration.

Technical Security Measures. 2.2.1 ACCESS ADMINISTRATION. Access to the Connected Operations Product by ServiceNow employees and contractors is protected by authentication and authorization mechanisms. User authentication is required to gain access to the Connected Operations Product. Access privileges are based on job requirements and are revoked upon termination of employment or consulting relationships. Production infrastructure includes appropriate user account and password controls (e.g., complex passwords with expiration dates, and a two-factored authenticated connection) and is accessible for administration.

Technical Security Measures. Supplier shall throughout its Processing of Everest Group Personal Data: 3.1. perform vulnerability scanning and assessments on applications and infrastructure used to Process Everest Group Personal Data. 3.2. secure its computer networks using multiple layers of access controls to protect against unauthorized access. 3.3. restrict access through mechanisms such as, but not limited to, management approvals, robust controls, logging, and monitoring access events and subsequent audits. 3.4. identify computer systems and applications that warrant security event monitoring and logging, and reasonably maintain and analyze log files. 3.5. use up-to-date, industry standard, commercial virus/malware scanning software that identifies malicious code on all of its systems that Process Everest Group Personal Data. 3.6. encrypt Everest Group Personal Data in transit. 3.7. encrypt Everest Group Personal Data at rest and solely manage and secure all encryption keys (i.e., no other third party shall have access to these encryption keys, including Sub-processors). 3.8. pseudonymizes personal data only in accordance with Everest Group’s instructions. 3.9. ensures data minimisation in accordance with its instructions from Everest Group, data privacy policies and industry standards.

Technical Security Measures. 2.2.1. ACCESS ADMINISTRATION. Access to the Subscription Service by Kensu employees and contractors is protected by authentication and authorization mechanisms. User authentication is required to gain access to production and sub-production instances. Access privileges are based on job requirements and are revoked upon termination of employment or consulting relationships. Production infrastructure includes appropriate user account and password controls (e.g., the required use of VPN connections, complex passwords with expiration dates, and a two-factored authenticated connection) and is accessible for administration.

Technical Security Measures. 11.3.1 That it has implemented safeguards to protect their computer network against accidental, unlawful or unauthorized usage, any interference which will affect data integrity or hinder the functioning or availability of the system, and unauthorized access through an electronic network; 11.3.2 That it has the ability to ensure and maintain the confidentiality, integrity, availability, and resilience of their processing systems and services; 11.3.3 That it performs regular monitoring for security breaches, and a process both for identifying and accessing reasonably foreseeable vulnerabilities in their computer networks, and for taking preventive, corrective, and mitigating action against security incidents that can lead to a personal data breach; 11.3.4 That it has the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; 11.3.5 That it has a process for regularly testing, assessing, and evaluating the effectiveness of security measures; 11.3.6 That it encrypts personal data during storage and while in transit, authentication process, and it has implemented other technical security measures that control and limit access.

Technical Security Measures. That it has implemented safeguards to protect their computer network against accidental, unlawful or unauthorized usage, any interference which will affect data integrity or hinder the functioning or availability of the system, and unauthorized access through an electronic network; That it has the ability to ensure and maintain the confidentiality, integrity, availability, and resilience of their processing systems and services; That it performs regular monitoring for security breaches, and a process both for identifying and accessing reasonably foreseeable vulnerabilities in their computer networks, and for taking preventive, corrective, and mitigating action against security incidents that can lead to a personal data breach; That it has the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; That it has a process for regularly testing, assessing, and evaluating the effectiveness of security measures; That it encrypts personal data during storage and while in transit, authentication process, and it has implemented other technical security measures that control and limit access. Compliance with FIRST PARTY’s IT Policies and Procedures SECOND PARTY undertakes to comply with the following IT policies and procedures of FIRST PARTY, which are hereby incorporated by reference into this Data Outsourcing Agreement, as applicable. Example: Physical Security Policy Back-up Policy Access Management Change Management Intrusion Detection and Prevention Policy including any amendments, modifications, or supplement to these policies and procedures, duly notified in writing to SECOND PARTY from time to time. FIRST PARTY may also notify SECOND PARTY in writing of additional IT policies and procedures, in which case, it shall allow SECOND PARTY a reasonable period to comply with the same. SECOND PARTY agrees to irrevocably, unconditionally, and fully indemnify and hold FIRST PARTY, its officers, employees, and agents, free and harmless from and against any and all claims, suits, actions or demands or losses, damages, costs and expenses including, without limiting the generality of the foregoing, attorney’s fees and costs of suit that FIRST PARTY may face, suffer or incur by reason or in respect of: SECOND PARTY’s or its sub-contractor’s breach of any of the warranties and obligations set forth in this Agreement, regardless of the cause of such breach; or Any act, omission or negligence of SECO...

Technical Security Measures. Management of access and credentials Firewall