/Docs/G/Org-JLINC-SISA/Form/0.md
  Source views: Source JSON(ish) on GitHub (VSCode)   Doc views: Document (&k=Security.Sec): Visual Print Technical: OpenParameters Xray
SECURITY
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, without prejudice to any other security standards agreed upon by the Parties, the Data Custodian shall implement appropriate technical and organizational measures to ensure a level of security of the processing of Personal Data appropriate to the risk. These measures shall include as appropriate:
  1. measures to ensure that the Personal Data can be accessed only by authorized personnel;
  2. In assessing the appropriate level of security account shall be taken in particular of all the risks that are presented by processing, for example from accidental or unlawful destruction, loss, or alteration, unauthorized or unlawful storage, processing, access or disclosure of Personal Data;
  3. the pseudonymization and encryption of personal data;
  4. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  5. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  6. a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of Personal Data;
  7. measures to identify vulnerabilities with regard to the processing of Personal Data in systems used to provide services to the Data Custodian.
The Data Custodian shall at all times have in place an appropriate written security policy, with procedures and systems to give effect to that policy, with respect to the processing of Personal Data.