Versions Compared

Old Version 1

changes.mady.by.user Alaf Azam Khan

Saved on

compared with

New Version 2

changes.mady.by.user Alaf Azam Khan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Service Provider will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including as appropriate:

  1. anonymisations anonymization of Personal Data 

  2. measures designed to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and Services and Deliverables; 

  3. the ability to restore the availability and access to Client Confidential Information in a timely manner in the event of a physical or technical incident; 

  4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing; 

  5. a process and procedures to monitor and log processing systems for unauthorised changes and other evidence the processing environment has been compromised. 

...

The Service Provider will document and monitor compliance with these measures. 

Encryption

The Service Provider will use strong encryption methodologies to protect Client Confidential Information transferred over public networks, and will implement whole-disk encryption for all Personal Data at rest.  Service Provider will fully document and comply with Service Provider’s key management procedures for crypto keys used for the encryption of Client Confidential Information.

Storage

The Service Provider will retain all Client Confidential Information in a physically and logically secure environment to protect from unauthorised access, modification, theft, misuse and destruction. The Service Provider will utilize platforms to host Client Confidential Information that are configured to conform to industry standard security requirements and will only use hardened platforms that are continuously monitored for unauthorized changes.    

Antivirus; Firewall

The Service Provider will utilize antivirus programs that are capable of detecting, removing, and protecting against all known types of malicious or unauthorized software with antivirus signature updates at least every one day (24 hours).  The Service Provider will implement firewalls designed to ensure that all outbound traffic to Client Systems are restricted to only what is necessary to ensure the proper functioning of the Services and Deliverables.  All other unnecessary ports and services will be blocked by firewall rules at the Service Provider network. 

OWASP

The Service Provider will ensure that it is using industry standards in preventing vulnerabilities, including OWASP top 10

Vulnerability Management

Updates and Patches

Service Provider will establish and maintain mechanisms for vulnerability and patch management that are designed to evaluate twice a year application, system, and network device vulnerabilities and apply Service Provider-supplied security fixes and patches in a timely manner, taking a risk-based approach for prioritizing critical patches.  

...

  1. Notify Client of the Security Incident; 

  2. Investigate the Security Incident and provide Client with information about the Security Incident; 

  3. Take reasonable steps to mitigate the effects, to remedy and to minimize any damage resulting from the Security Incident;.

GDPR and Privacy Compliance

Processing of Personal Data

...