Technical and Organizational Measures
The contractor takes the following technical and organizational measures to ensure data security within the meaning of Art. 32 GDPR.
1. Psyeudonymization and Encryption
- Https encryption in web communication
- Pseudonymization before permitted statistical evaluation
2. Ability to ensure the ongoing confidentiality, integrity, availability and resilience of the systems and services related to the processing
- Access to systems only with individual usernames and passwords
- Authorized persons can only access data authorized for them
- stored personal data can only be read, copied, changed or removed within the framework of the concept
- current virus software
- Protection of email traffic
- firewall
- Separation of the productive, test and development environment
- Resilience through scalability
- Obligation of employees to data secrecy
- Training of employees
- Password Assignment Policy
- Password Policy
- authorization control
- access logs
- No access for unauthorized persons
- Access controlled by employees during business hours
- Each office with PC system can be locked individually
- Secure disk erasure
- Ban on the use of private data carriers
- Central rights and assignment management for jobs
- Regulations for working from home
- Fire extinguishers and smoke detectors
- Data Center:
https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf
3. Ability to quickly restore the availability of and access to personal data in the event of a physical or technical incident
- Data backup and mirroring
- backups
- special physical protection of the data in the data center
4. Procedures for regularly checking, assessing and evaluating the effectiveness of the technical and organizational measures of processing
- Regular review of the necessity of access rights
- Key and access rights assignment control
- test reports
Published under:
Technical and organizational measures of the contractor
www.fitness-nation.com/support/tom.html