TECHNICAL AND ORGANISATIONAL MEASURES

TRANSFER SECURITY MEASURESGENERAL DESCRIPTIONIMPLEMENTED MEASURES
Measures of pseudonymisation and encryption of Personal DataPseudonymization – Measures that enable one to process personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is stored separately, and is subject to appropriate technical and organizational measures.• Standardized Information Gathering (SIG) Questionnaire
• SOC2
Encryption – Measures that enable one to convert clearly legible information into an illegible string by means of a cryptographic process.• SIG
• SOC2
• PCI Compliance Letter
• Cloud Controls Matrix (CCM)
Measures for ensuring ongoing confidentiality, integrity, availabilty and resiliance of processing systems and servicesConfidentiality – Measures ensuring that information is accessed only by an authorized person and prevent the intrusion by unauthorised persons into systems and applications used for the processing of personal data.• SIG
Integrity – Measures ensuring that personal data cannot be read, copied, modified or removed without authorization during electronic transmission or transport, and that it is possible to check and establish whether and by whom personal data have been input into data processing systems, modified or removed.• SIG
Availability and resilience – Measures that ensure that personal data is protected from accidental destruction or loss due to internal or external influences, and ensure the ability to withstand attacks or to quickly restore systems to working order after an attack.• SOC2
Measures for ensuring the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incidentMeasures that ensure the possibility to quickly restore the system or data in the event of a physical or technical incident.• SIG
Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processingMeasures that ensure the regular review and assessment of security measures.• SIG
Measures for user identification and authorisationMeasures to validate and authenticate users.• SIG
Measures for the protection of Personal Data during transmissionMeasures ensuring transmission control to ensure that personal data cannot be read, copied, changed or deleted without authorization during their transfer and that it can be monitored and determined to which recipients a transfer of data is intended.• SIG
Measures for the protection of Personal Data during storageMeasures ensuring transmission control to ensure that personal data cannot be read, copied, changed or deleted without authorization while stored on data media.• SIG
Measures for ensuring physical security of locations at which Personal Data are processedMeasures for entry control, especially regarding legitimation of authorized persons• SIG
Measures for ensuring events loggingMeasures for ensuring the verifiability of event log files• SIG
Measures for ensuring system configuration, including default configurationMeasures to ensure that all in-scope systems and devices are compliant with baseline configuration settings• SIG
Measures for internal IT and IT security governance and management • Data Protection Officer
Measures for certification/assurance of Processes and productsCertifications• SOC1
Measures for ensuring Personal Data minimisationMeasures to reduce the amount of data collected• SIG
Measures for ensuring Personal Data qualityMeasures to ensure that the data pipeline creates and sustains good data quality• SIG
Measures for ensuring limited data retentionData retention• SIG
• Privacy and Data Compliance Tool User’s Guide
Measures for ensuring accountabilityBusinesses must maintain certain records of the personal data that they process• SOC2
Measures for allowing erasure • Privacy and Data Compliance Tool User’s Guide