Legal Center

Schedule A: Technical & Organizational Security Measures

 

last updated October 11, 2021

 

(Also Annex II under SCCs if applicable)

Technical and organizational security measures implemented by TrustArc in relation to processing under this Agreement.

Please see our Safeguards for Cross-Border Transfers.

1. Physical Access Controls. TrustArc will take reasonable measures to prevent physical access, such as security personnel and secured buildings, to prevent unauthorized persons from gaining access to personal data.

2. System Access Controls. TrustArc will take reasonable measures to prevent personal data from being accessed and/or used without authorization. These controls shall vary based on the nature of the processing and will include at minimum authentication via password protection, documented authorization processes, documented change management processes, and logging of access of the data.

3. Data Access Controls. TrustArc will take reasonable measures to ensure that personal data is only accessible and manageable by properly authorized staff, and access rights to and within data processing systems are established and enforced to ensure that only authorized persons can access the data processing systems and the data within that they have the authorization to access.

4. Transmission Controls. TrustArc will take reasonable measures to ensure transmission of personal data cannot be read, copied, modified, or removed without authorization during electronic transmission or transport.

5. Data Backup. TrustArc will ensure that secured backups are conducted on a regular basis and that personal data are encrypted when stored to protect against accidental destruction or loss when hosted by the TrustArc.

6. Logical Separation. TrustArc will ensure that Customer Data is logically segregated on TrustArc’s systems.