Page 92 - Cyber Warnings
P. 92
The Data Importer is obligated to ensure that
• It has implemented the information security controls such as policies, practices,
procedures and organizational structures to adequately protect the confidentiality,
integrity and availability of its own data and the data of its data exporter
• The lT, technology and outsourcing services which it provides to the data exporter
are adequately secure and reliable
• It processes the personal data only on behalf of the data exporter and in compliance
with its instructions and contractual clauses
• If, for any reason, it cannot provide such promised levels of compliance, it shall
promptly inform the data exporter of its inability to comply, in which case the data
exporter is entitled to suspend the transfer of data and/or even terminate the service
agreement (contract)
• It shall promptly inform about the legislation related changes to the data exporter as
soon as it becomes aware, in which case the data exporter is entitled to suspend the
transfer of data and/or even terminate the service agreement (contract)
• It can provide at least the following (contractually agreed) technical and
organizational standards and measures -
Acceptable Use
Access Management
Anti-Malware
Data Management and Data Protection
End User Computing
Application Security
Licensing
IT Performance, Risk and Compliance
Logging and Monitoring
Mobile Devices Security
Cloud computing and Storage
Patching
Remote Access Security
Third party Management
Vulnerability Management and Penetration Testing
Web Application Security Testing
to be able to provide reasonable assurance to the data exporter
• It shall securely maintain the records of its data processing activities
92 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
