1. Information Security:
This information security document provides the data protection and security measures that SDS implement, support and maintain in order to protect customer Protected Data and train personnel on information security and compliance.
- a. implements and maintains industry standard physical, administrative and technological measures to protect 1) customer's Personal Data that SDS processes in connection with the Services from security incidents and 2) SDS's computing systems from unauthorised use and access;
- b. continually reviews and revises its measures to address new or ongoing risks to comply with industry standards, legal requirements and best practices;
- c. cooperates with Customer's to 1) mitigate risk and reduce the impact of any unauthorised access to SDS's computer systems or 2) unauthorised use of Protected Data, and;
- d. requires its personnel to receive training on information security requirements
2. General Requirements
- a. Security Program: SDS's security program is based on internal policies regarding information security, data handling and security practices which are made up of applicable laws, industry best practices and regulations.
- b. Security Review:
- 1. SDS reviews and assesses the security of its premises, computing environment, software and information handling processes regularly
- 2. SDS reviews its security program to ensure that it operates effectively and is compliant with applicable laws and regulations as well as any new risks being addressed
- 3. SDS ensures that any third parties providing a Service to or via SDS complies with appropriate measures and applicable laws to safeguard Protected Data.
SDS regularly requires its employees to undertake information security training and awareness and may impose disciplinary measures for employees who violate any of SDS's information security policies.
SDS requires employees to use secure passwords for accessing systems which may contain Protected Data. Passwords must be updated regularly, and employees may not reuse previously used passwords.
4. Data Protection
- a. SDS implements industry standard security measures to prevent unauthorised access to their premises and electronic systems that process Customers Protected Data in the performance of the Services.
- (i) SDS applies with applicable laws and regulations concerning confidentiality, security and processing of any Protected Data that it receives from Customer, including to the General Protection Regulation 20116/679 (GCPR), the EU Standard Contractual Clauses and the California Consumer Privacy Act of 2018 (CCPA), where applicable.
- b. Storage, Backup and Deletion
- (ii) SDS regularly backs up systems used to provide Services to Customers to ensure data is available. Backups are appropriately protected to ensure only authorised individuals are able to access the Protected Data including hard copy records.
5. Customer Access and Review
Upon reasonable prior written notice by Customer, subject to SDS's confidentiality and security conditions and a mutually agreed NDA applicable to an audit and pursuant to the agreement between SDS and Customer that governs rights to access or related audit clauses, SDS shall make its security policies and procedures available where such information is related to Customer's Protected Data, for Customer's review.