BACK

Data Protection Measures

 

TECHNICAL AND ORGANIZATIONAL DATA PROTECTION MEASURES

  1. ACCESS CONTROL (PHYSICAL SECURITY MEASURES ARE REQUIRED)

    Which technical and organizational measures are in place in order to control physical access to the Data Processor’s premises and to identify authorized persons?

    • Applicable Scope: IS03 Access Control Policy
      • Summary: The purpose of this policy is to ensure that both logical and physical access to information and systems is controlled and procedures are in place to ensure the protection of information systems and data.
    • Applicable Scope: IS37 Physical and Environmental Infrastructure procedure
      • Summary: These procedures define the requirements to ensure that Columbus Global UK Ltd.’s critical or sensitive information processing facilities are in secure areas and protected by a defined secure perimeter. Appropriate security and controls (both physical and logical) provide protection against unauthorized access or damage to information available within processing facilities.

  2. CONTROLLED ADMITTANCE (UNAUTHORIZED PERSONS ACCESSING DATA PROCESSING SYSTEMS MUST BE PREVENTED)

    Which measures are in place with regard to user identification and authentication technically (password protection) and organizationally (user master record)?

    • Applicable Scope: IT-COL-P3 Password Policy
      • Summary: The purpose of this policy is to establish a standard for the creation of strong passwords, the protection of those passwords, and the frequency of change

         

    • Applicable Scope:IS03 Access Control Policy
      • Summary: The purpose of this policy is to ensure that both logical and physical access to information and systems is controlled and procedures are in place to ensure the protection of information systems and data.

         

  3. ACCESS CONTROL (UNAUTHORIZED WORK IN DATA PROCESSING SYSTEMS BEYOND THE GRANTED AUTHORITIES MUST BE PREVENTED)

    Are the authorization concept and the access rights adjusted to the requirements? How is monitoring and logging ensured?

    • Applicable Scope:  IS03 Access Control Policy
      • Summary:The purpose of this policy is to ensure that both logical and physical access to information and systems is controlled and procedures are in place to ensure the protection of information systems and data. This policy applies throughout the information lifecycle from acquisition / creation, through to utilization, storage and disposal.
      • The full IS03 Policy is available upon request.
    • Applicable Scope: IS02 Acceptable Use Policy
      • Summary: The purpose of this policy is to establish how Columbus Global UK Ltd.’s IT facilities and resources must be used by

  4. DISCLOSURE CONTROL (ANY AND ALL ASPECTS OF THE TRANSMISSION OF PERSONAL DATA: ELECTRONIC TRANSMISSION, DATA TRANSPORT, TRANSMISSION CONTROL)

    Which security measures are in place for the transport, transfer and transmission and storage on data storage devices (whether manual or electronic) as well as for the subsequent inspection?

    • Applicable Scope: IS07 Encryption Policy
      • Summary: The purpose of this policy is to detail the specification and deployment of data encryption software for the protection of electronic information held by Columbus; describe how encryption will be used and applied to devices; provide guidance on the responsibilities of the use of encrypted devices and covers all electronic data and details the types of devices which are acceptable for the storage or transmission of data.

  5. INPUT CONTROL (TRACEABILITY, DOCUMENTATION OF DATA ADMINISTRATION AND MAINTENANCE)

    Which measures are in place for a subsequent inspection, if and by whom data have been entered, amended or removed (deleted)?

    • Applicable Scope: IS13 Operational Management Policy
      • Summary: The purpose of this policy is to detail the change and operational management for the correct and secure use of Columbus` information processing facilities.

  6. CONTROL OF INSTRUCTIONS (WARRANTY THAT THE CONTRACT DATA PROCESSING COMPLIES WITH THE INSTRUCTIONS)

    Which measures are in place to differentiate between the competences of the Data Controller and the Data Processor?

    • The Contract Variation (and Appendices 1, 2 and 3) governs this requirement.

  7. AVAILABILITY CONTROL (DATA SHALL BE PROTECTED AGAINST ACCIDENTAL DESTRUCTION OR LOSS?

    Which measures are in place for data protection (physically/ logically)?

    • Applicable Scope: IS37 Physical and Environmental Infrastructure procedure
      • Summary: These procedures define the requirements to ensure that Columbus Global UK Ltd.’s critical or sensitive information processing facilities are in secure areas and protected by a defined secure perimeter. Appropriate security and controls provide protection against unauthorized access or damage to information available within processing facilities Scope:IS09 Information Backup and Restore Policy
      • Summary: The purpose of this policy is to identify and establish processes, procedures and good workingpractices for the backup and timely recovery of Columbus Global UK Ltd important information and data existing in both electronic and physical form.
      • The full IS09 Policy is available upon request.

  8. SEPARATION CONTROL (DATA COLLECTED FOR DIFFERENT PURPOSES SHALL BE PROCESSED SEPARATELY)

    Which measures are in place for a separate data processing (storing, alteration, deletion, transmission) of data with different contract purposes?

    • Applicable Scope: IS32 Information Systems Development and Maintenance Procedure
      • Summary:The purpose of these procedures is to ensure that security of information and systems are given due importance during all phases of the systems development lifecycle, including decommission

All the policies and procedures mentioned above are available on request.