FADEL will implement and maintain the following Security Measures to adequately protect Customer’s Personal Data. Customer understands and agrees that these Security Measures are subject to technical progress and development and FADEL is therefore expressly allowed to implement adequate alternative measures as long as the general security level described in this Schedule 3 is maintained:
1.1. Access control. FADEL shall prevent unauthorized access to data processing systems. Personnel shall only have access to Customer data when it’s necessary for them to perform their job. Customer data shall not be read, copied, modified or deleted without authorization.
1.2. Entry control. FADEL shall prevent that data processing systems can be accessed by unauthorized parties.
1.3. Logging control. FADEL shall ensure that all events in the data processing systems can subsequently be checked.
1.4. Transmission control. FADEL shall ensure that Personal Data cannot be read, copied, altered or removed without authorization during electronic transmission.
1.5. Data at rest. FADEL shall ensure the appropriate encryption of data at rest.
1.6. Separation control. FADEL shall ensure that data collected for various purposes are processed separately.
1.7. Reliability control. FADEL shall ensure that all functions of the data processing system are available and occurring malfunctions are notified.
1.8. Integrity control. FADEL shall ensure that stored Personal Data cannot get damaged by malfunctions of the system or that damaged data can be replaced by the original and correct data.
1.9. Availability control. FADEL shall ensure that Personal Data is protected against unintentional destruction or loss and therefore available for the Customer.
2.1. Admission Control. FADEL shall prevent unauthorized persons from gaining access to FADEL premises.
2.2. Security and awareness training. FADEL shall maintain a security awareness program that includes the appropriate training of personnel on FADEL’s security policies.
2.3. Personnel screening. Criminal background checks shall be performed for all employees before hiring. Additionally, FADEL will ensure that all employees have executed written confidentiality agreements.
2.4. Information security management process. FADEL shall maintain an SOC 2 Type II certified information security management system.
2.5. Business continuity management process. FADEL shall maintain a business continuity management system that defines the processes and procedures in the event of a disaster, including the testing and reviewing of the disaster recovery plans.
2.6. Regular evaluation of Security Measures. FADEL shall ensure a process for regular testing, assessing and evaluating the effectiveness of technical and organizational measures to ensure a level of security appropriate to the risk of processing.
3.1. FADEL currently holds and maintains the following certifications:
● SOC 1 Type II
● SOC 2 Type I
● SOC 2 Type II
Oct 10, 2022