Technical and Organizational Measures
Last Updated October 2020
- General Data Protection regulation (GDPR)
- Data Processing Agreement
- EU Standard Contractual Clauses
- Technical and Organizational Measures
- Data Processing Details
- Sub-Processor List
Security Organization, Risk Analysis and Risk Management
Plannuh’s security organization is headed by the Chief Technology Officer. It works to provide robust information security controls for Plannuh products and environments. Plannuh will perform annual assessments of the compliance of Plannuh security controls with industry standard controls.
Workforce Clearing, Training and Sanctions
All Plannuh personnel are subject to background checks before access to restricted data is permitted. All personnel receive regular security training. Plannuh has adopted policies and procedures to apply workforce sanctions to employees who fail to comply with Plannuh security policies and procedures.
Cloud Data Center – Amazon Web Services runs in data centers managed and operated by Amazon. These geographically dispersed data centers comply with key industry standards, such as ISO/IEC 27001:2013 and NIST SP 800-53, for security and reliability. The data centers are managed, monitored, and administered by AWS operations staff. The operations staff has years of experience in delivering the world’s largest online services with 24 x 7 continuity. For additional information, please refer to: https://aws.amazon.com/compliance/data-center/controls/
Personal Data collected from Data Subjects by Plannuh is protected by encryption, and/or multi-factor authentication. Plannuh will only allow employees and contingent workers with a business purpose to have access to such data if it is required for them to complete their professional duties.
Business Continuity, Disaster Recovery
Plannuh has implemented and documented appropriate business continuity and disaster recovery plans to enable it to continue or resume providing Services in a timely manner after a disruptive event. Plannuh regularly tests and monitors the effectiveness of its business continuity and disaster recovery plans.
All data is protected by encryption in transit over open, public networks. Data at rest is protected by encryption or compensating security controls, which include segmented networks, tiered architecture, firewalls with intrusion protection and anti-malware protections, and limiting of port access.
Plannuh will not store Personal Data on any portable computer devices unless it is encrypted in accordance with then current industry best practice.
Plannuh takes appropriate steps to monitor the security of Personal Data.