Partner Security Measures
Protection of Personal Data
You shall implement administrative, physical and technical safeguards to protect personal data that are no less rigorous than accepted industry practices including ISO 27001, COBIT, NIST 800 Series or other relevant industry standards for information security.
Compliance to legal, regulatory requirements and relevant standards
You must ensure that all such safeguards, including the methods in which personal data is collected, access, used, stored, processes, disposed of and disclosed, comply with all applicable legal and regulatory requirements and relevant standards such as PCI-DSS (where applicable).
Minimum security safeguards
You must, at a minimum implement the following safeguards: (i) limit access of personal data to authorised employees/persons; (ii) secure business facilities, data centres, paper files, servers, backups and computing equipment, including but not limited to, desktops, laptops, mobile devices and other equipment with storage capability; (iii) implement network, infrastructure, database and application security; (iv) secure information in transmission, storage and disposal; (v) encrypting transmission of personal information over public or wireless networks; (vi) encrypting storage of personal information on relevant media; (vii) implementing authentication and access controls.
Personnel Security
You must implement appropriate personnel security and integrity procedures and practices, including but not limited to, conducting background checks consistent with applicable law; and providing appropriate privacy and information security training to employees; and maintain a disciplinary process to address any misconduct.
