Laserfiche WebLink
Motorola periodically evaluates its processes and systems to ensure continued compliance with <br /> obligations imposed by law, regulation or contract with respect to the confidentiality, integrity, <br /> availability, and security of Customer Data, including personal information. Motorola documents <br /> the results of these evaluations and any remediation activities taken in response to such <br /> evaluations. Motorola periodically has third party assessments performed against applicable <br /> industry standards, such as ISO 27001, 27017, 27018 and 27701. <br /> Measures for user identification and authorization <br /> Identification and Authentication. Motorola uses industry standard practices to identify and <br /> authenticate users who attempt to access Motorola information systems. Where authentication <br /> mechanisms are based on passwords, Motorola requires that the passwords are at least eight <br /> characters long and are changed regularly. Motorola uses industry standard password protection <br /> practices, including practices designed to maintain the confidentiality and integrity of passwords <br /> when they are assigned and distributed, and during storage. <br /> Access Polio and Administration.. Motorola maintains a record of security privileges of individuals <br /> having access to Customer Data. including personal information. Motorola maintains appropriate <br /> processes for requesting, approving and administering accounts and access privileges in <br /> connection with the Processing of Customer Data. Only authorized personnel may grant, alter or <br /> cancel authorized access to data and resources. Where an individual has access to systems <br /> containing Customer Data, the individuals are assigned separate, unique identifiers. Motorola <br /> deactivates authentication credentials on a periodic basis. <br /> Measures for the protection of data during transmission <br /> Data is generally encrypted during transmission within the Motorola managed environments. <br /> Encryption in transit is also generally required of any sub processors. Further, protection of data in <br /> transit Is also achieved through the access controls, physical and environmental security, and <br /> personnel security described throughout this Annex 11. <br /> Measures for the protection of data during storage <br /> Data is generally encrypted during storage within the Motorola managed environments. Encryption <br /> in storage is also generally required of any sub-processors. Further, protection of data in storage is <br /> also achieved through the access controls, physical and environmental security, and personnel <br /> security described throughout this Annex II. <br /> Measures for ensuring physical security of locations at which personal data are processed <br /> Motorola maintains appropriate physical and environment security controls to prevent unauthorized <br /> access to Customer Data, including personal information. This includes appropriate physical entry <br /> controls to Motorola facilities such as card-controlled entry points, and a staffed reception desk to <br /> protect against unauthorized entry. Access to controlled areas within a facility will be limited by job <br /> role and subject to authorized approval. Use of an access badge to enter a controlled area will be <br /> logged and such logs will be retained in accordance with Motorola policy. Motorola revokes <br /> personnel access to Motorola facilities and controlled areas upon separation of employment in <br /> accordance with Motorola policies. Motorola policies impose industry standard workstation, device <br /> and media controls designed to further protect Customer Data, including personal information. <br /> Data Processing Addendum V.2022.12 6 <br />