This information security document provides the data protection and security measures that PA2GO implement, support and maintain in order to protect customer Protected Data and train personnel on information security and compliance.
(a) implements and maintains industry standard physical, administrative and technological measures to protect 1) customer’s Personal Data that PA2GO processes in connection with the Services from security incidents and 2) PA2GO’s computing systems from unauthorised use and access;
(b) continually reviews and revises its measures to address new or ongoing risks to comply with industry standards, legal requirements and best practices;
(c) cooperates with Customer’s to 1) mitigate risk and reduce the impact of any unauthorised access to PA2GO’s computer systems or 2) unauthorised use of Protected Data, and;
(d) requires its personnel to receive training on information security requirements
2. General Requirements
(a) Security Program: PA2GO’s security program is based on internal policies regarding information security, data handling and security practices which are made up of applicable laws, industry best practices and regulations.
(b) Security Review:
(1) PA2GO reviews and assesses the security of its premises, computing environment, software and information handling processes regularly
(2) PA2GO reviews its security program to ensure that it operates effectively and is compliant with applicable laws and regulations as well as any new risks being addressed
(3) PA2GO ensures that any third parties providing a Service to or via PA2GO complies with appropriate measures and applicable laws to safeguard Protected Data.
PA2GO regularly requires its employees to undertake information security training and awareness and may impose disciplinary measures for employees who violate any of PA2GO’s information security policies.
PA2GO requires employees to use secure passwords for accessing systems which may contain Protected Data. Passwords must be updated regularly, and employees may not reuse previously used passwords.
4. Data Protection
(a) PA2GO implements industry standard security measures to prevent unauthorised access to their premises and electronic systems that process Customers Protected Data in the performance of the Services.
(i) PA2GO applies with applicable laws and regulations concerning confidentiality, security and processing of any Protected Data that it receives from Customer, including to the General Protection Regulation 20116/679 (GCPR), the EU Standard Contractual Clauses and the California Consumer Privacy Act of 2018 (CCPA), where applicable.
(b) Storage, Backup and Deletion
(ii) PA2GO regularly backs up systems used to provide Services to Customers to ensure data is available. Backups are appropriately protected to ensure only authorised individuals are able to access the Protected Data including hard copy records.
5. Customer Access and Review
Upon reasonable prior written notice by Customer, subject to PA2GO’s confidentiality and security conditions and a mutually agreed NDA applicable to an audit and pursuant to the agreement between PA2GO and Customer that governs rights to access or related audit clauses, PA2GO shall make its security policies and procedures available where such information is related to Customer’s Protected Data, for Customer’s review.