4. Security of human resources 4.1. Sinch ensures that Sinch personnel treat the information in accordance with the level of confidentiality required by the SA. 4.2. Sinch shall ensure that the personnel responsible for Sinch are informed of the permitted use (including restrictions on use) of the information, facilities and systems within the framework of the SA. 4.3. Sinch shall ensure that all Sinch employees who execute orders under the SA are trustworthy, meet specified security criteria and have been and will continue to be subject to appropriate screening and background checks during the deployment period. 4.4. Sinch shall ensure that sinch personnel with security responsibilities are properly trained to perform safety-related tasks. 4.5. Sinch will train or provide sinch-responsible personnel in periodic security awareness. This Sinch training includes, but is not limited to: a.
How to manage the security of customer information (for example, protecting the confidentiality, integrity and availability of information); b. Why information security is necessary to protect client information and systems; c. The most common types of security threats (such as identity theft, malware, hacking, information leaks, and insider threats); d. the importance of compliance with information security guidelines and the application of related standards/procedures; e. Personal responsibility for information security (e.g. B, protection of customer data protection information and reporting of actual and suspected data protection breaches). The Processor undertakes to provide the data processing services described in the DTA, undertakes in particular to carry out all processing operations or operations with or without the help of electronic means in connection with the collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, the communication, dissemination, erasure and destruction of data, even if they are not, are recorded in a database; perform the Services in accordance with confidentiality requirements and only for the intended purposes as described in the DTA. Both the controller and the processor acknowledge that the technical and organisational measures set out in Annex 1 to the DSA are currently sufficient to comply with the measures set out in Articles 31 et seq. . . .