Laserfiche WebLink
Motorola periodically evaluates its processes and systems to ensure continued compliance with <br />obligations imposed by law, regulation or contract with respect to the confidentiality, integrity, <br />availability, and security of Customer Data, including personal information. Motorola documents <br />the results of these evaluations and any remediation activities taken in response to such <br />evaluations. Motorola periodically has third party assessments performed against applicable <br />industry standards, such as ISO 27001, 27017, 27018 and 27701. <br />Measures for user identification and authorization <br />Identification and Authentication. Motorola uses industry standard practices to identify and <br />authenticate users who attempt to access Motorola information systems. Where authentication <br />mechanisms are based on passwords, Motorola requires that the passwords are at least eight <br />characters long and are changed regularly. Motorola uses industry standard password protection <br />practices, including practices designed to maintain the confidentiality and integrity of passwords <br />when they are assigned and distributed, and during storage. <br />Access Policy and Administration.. Motorola maintains a record of security privileges of individuals <br />having access to Customer Data. including personal information. Motorola maintains appropriate <br />processes for requesting, approving and administering accounts and access privileges in <br />connection with the Processing of Customer Data. Only authorized personnel may grant, alter or <br />cancel authorized access to data and resources. Where an individual has access to systems <br />containing Customer Data, the individuals are assigned separate, unique identifiers. Motorola <br />deactivates authentication credentials on a periodic basis. <br />Measures for the protection of data during transmission <br />Data is generally encrypted during transmission within the Motorola managed environments. <br />Encryption in transit is also generally required of any sub -processors. Further, protection of data in <br />transit is also achieved through the access controls, physical and environmental security, and <br />personnel security described throughout this Annex II. <br />Measures for the protection of data during storage <br />Data is generally encrypted during storage within the Motorola managed environments. Encryption <br />in storage is also generally required of any sub -processors. Further, protection of data in storage is <br />also achieved through the access controls, physical and environmental security, and personnel <br />security described throughout this Annex II. <br />Measures for ensuring physical security of locations at which personal data are processed <br />Motorola maintains appropriate physical and environment security controls to prevent unauthorized <br />access to Customer Data, including personal information. This includes appropriate physical entry <br />controls to Motorola facilities such as card -controlled entry points, and a staffed reception desk to <br />protect against unauthorized entry. Access to controlled areas within a facility will be limited by job <br />role and subject to authorized approval. Use of an access badge to enter a controlled area will be <br />logged and such logs will be retained in accordance with Motorola policy. Motorola revokes <br />personnel access to Motorola facilities and controlled areas upon separation of employment in <br />accordance with Motorola policies. Motorola policies impose industry standard workstation, device <br />and media controls designed to further protect Customer Data, including personal information. <br />Data Processing Addendum V.2022.12 <br />