General Data Protection Regulation

  1. 1. Technical & Organization Measures

This notice contains a list of the technical and operational measures which are applicable as a standard. The actual measures taken depend on the Service and the location of processing concerned for reasons that not all measures are relevant for all Services and locations. Sophos Ventures Inc. guarantees it has for all Services and locations the necessary adequate technical and operational measures included in the list below following a Data Protection Impact Assessment.  The measures are designed to:

The page also contains a list of subcontractors used by Sophos Ventures to deliver its services. Sophos Ventures ensures that all its subprocessors have provided adequate guarantees on the protection of personal data they process on our behalf.

Sophos Ventures commits to continuous monitoring the effectiveness of its information safeguards and to a yearly compliance internal audit to provide assurance on the measures and controls in place.

2.       Technical And Organisational Measures

A. People, awareness and HR:

B. Remote end user device are protected:

The remote users abide by the following security measures:

C. Remote Access Security

Password authentication is used in general for remote access to the critical Sophos Ventures target systems.

D. Generic security measures are:

E. Access control to Personal Data

Employees with access to private data can only access the data that are necessary for the purpose of the activities under their responsibility. Access authorisation is provided based on the ‘need to know’ and ‘need to access’ and is either role based or name based.  Access logs are in place and the responsibility for access control is assigned.

Following measures are in place:

F. Security and confidentiality of personal data

Based on a risk assessment (and if required an additional DPA) Sophos Ventures will ensure a level of security appropriate to the risk, including inter alia as appropriate:

G. Organization control

The Data Processor shall maintain its internal organization in a manner that meets the requirements of the applicable legislation and the Data controller requirements on data security. This shall be accomplished by:

3. Used Sub-Contractors

Sophos Ventures uses the following sub-contractors to provide its services: