Information security supplier rules. Information security supplier rules

Similar documents
PRIVACY POLICY KEY DEFINITIONS. Aquapark Wrocław Wrocławski Park Wodny S.A. with the registered office in Wrocław, ul. Borowska 99, Wrocław.

Administration Policies & Procedures Section Commercial Ground Transportation Regulation

Administration Policies & Procedures Section Commercial Ground Transportation Regulation

Official Journal of the European Union L 7/3

Amerisearch Background Alliance Privacy Policy

BEFORE THE DEPARTMENT OF TRANSPORTATION ADVISORY COMMITTEE ON AVIATION CONSUMER PROTECTION

CODE OF CONDUCT. Corporate Compliance 10.9 Effective: 12/17/13 Reviewed: 1/04/17 Revised: 1/04/17

GUYANA CIVIL AVIATION REGULATION PART X- FOREIGN OPERATORS.

CIVIL AVIATION REGULATIONS PART 10 COMMERCIAL AIR TRANSPORT BY FOREIGN AIR OPERATORS WITHIN FEDERATED STATES OF MICRONESIA

Official Journal of the European Union L 59/1. (Non-legislative acts) REGULATIONS

Service Level Agreement. for the. Promulgation of Aeronautical Information in New Zealand. Between

PRIVATE AGREEMENT BETWEEN

California State University Long Beach Policy on Unmanned Aircraft Systems

OVERSEAS TERRITORIES AVIATION REQUIREMENTS (OTARs)

Marine Stewardship Council. Privacy Notice for Job Applicants

COMMISSION IMPLEMENTING REGULATION (EU)

MEMBERSHIP, ENTERING INTO AN AGREEMENT AND RESPONSIBILITIES OF THE COMPANY

COMMISSION OF THE EUROPEAN COMMUNITIES. Draft. COMMISSION REGULATION (EU) No /

COMMISSION OF THE EUROPEAN COMMUNITIES. Draft. COMMISSION REGULATION (EU) No /2010

to enter required details (such as name, address, password, service category, locations covered) on the Hitched Platform s online form;

AGENCY AGREEMENT. The definitions used in this agreement have the same meaning as those used in the ATOL Regulations 2012.

REGULATIONS (10) FOREIGN AIR OPERATORS

PUBLIC ACCOUNTABILITY PRINCIPLES FOR CANADIAN AIRPORT AUTHORITIES

PLEASE READ CAREFULLY BEFORE USING THE Qantas Cash App

SUPPLEMENTARY CONDITIONS APPLICABLE TO TOWER CRANES 2012

FLIGHT OPERATIONAL QUALITY ASSURANCE (FOQA) PROGRAM

OVERSEAS TERRITORIES AVIATION REQUIREMENTS (OTARs)

Basic assignment of responsibilities

Civil Aviation Administration - Denmark Regulations for Civil Aviation

OVERSEAS TERRITORIES AVIATION REQUIREMENTS (OTARs)

MEMORANDUM OF UNDERSTANDING WITH BUSINESS IMPROVEMENT DISTRICTS WITHIN BIRMINGHAM

CONSOLIDATED GROUP (NON-MEC GROUP) TSA USER AGREEMENT. Dated PERSON SPECIFIED IN THE ORDER FORM (OVERLEAF)

Kenyon College. Policy Statement

Samsung Electronics Australia Qantas Frequent Flyer Loyalty Program Rewards Scheme. Terms and Conditions. Effective: 22 March 2018

ADQ Regulators Working Group

Technical Arrangement on Aircraft Maintenance between the Transport Canada Civil Aviation Directorate and the Civil Aviation Authority of New Zealand

4 Rights and duties in connection with the conduct of petroleum activities

AGENCY AGREEMENT PURSUANT TO ATOL REGULATIONS 12 AND 22

FINNAIR Corporate Programme Terms of agreement UNITED KINGDOM GENERAL

Affidavit of Support

Official Journal of the European Union L 146/7

AGREEMENT FOR OPERATION OF THE AIR TRAFFIC CONTROL TOWER AT THE TRUCKEE TAHOE AIRPORT

MANASSAS REGIONAL AIRPORT

Law of Ship Flag and Ship Registers Act

Privacy. Newcrest means Newcrest Mining Limited (ACN ) and each of its subsidiaries; and

The Collection and Use of Safety Information

Terms and Conditions applicable to Travel Agencies registered at volaris.com

RCGP Revalidation eportfolio

PART III ALTERNATIVE TRADING SYSTEM (SPA)

AMERICAN EXPRESS QANTAS BUSINESS REWARDS CARD POINTS TERMS AND CONDITIONS

luxaviation S.A. GENERAL TERMS AND CONDITIONS OF BUSINESS

Instructions for Request for Premium Processing Service

MEMORANDUM OF UNDERSTANDING. U.S. Department of the Treasury, Office of Foreign Assets Control State Banking Department

License Agreement. Demeter Canada as Licensor

SECTION 2 - GENERAL REGULATIONS

OVERSEAS TERRITORIES AVIATION REQUIREMENTS (OTARs)

Sample Regulations for Water Aerodromes

East Midlands Airport 2018 Aerodrome Manual

Anybody who travels with Meli Bus shall agree with these terms and conditions before getting on board.

NOTICE OF PROPOSED RULE. Proof of Ownership and Entitlement to Unclaimed Property

Check-in to China Program 2016 Terms & Conditions

STATUTORY INSTRUMENTS. S.I. No. 855 of 2004 IRISH AVIATION AUTHORITY (AIR TRAFFIC SERVICE SYSTEMS) ORDER, 2004

GHANA CIVIL AVIATION (FLIGHT STANDARDS) PART 10 COMMERCIAL AIR TRANSPORT BY FOREIGN AIR OPERATORS WITHIN GHANA

L 342/20 Official Journal of the European Union

WTF? ANOTHER NEW Form I-9? Compliance By September 17, Form I-9 1. Disclaimer

UNMANNED AIRCRAFT PROVISIONS IN FAA REAUTHORIZATION BILL

EASA PART 21 + AMC/GM. Syllabus

Black Start Ancillary Service Schedule

AIRLINE SCHEME RULES. (Updated July 2017)

8/15/2016. Immigration law can be complex and it is not possible to describe every aspect of the process. This presentation provides basic

Official Journal of the European Union L 283/25

OPS General Rules for Operations Manuals

UNITED STATES OF AMERICA DEPARTMENT OF TRANSPORTATION OFFICE OF THE SECRETARY WASHINGTON, D.C.

Access to and security of the airport

ADM Policy Ticketing Audit Scope Including But Not Limited To

AN ORDINANCE OF THE CITY COUNCIL OF THE CITY OF VACAVILLE ADDING CHAPTER 9

Air Operator Certification

Criteria for an application for and grant of, or a variation to, an ATOL: fitness, competence and Accountable Person

AGREEMENT APPOINTING [NAME OF AGENT] AS THE AGENT OF THE UK HOLIDAY GROUP LIMITED ATOL 5024 PURSUANT TO ATOL REGULATIONS 12 AND 22

DRAFT COMMISSION REGULATION (EU) / of XXX. laying down rules and procedures for the operation of unmanned aircraft

Excerpts from ICAO PBCS Manual

REGULATION No. 990/2017 on the operation of remotely piloted aircraft CHAPTER I. General provisions Article 1 Objective

Network Safeworking Rules and Procedures

Official Journal of the European Union L 186/27

NEVADA UAS TEST SITE PRIVACY POLICY

AGREEMENT BETWEEN... AND SHEARINGS HOLIDAYS LIMITED/1666 APPOINTING... AS SHEARINGS HOLIDAYS AGENT PURSUANT TO ATOL REGULATIONS 12 AND 22

EU GPP CRITERIA FOR INDOOR CLEANING SERVICES 1. INTRODUCTION

Advice for brokers about the ATOL Regulations and the ATOL scheme

General Authority of Civil Aviation (GACA) Customer Protection Rights Regulation

Policies and Procedures

Network Safeworking Rules and Procedures

WORKING TOGETHER TO ENHANCE AIRPORT OPERATIONAL SAFETY. Ermenando Silva APEX, in Safety Manager ACI, World

Santa Monica Airport Application for Commercial Operations Permit (Please note this is a public document)

TABLE OF CHANGES INSTRUCTIONS Form I-907, Request for Premium Processing Service OMB Number: /19/2017

WELLNESS HOTEL CHOPOK **** Contractual Terms and Conditions Accommodation Policy and Rules

Shuttle Membership Agreement

STATE OF FLORIDA DEPARTMENT OF FINANCIAL SERVICES DIVISION OF UNCLAIMED PROPERTY

Civil Approach Procedural Controller Military Terminal Radar Controller

YOUR REGULATORY COMPLIANCE GUIDE.

My Fleet OPERATING MANUAL

Transcription:

Information security supplier rules

TABLE OF CONTENTS 1 SCOPE... 3 2 DEFINITIONS AND ACRONYMS... 3 3 RESPONSIBILITIES... 3 4 GENERAL RULES... 3 4.1 PURPOSE OF INFORMATION PROCESSING... 3 4.2 CONFIDENTIALITY AGREEMENT... 3 4.3 EMPLOYEES MANAGEMENT... 3 4.4 SUB/SUPPLIER MANAGEMENT... 4 4.5 AUDIT... 4 4.6 EXCHANGE OF AIR DOLOMITI S.P.A. INFORMATION... 4 4.7 INCIDENT MANAGEMENT... 4 4.8 CONTRACT ENDING... 4 5 ACCESS TO AIR DOLOMITI S.P.A. SYSTEMS... 4 5.1 I&A TO AIR DOLOMITI S.P.A. IT SYSTEMS... 4 5.2 ICT DEVICES FOR ACCESSING AIR DOLOMITI S.P.A. INFORMATION... 5 6 COMMUNICATION WITH AIR DOLOMITI S.P.A.... 5 7 DATA PROTECTION... 5

1 SCOPE This procedure lists rules for all suppliers that access or use Air Dolomiti S.p.A. information. For ICT suppliers, a special document is available. 2 DEFINITIONS AND ACRONYMS Air Dolomiti S.p.A. information are all confidential. They include any information, in tangible or intangible form, that is proprietary or confidential to Air Dolomiti S.p.A. and is disclosed to the supplier, including, without limitation, trade secrets, know-how, computer programs and software, specifications, design plans, drawings, data, prototypes, customer information, passenger information or other business and technical information, without regard to whether it is disclosed in oral, written, electronic, visual or other form. 3 RESPONSIBILITIES ICT: manage this document Controlling & Internal Auditing: controls its enforcement. Managers: require to suppliers to enforce the rules in this document. Suppliers: enforce rules in this document, according with the scope of their work. 4 GENERAL RULES 4.1 Purpose of information processing Information processing by the supplier must be limited to the scope of work. No other purposes is allowed. 4.2 Confidentiality agreement All Air Dolomiti S.p.A. information are confidential and of Air Dolomiti S.p.A. ownership. Air Dolomiti S.p.A. information cannot be communicated to anyone if not authorized by Air Dolomiti S.p.A.. Care must be given to the identification of the receiver (e.g. telephone calls by someone declaring to be an Air Dolomiti S.p.A. representative, market researchers, journalists, customers). As general rule, the supplier ensures that all risks (either accidental or deliberated) of non-authorized access, dissemination, integrity and availability, regarding Air Dolomiti S.p.A. information are properly addressed. 4.3 Employees management Employees include permanent staff, temporary staff, contractors, interns, etc. The supplier ensures that it has with all employees a confidentiality agreement and set rules for ensuring confidentiality of information, including Air Dolomiti S.p.A. ones.

4.4 Sub/Supplier management The supplier can use sub-suppliers. The supplier maintains a list of sub-suppliers with their processing scopes. The supplier ensures to Air Dolomiti S.p.A. the right to access this list, if needed for legal compliance purposes. The suppliers ensures that it has, on contractual agreements, the same information security provisions with all its sub-suppliers that access Air Dolomiti S.p.A. information. 4.5 Audit The supplier ensures to programme, plan and perform audits in order to verify the effectiveness of implemented technical and organizational information security controls. The supplier ensures to Air Dolomiti S.p.A. the right of audit, given an announcement of at least 3 weeks in advance. Air Dolomiti S.p.A. representative will not ask to access other customers information. 4.6 Exchange of Air Dolomiti S.p.A. information For exchanging Air Dolomiti S.p.A. digital documentation, only Air Dolomiti S.p.A. file sharing systems can be used or password protected files, no public one are allow. When Air Dolomiti S.p.A. documents (digital or hardcopies) are read, the user must verify that no unauthorized people can read them. When Air Dolomiti S.p.A. information are exchanged in conversation, persons must verify that no unauthorized people can hear them. 4.7 Incident management The supplier ensures to Air Dolomiti S.p.A. that it will communicate as soon as possible any information security event or vulnerability (digital or not digital) to Air Dolomiti S.p.A.. The supplier ensure all assistance when requested by Air Dolomiti S.p.A. in case of information security incidents or vulnerabilities. 4.8 Contract ending The supplier ensures the deletion or destruction of all Air Dolomiti S.p.A. information when closing the contract. The supplier ensures, at the end of the contract, the handover to Air Dolomiti S.p.A. designated people or organizations. 5 ACCESS TO AIR DOLOMITI S.P.A. SYSTEMS This clause applies if the supplier can access to Air Dolomiti S.p.A. IT systems. 5.1 I&A to Air Dolomiti S.p.A. IT systems Air Dolomiti S.p.A. userid and password are intended for internal use only in your organization and:

- cannot be shared with any other organizations; - must be preserved so that no one can discover it; - password must be modified if there is any suspect that someone else knows it Password are set with defined criteria: - length at least 8 characters; - complexity (at least one small cap letter, one capital letter, one number, one symbol); - change no later than every 90 days. 5.2 ICT devices for accessing Air Dolomiti S.p.A. information For accessing Air Dolomiti S.p.A. documentation, only personal or company devices can be used (e.g. it is forbidden to use Internet points). IT devices such as pcs, smartphone and removable media must be secured: - access controlled with user id and password as mentioned before; - updated antimalware; - software patched and updated according to the latest vendor hints; - secure Air Dolomiti S.p.A. data deletion when no more needed. If mobile devices are used, all Air Dolomiti S.p.A. data are securely deleted as soon as possible and the device is never exchanged with not-authorized people if Air Dolomiti S.p.A. data are still available on it. 6 COMMUNICATION WITH AIR DOLOMITI S.P.A. Communication with Air Dolomiti S.p.A. is authorized only through agreed channels. Ticketing tools, where users are personally identified are the preferred choice. A list of people authorized by Air Dolomiti S.p.A. and the supplier is exchanged and updated when necessary. 7 DATA PROTECTION The Parties will comply at all times with the requirements of the data protection laws and regulations. The supplier company acknowledges that under the terms of this agreement: it will act as data processor (appointed by Air Dolomiti S.p.A. who is the data controller); it will have access to personal data in respect of which Air Dolomiti S.p.A. is data controller. The supplier company undertakes that it will only process personal data as necessary in relation to the provision of the services as set out in the agreement and in particular will: not transfer the personal data to any third party if not authorized; keep the personal data confidential; perform its obligations in accordance with the applicable data protection laws and regulations ; comply with Air Dolomiti S.p.A. systems or procedures which Air Dolomiti S.p.A. may introduce from time to time in respect of the processing of the personal data, including the data protection policies. The supplier company will act in accordance with all reasonable instructions from Air Dolomiti S.p.A. in respect of the processing of personal data.

The supplier company ensures that it has in place appropriate technical and organisational security measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. The supplier company will provide Air Dolomiti S.p.A. with such information as is reasonably necessary to assure Air Dolomiti S.p.A. about the supplier company s capability to be compliant with this privacy clause. The supplier company agrees not to process personal data outside of the European Economic Area without the prior written consent of Air Dolomiti S.p.A. The Parties agree that all personal data is the property of Air Dolomiti S.p.A. The supplier company agrees to notify Air Dolomiti S.p.A. immediately: if it cannot comply with its obligations under this clause; about any accidental or unauthorised access; about any legally binding request for disclosure of the personal data by a law enforcement agency unless otherwise prohibited under criminal law; and about any request received directly from the data subjects without responding to the request unless it has been authorised to do so. On termination of provision of the services, the supplier company shall, at the choice of Air Dolomiti S.p.A., either return all personal data transferred and copies thereof; or securely destroy all personal data and certify that it has done so.

2024 © travelsdocbox.com Privacy Policy | Terms of Service | Feedback