Contractual standards for Data Processing on Behalf, last revised December 8, 2014 o Security guards .............................................................................................. ☐ ☐ • Areas divided into different security zones ........................................................ ☐ ☐ d) Please use the following field (free text) for details of additional or other measures you have implemented or if you would like to provide more specific information on the above items: (Please use additional sheet if necessary.) e) If physical access control is not relevant to the services subject to this Agreement, please briefly state the reasons below: (Please use additional sheet if necessary.) 2. Access control (systems) Definition: Systems access control means the action taken to prevent unauthorized persons from using data processing systems. a) Who holds overall responsibility for implementing and ensuring compliance with systems access control? Controller Processor b) What action is taken to implement systems access control (user identification and authentication) and who carries out this action? (Please select appropriate answers and mark with a cross, as applicable) Co Pr • Authorization concept designed and implemented o Authorization concept for terminal devices (computers) ................................ ☐ ☐ o Authorization concept for systems ................................................................ ☐ ☐ • User identified and authorization verified ..................................................................... ☐ ☐ • User identity management system implemented .......................................................... ☐ ☐ • Access attempts monitored, including response to security issues .............................. ☐ ☐ Page 9 of 20