Arrow button to navigate back

Technical and Organizational Measures

  1. Scope and Applicability
    1. This technical and organizational measures (“TOMs”) provided below applies to the offering of Smart Forestry services provided by Komatsu Forest AB, a legal entity incorporated under Swedish law with reg no 556079-5949 (“Komatsu Forest”).
    2. The TOM document establishes and describes the appropri-ate technical and organizational measures implemented Komatsu Forest to ensure an appropriate level of protection and security when handling personal data. In assessing the appropriate level of protec-tion, consideration has been given to the risks associated with pro-cessing – in particular, through destruction, loss or alteration, whether accidental or unlawful, or unauthorized disclosure of, or unauthorized access to, personal data that has been transmitted, stored or processed in some other way.
  2. Technical measures
    1. preventing the unauthorized reading, copying, modification or removal of data media (‘data media control’)
    2. preventing the unauthorized input of personal data and the unauthorized inspection, modification or deletion of stored personal data (‘storage control’)
    3. preventing the use of automated processing systems by unauthorized persons using data communication equipment (‘user control’)
    4. ensuring that it is subsequently possible to verify and estab-lish which personal data have been input into automated processing systems and when and by whom the personal data were input (‘in-put control’),
    5. preventing the unauthorized reading, copying, modification or deletion of personal data during transfers of personal data or during transportation of data media (‘transport control’),
    6. ensuring that installed systems may, in the case of interrup-tion, be restored (‘recovery’),
    7. ensuring that the functions of the system perform, that the appearance of faults in the functions is reported (‘reliability’) and that stored personal data cannot be corrupted by means of a mal-functioning of the system (‘integrity’).
  3. Organizational measures
    1. ensuring that persons authorized to use an automated pro-cessing system have access only to the personal data covered by their access authorization (‘data access control’)
    2. ensuring that it is possible to verify and establish the bodies to which personal data have been or may be transmitted or made available using data communication equipment (‘communication control’),
  4. Physical measures
    1. denying unauthorized persons access to processing equip-ment used for processing (‘equipment access control’).