This technical and organizational measures (“TOMs”) provided below applies to the
offering of Smart
Forestry services provided by Komatsu Forest AB, a legal entity incorporated under Swedish law
with
reg no 556079-5949 (“Komatsu Forest”).
The TOM document establishes and describes the appropri-ate technical and organizational
measures implemented Komatsu Forest to ensure an appropriate level of protection and security
when
handling personal data. In assessing the appropriate level of protec-tion, consideration has
been
given to the risks associated with pro-cessing – in particular, through destruction, loss or
alteration, whether accidental or unlawful, or unauthorized disclosure of, or unauthorized
access
to, personal data that has been transmitted, stored or processed in some other way.
Technical measures
preventing the unauthorized reading, copying, modification or removal of data media (‘data media
control’)
preventing the unauthorized input of personal data and the unauthorized inspection, modification
or deletion of stored personal data (‘storage control’)
preventing the use of automated processing systems by unauthorized persons using data
communication equipment (‘user control’)
ensuring that it is subsequently possible to verify and estab-lish which personal data have been
input into automated processing systems and when and by whom the personal data were input
(‘in-put control’),
preventing the unauthorized reading, copying, modification or deletion of personal data during
transfers of personal data or during transportation of data media (‘transport control’),
ensuring that installed systems may, in the case of interrup-tion, be restored (‘recovery’),
ensuring that the functions of the system perform, that the appearance of faults in the
functions is reported (‘reliability’) and that stored personal data cannot be corrupted by means
of a mal-functioning of the system (‘integrity’).
Organizational measures
ensuring that persons authorized to use an automated pro-cessing system have access only to the
personal data covered by their access authorization (‘data access control’)
ensuring that it is possible to verify and establish the bodies to which personal data have been
or may be transmitted or made available using data communication equipment (‘communication
control’),
Physical measures
denying unauthorized persons access to processing equip-ment used for processing (‘equipment
access control’).