Technical and Organizational Manual

TD-506 Last Updated: August 8, 2018

Technical and Organizational Manual

Overview

This MIM Software Technical and Organizational Measures (TOM) provides a high-level overview of the technical and organizational measures implemented by MIM Software® Inc. (“MIM Software”) to protect personal data and ensure the ongoing confidentiality, integrity, and availability of MIM Services.

MIM Software may revise these measures from time to time in the interest of improving operational security. You may obtain the latest version of this document from the MIM Software website.

Terms and Definitions

Within this document, the following definitions apply:

1. Organization of Information Security

Objective

To describe MIM Software’s information security structure.

Measures

2. Information Security Management System

Objective

To demonstrate MIM Software’s ongoing commitment to improving information security.

Measures

3. Physical Access

Objective

To protect physical assets that contain Customer Data.

Measures - CORE

Measures - MIMcloud

Measures - MIMweb

4. System Access

Objective

To ensure system-level access to systems containing Customer Data is only possible for approved, authenticated users.

Measures

Measures - CORE

Measures - MIMcloud

Measures - MIMweb

5. Data Access/Data Deletion

Objective

To ensure persons authenticated to data processing systems are only allowed to access Customer Data they are authorized to access.

Measures

Measures - CORE

Measures - MIMcloud

Measures - MIMweb

6. Data Transmission/Storage

Objective

To ensure Customer Data is not accessed by unauthorized parties while in transit or after it is stored.

Measures

Measures - CORE

Measures - MIMcloud

Measures - MIMweb

7. Confidentiality and Integrity

Objective

To ensure Customer Data remains confidential, complete, and current during processing.

Measures

Measures - MIMcloud

8. Availability

Objective

To ensure Customer Data is protected from accidental destruction or loss; to provide timely recovery of Customer Data availability in the event of a Service Incident or Personal Data Breach.

Measures - CORE

Measures - MIMcloud

Measures - MIMweb

9. Job Control

Objective

To ensure Customer Data is processed on a Customer’s behalf in accordance with all relevant agreements including the use of subprocessors.

Measures

Measures - CORE

Measures - MIMcloud

Measures - MIMweb

10. Data Separation

Objective

To ensure all Customer Data is processed separately.

Measures - CORE

Measures - MIMcloud

Measures - MIMweb

11. Service Incident and Personal Data Breach Management

Objective

To take appropriate actions in the event of a Service Incident or Personal Data Breach that affects Customer Data.

Measures

Measures - MIMcloud

Measures - MIMweb

12. Compliance

Objective

To ensure the technical and organizational measures listed above are regularly reviewed for continued efficacy.

Measures