Need security related information on the Plugin #28
Description
Hello Team,
I am an Azure DevOps engineer from Husqvarna Group.
We would like to install the plugin provided to our ADO organization.
For this purpose, we would need some security related information:
Is any personal data/personally identifiable information (PII) either transmitted, processed and/or stored by the provided service?
☐ Yes ☐ No
· If the answer is Yes – please proceed with complementary questions below:
· a) When providing your services, which are the categories of personal data and categories of data subjects that you would normally process on behalf of the controller, and what are typically the purposes of the processing? Elaborate as a comment.
· b) Are you fully GDPR compliant? Please also provide comments/details to your answer in the column to the right.
☐ Yes ☐ No
· c) Can you sign a Data Processing Agreement (DPA)?
☐ Yes ☐ No
· d) Have you appointed a Data Protection Officer (DPO)?
☐ Yes ☐ No
· e) Elaborate as a comment how personal IP addresses are handled. If suppressed before storage; where does it take place and is there a possibility that the IP address gets registered in any component before it is being suppressed, e.g. load balancer logs.
· Can personal data be accessed from or is otherwise transferred (by you or your sub-processors) to countries outside the European Economic Area that are not considered by the EU Commission to provide an adequate level of protection (“third country”)?
☐ Yes ☐ No
· If the answer is Yes – please proceed with complementary questions below (providing answers in the Comment field):
· a) Specify what data and for what purpose(s);
· b) Specify which countries and any sub-processors used;
· c) Confirm whether a transfer impact assessment (“TIA”) has been done and the outcome of such TIA;
· d) Confirm which transfer mechanism is used;
· e) Account for any supplementary measures taken;
· f) Confirm if (i) you, in case you are established in a third country, or (ii) the relevant sub-processor(s), have access to data in the clear;
· g) Where encryption is applied, account for how the encryption keys are handled;
· h) Confirm if onward transfers from the sub-processors occur and if so, to which jurisdictions;
· i) For agreements with sub-processors based in a third country and which include the European Commission Standard Contractual Clauses (SCCs), please confirm if your agreements have been updated to include the new 2021 SCCs.
Could you please share the above information asap?