Kaspersky Security Center Cloud Console Data Processing Agreement

 

Kaspersky Security Center Cloud Console

 
 
 

Kaspersky Security Center Cloud Console Data Processing Agreement

Back to article list
Latest update: June 30, 2020 ID: 15448
 
 
 
 

KASPERSKY SECURITY CENTER CLOUD CONSOLE DATA PROCESSING AGREEMENT

This data processing agreement ("DPA") forms an integral part of the Kaspersky Security Center Cloud Console Agreement ("Agreement") on provision of the Kaspersky Security Center Cloud Console ("Product") between Kaspersky Lab and User. The attached annex(es) and appendices supplement the terms of this DPA. If the parties previously entered into a data processing agreement for Product, this DPA shall now supersede the foregoing.

All terms used in this DPA have the same meaning as in the Agreement. Terms used here with reference to the EU General Data Protection Regulation (2016/679), such as "personal data breach," "processing," "controller," "processor," and "data subject," will have the same meaning as set forth in Article 4 of the GDPR.

This DPA specifies the terms and conditions for activities of commissioned processing of User Data, especially in relation to the processing of personal data ("Personal Data") included in User Data, in connection with the Agreement.

1. Scope and Roles

1.1. This DPA applies to the processing of User Data by Kaspersky Lab on behalf of User.

1.2. User and Kaspersky Lab agree that User is the controller ("Controller") of User Data and Kaspersky Lab is the processor ("Processor") of such data.

1.3. This DPA does not limit or reduce any data protection commitments Kaspersky Lab makes to User in the Agreement or other agreement between User and Kaspersky Lab and/or its Partners.

1.4. User Data will be used only for the purpose of providing User with the Product, including purposes necessary to and consistent with providing the Product, as specified in the Annex 1 of this DPA. User retains all right, title, and interest in and to User Data. Kaspersky Lab does not acquire any rights in User Data other than the rights necessary to provide the Product to the User.

1.5. DPA will remain in full force and effect until all of the User Data is deleted or extracted from Kaspersky Lab's systems in accordance with the Agreement and Annex 1 of this DPA.

1.6. This DPA does not apply where Kaspersky Lab is a controller processed data.

1.7. Before using the Product, the User must specify the location of its organization. The specified location of the organization will determine where the User Data will be processed according to the Online Help by Kaspersky Lab or its affiliates or sub-contractors. In accordance with this instruction, User appoints Kaspersky Lab to perform transfer of User Data to the chosen location and to store and process User Data in order to provide the Product. Kaspersky Lab does not control or limit the regions from which User or User's end users may access or move User Data.

1.8. When providing technical support service to User, Kaspersky Lab will have access to the User Data from Russia.

1.9. Annex 2 to this DPA is the Standard Contractual Clauses (processors), which are based on the Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of Personal Data to processors established in third countries, under Directive 95/46/EC). Standard Contractual Clauses apply to the transfer and processing of Personal Data outside of the EEA to a third country, which does not otherwise provide adequate protection for personal data, in the course of providing the Product. Standard Contractual Clauses shall prevail over any conflicting section of the DPA and/or the Agreement.

2. Kaspersky Lab Obligations

2.1. Kaspersky Lab shall not engage another processor without prior specific or general written authorization of User. In the case of general written authorization, Kaspersky Lab shall inform User of any intended changes concerning the addition or replacement of other processors, thereby giving User the opportunity to object to such changes.

2.2. The subject-matter and duration of the processing, the nature and purpose of the processing, the type of User Data, the categories of data subjects and the obligations and rights of the User are set forth in the Agreement, including this DPA. In particular, Kaspersky Lab shall:

  • process User Data, including with regard to transfers of User Data to a third country or an international organization, only in accordance with User's instructions within the scope of and for purposes of Product as described in the Agreement and this DPA. The Agreement including this DPA, along with User's use and configuration of features in the Product, are User's complete instructions to Kaspersky Lab for the processing of User Data;
  • ensure that persons authorized to process the User Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
  • take all measures required pursuant to Article 32 of the GDPR;
  • respect the conditions for engaging another processor;
  • taking into account the nature of the processing, assist User by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the User's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR;
  • assist User in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to Kaspersky Lab;
  • at the choice of User, delete or return all the User Data to User after the end of the provision of Product, and delete existing copies;
  • make available to User all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by User or another auditor mandated by User.

2.3. Kaspersky Lab shall notify User without undue delay after becoming aware of a personal data breach in a form required by the law. Notification(s) will be delivered to one or more of User’s administrators by any means Kaspersky Lab selects, including via email. It is User’s sole responsibility to ensure User’s administrators maintain accurate contact information. Obligation to report or respond about a personal data breach is not an acknowledgement by Kaspersky Lab of any fault or liability with respect to that a personal data breach.

2.4. Kaspersky Lab shall implement and maintain appropriate technical and organizational measures intended to protect User Data as described in Annex 1 Subsection 2 of this DPA against accidental, unauthorized or unlawful access, disclosure, alteration, loss, or destruction. The technical and organizational measures are subject to technical progress and development. Kaspersky Lab may implement adequate alternative measures that provide at least the same level of security as the specified measures.

2.5. User and Kaspersky Lab shall take steps to ensure that any person acting under the authority of User or Kaspersky Lab who has access to User Data does not process them except on instructions from User.

3. User Obligations

3.1. User shall be responsible for compliance with applicable data protection regulations and laws including but not limited to all transfer of User Data to Kaspersky Lab.

3.2. User may notify Kaspersky Lab in written form and within ninety (90) days after expiration or termination of the User license extract User Data by reasonable measures or delete the stored User Data. User shall notify Kaspersky Lab without undue delay, if User is unable to retrieve User Data within this time period. After the time period has elapsed without notification by User, Kaspersky Lab shall delete all stored User Data, unless Kaspersky Lab is legally prohibited to do so.

4. User Audit

4.1. User shall be allowed to audit Kaspersky Lab's compliance with Kaspersky Lab's obligations under this DPA as required by applicable data protection laws. For this purpose, Kaspersky Lab shall reasonably support User and upon written request by User provide the necessary information.

4.2. After notifying Kaspersky Lab at least five weeks in advance, User may also conduct the audit by an on-site inspection of Kaspersky Lab's data processing facilities and activities during regular business hours and without serious interruption of Kaspersky Lab's daily operations. To conduct the audit on its behalf, User may also select a sufficiently qualified independent third party auditor, who has been obligated to confidentiality and shall not be a competitor of Kaspersky Lab.

4.3. User shall document the audit process and provide Kaspersky Lab with a report on all determined breaches of Kaspersky Lab's obligations under this DPA, if applicable. User and Kaspersky Lab will agree on reasonable measures to ensure future compliance.

4.4. User shall bear all costs for conducting audits and will reimburse Kaspersky Lab for any personal resources expended to support the audit at Kaspersky Lab's then current professional services rates.

5. Sub-processing

5.1. User authorizes Kaspersky Lab to engage sub-processors for the processing of User Data in accordance with this DPA. A list of current sub-processors is available under the following URL <a href="https://click.kaspersky.com/?hl=en&link=online_help&pid=KSC&version=1.0.0&helpid=138094">https://click.kaspersky.com/?hl=en&link=online_help&pid=KSC&version=1.0.0&helpid=138094</a>. At least fourteen (14) days before authorizing any new sub-processor to access User Data, Kaspersky Lab will provide the notice to User about it.

5.2. Kaspersky Lab will ensure that sub-processors are bound by written agreements that require them to provide at least the level of data protection required of Kaspersky Lab by this DPA.

6. Severability

6.1. The term of this DPA follows the term of the Agreement. Where inpidual provisions of this DPA are invalid or unenforceable, the validity and enforceability of the other provisions of this DPA shall not be affected.

ANNEX 1. ADDITIONAL TERMS OF DATA PROCESSING AND SECURITY

1. Additional Terms of Data Processing

1.1. Duration of data processing. The duration of data processing shall be for the duration of License Term. After expiration or termination of User license, Kaspersky Lab will delete or return User Data in accordance with the terms and timelines set forth in the Agreement.

1.2. Reason for data processing. The reason for data processing is to provide the Product to User, to provide technical support to the User, to fulfill other obligation under the Agreement.

1.3. Category of data subjects. The categories of data subjects are User’s representatives and end users, such as employees, contractors, collaborators, and customers.

1.4. Scope and purposes of processing personal data. Kaspersky Security Center Cloud Console enables the user to identify and control devices (and the device owners) connected to Kaspersky Security Center Cloud Console, by means of the features of managed applications.

Data provision methods

• The User enters data in the Kaspersky Security Center Cloud Console interface.

• Network Agent receives data from the device and transfers it to Administration Server.

• Network Agent receives data collected by the Kaspersky managed Software and transfers it to Administration Server. The list of data processed by Kaspersky managed Software is provided in the Help of the corresponding Software.

For such purposes, Processor may receive, store, and process the following types of data:

Kaspersky Security Center Cloud Console and Network Agent data

1. Details of devices detected in the organization’s network.

Network Agent receives the data listed below from the networked devices and transfers it to Administration Server:

a. Technical specifications of the detected device and its components required for device identification and received by means of network polling:

• Active Directory polling:

Distinguished name of the device; Windows domain name received from the domain controller; device name in Windows environment; DNS domain and DNS name of the device; Security Account Manager (SAM) account (logon name used to support clients and servers running earlier versions of the operating system, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager); distinguished name of the domain; distinguished names of the groups to which the device belongs; distinguished name of the user who manages the device; device GUID and Parent GUID

When the Active Directory network is polled, the following types of data are also processed for the purpose of displaying information about the managed infrastructure and use of this information by the User, for example, during protection deployment:

• Active Directory organizational units (OUs): distinguished name of the OU; distinguished name of the domain; GUID и Parent GUID of the OU.

• Active Directory domains: name of the Windows domain received from the domain controller; DNS domain; domain GUID.

• Display name of the user; distinguished name of the user; distinguished name of the domain; user’s organization name; name of the department where the user is employed; distinguished name of the user acting as the user’s manager; full name of the user; Security Account Manager (SAM) account; email address; additional email address; main phone number; alternate phone number; mobile phone number; user's position; distinguished names of the groups to which the user belongs; user GUID; user security identifier (SID) (unique binary value used to identify the user as a security principal); user login (User Principal Name (UPN)—Internet-style login name for a user based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember. By convention, the UPN maps to the user email name).

• Active Directory groups: distinguished name of the group; email address; distinguished name of the domain; SAM account; distinguished names of other groups to which the user belongs; user SID; group GUID.

b. Windows domain polling:

• Name of the Windows domain or workgroup

• Device NetBIOS name

• DNS domain and DNS name of the device

• Device name and description

• Device visibility in the network

• Device IP address

• Device type: workstation, server, SQL Server, domain controller

• Type of the operating system installed on the device

• Version of the device’s operating system

• Time the information about the device was last updated

• Time the device was last visible in the network

c. IP range polling:

• Device IP address

• DNS name or NetBIOS name of the device

• Device name and description

• Device MAC address

• Time the device was last visible in the network

2. Details of managed devices.

Network Agent transfers the data listed below from the device to Administration Server. The user enters the display name and description of the device in the Kaspersky Security Center Cloud Console interface:

a. Technical specifications of the managed device and its components required for device identification:

• Display name (generated on the basis of the NetBIOS name, can be modified manually) and description of the device (entered manually)

• Name of the Windows domain or workgroup: Windows NT domain / Windows workgroup

• Device name in the Windows environment

• DNS domain and DNS name of the device

• Device IP address

• Device subnet mask

• Device network location

• Device MAC address

• Type of the operating system installed on the device

• Whether the device is a virtual machine, hypervisor type

• Whether the device is a dynamic virtual machine in Virtual Desktop Infrastructure (VDI)

• Device GUID

• Network Agent instance ID

• Network Agent installation settings

• Network Agent permanent ID

b. Other specifications of managed devices and their components required for audit of managed devices and for making decisions about whether specific patches and updates are applicable:

• Windows Update Agent (WUA) status

• Operating system architecture

• Operating system vendor

• Operating system build number

• Operating system release ID

• Operating system location folder

• If the device is a virtual machine—the virtual machine type

• Device response waiting time

• Whether Network Agent is running in stand-alone mode

c. Detailed information about the activity on managed devices:

• Date and time of the last update

• Date and time the device was last visible in the network

• Whether the restart waiting status is "Restart is required”

• Time the device was turned on

d. Details of device user accounts and their work sessions.

e. Distribution point operation statistics if the device is a distribution point:

• Date and time the distribution point was created

• Work folder name

• Work folder size

• Number of synchronizations with the Administration Server

• Date and time the device last synchronized with the Administration Server

• Number and total size of transferred files

• Number and total size of files downloaded by clients

• Volume of data downloaded by clients using Transmission Control Protocol (TCP)

• Volume of data sent to clients using multicasting

• Volume of data downloaded by clients using multicasting

• Number of multicast distributions

• Total volume of multicast distribution

• Number of synchronizations with clients after the last synchronization with the Administration Server

3. Details of Kaspersky applications installed on the device.

The managed application transmits the following types of data from the device to the Administration Server using Network Agent:

a. Managed applications and Kaspersky Security Center Cloud Console components installed on the device.

b. Settings of the Kaspersky applications installed on the managed device:

• Name and version of Kaspersky Lab applications

• Status

• Real-time protection status

• Last device scan date and time

• Number of threats detected

• Number of objects that failed to be disinfected

• Tasks for the Kaspersky security application

• Availability and status of the Kaspersky application components

• Time of the last update and version of anti-virus databases

• Details of Kaspersky application settings

• Information about the active license key

• Information about the reserve license key

• Application installation date

• Application installation ID

c. Application operation statistics: events related to the changes in the status of Kaspersky application components on the managed device and to the performance of tasks initiated by the application components.

d. Device status defined by the Kaspersky Lab application.

e. Tags assigned by the Kaspersky Lab application.

f. Set of installed and applicable updates for the Kaspersky application:

• Display name, version, and language of the application

• Internal name of the application

• Application name and version from the registry key

• Application installation folder

• Patch version

• List of installed application autopatches

• Whether the application is supported by Kaspersky Security Center

• Whether the application is installed on a cluster

g. Information about data encryption errors on devices: error ID, time of occurrence, operation type (encryption / decryption), error description, file path, description of encryption rule, device ID, and user name.

4. Events of Kaspersky Security Center Cloud Console components and Kaspersky managed applications.

Network Agent transfers data from the device to the Administration Server.

The description of an event can contain the following data:

• Device name

• Device user name

• Name of the administrator who connected to the device remotely

• Name, version, and vendor of the application installed on the device

• Path to the application installation folder on the device

• Path to the file on the device and file name

• Application name and command-line parameters under which the application was run

• Patch name, patch file name, patch ID, level of the vulnerability fixed by the patch, description of the patch installation error

• Device IP address

• Device MAC address

• Device restart status

• Name of the task that published the event

• Whether the device switched to stand-alone mode and reason for switching

• Information about the incident on the device: incident type, incident name, severity level, incident description, incident details transmitted by the Kaspersky application

• Size of free disk space on the device

• Whether the Kaspersky application is running in limited functionality mode, IDs of functional scopes

• Old and new value of the Kaspersky application setting

• Description of the error that that occurred when the Kaspersky application or any of its components performed the operation

5. Settings of Kaspersky Security Center Cloud Console components and Kaspersky managed applications presented in policies and policy profiles.

The User enters data in the Kaspersky Security Center Cloud Console interface.

6. Task settings of Kaspersky Security Center Cloud Console components and Kaspersky managed applications.

The User enters data in the Kaspersky Security Center Cloud Console interface.

7. Data processed by the Vulnerability and Patch Management feature.

Network Agent transfers the following types of data from the device to the Administration Server:

a. Details of applications and patches installed on managed devices (Applications registry). Identification of applications is possible based on information about executable files detected by the Application Control feature on managed devices:

• Application / patch ID

• Parent application ID (for a patch)

• Application / patch name and version

• Whether the application / patch is an MSI file

• Application / patch vendor

• Localization language ID

• Application / patch installation date

• Application installation path

• Technical Support website of the application / patch vendor

• Technical Support phone number

• ID of the installed application instance

• Comment

• Uninstallation key

• Key for installation in silent mode

• Patch classification

• Web address for additional information about the patch

• Registry key of the application

• Application build number

• User SID

b. Information about the hardware detected on managed devices (Hardware registry): 

• Device ID

• Device type: Motherboard, CPU, RAM, Mass storage device, Video adapter, Sound card, Network interface controller, Monitor, Optical disc drive

• Device name

• Description

• Vendor

• Serial number

• Revision

• Information about the driver: developer, version, description, release date

• Information about BIOS: developer, version, serial number, release date

• Chipset

• Clock rate

• Number of CPU cores

• Number of CPU threads

• CPU platform

• Storage device rotation speed

• RAM: type and inventory number

• Video memory

• Sound card codec

c. Details of vulnerabilities in third-party software detected on managed devices:

• Vulnerability ID

• Vulnerability severity level: Warning, High, Critical

• Vulnerability type: Microsoft, Third-party developer

• Web address of the page on which the vulnerability is described

• Time the vulnerability entry was created

• Vendor name

• Vendor localized name

• Vendor ID

• Application name

• Application localized name

• Application installation code

• Application version

• Application localization language

• List of CVE identifiers from the vulnerability description

• Kaspersky protection technologies blocking the vulnerability: File Threat Protection, Behavior Detection, Web Threat Protection, Mail Threat Protection, Host Intrusion Prevention, ZETA Shield

• Path to the object file in which the vulnerability was detected

• Vulnerability detection time

• IDs of the Knowledge Base articles from the vulnerability description

• IDs of the security bulletins from the vulnerability description

• List of updates for the vulnerability

• Whether an exploit exists for the vulnerability

• Whether malware exists for the vulnerability

d. Details of updates available for third-party applications installed on managed devices:

• Application name and version

• Vendor

• Application localization language

• Operating system

• List of patches according to installation sequence

• Original version of the application to which the patch is applied

• Application version after patch installation

• Patch ID

• Build number

• Installation flags

• License Agreements for the patch

• Whether patch installation is a prerequisite for installation of other patches

• List of required installed applications and their updates

• Sources of information about the patch

• Additional information about the patch: addresses of web pages

• Web address for patch download, file name, version, revision, and SHA-256

e. Details of Microsoft updates found by the Windows Server Update Services (WSUS) feature:

• Update revision number

• Microsoft update type: Driver, Application, Category, Detectoid

• Update importance level according to the Microsoft Security Response Center (MSRC) bulletin: Low, Medium, High, Critical

• IDs of the MSRC security bulletins related to the update

• IDs of articles in the MSRC Knowledge Base

• Update name (header)

• Update description

• Whether the update installer is interactive

• Installation flags

• Update classification: Critical Updates, Definition Updates, Drivers, Feature Packs, Security Updates, Service Packs, Tools, Update Rollups, Updates, Upgrade

• Information about the application to which the update is applied

• End User License Agreement (EULA) ID

• EULA text

• Whether the EULA must be accepted for update installation

• Information about the associated updates (ID and revision number)

• Update ID (Global Microsoft Windows update identity)

• IDs of superseded updates 

• Whether the update is hidden

• Whether the update is mandatory

• Update installation status: Not applicable, Not assigned for installation, Assigned, Installing, Installed, Failed, Restart is required, Not assigned for installation (new version)

• CVE IDs for the update

• Company that released the update, or the "Company missing” value

f. List of Microsoft updates found by the WSUS feature that must be installed on the device.

8. Information about executable files detected on managed devices by the Application Control feature (may be associated with information from the Applications registry). A full list of data is given in the section that describes data for devices managed through the corresponding application.

The managed application transfers data from the device to Administration Server through Network Agent.

9. Information about files placed in Backup. A full list of data is given in the section that describes data for devices managed through the corresponding application.

The managed application transfers data from the device to Administration Server through Network Agent.

10. Information about files requested by Kaspersky specialists for detailed analysis. A full list of data is given in the section that describes data for devices managed through the corresponding application.

The managed application transfers data from the device to Administration Server through Network Agent.

11. Information about the status and triggering of Adaptive Anomaly Control rules. A full list of data is given in the section that describes data for devices managed through the corresponding application.

The managed application transfers data from the device to Administration Server through Network Agent.

12. Information about devices (memory units, information transfer tools, information hardcopy tools, and connection buses) installed or connected to the managed device and detected by the Device Control feature. A full list of data is given in the section that describes data for devices managed through the corresponding application.

The managed application transfers data from the device to Administration Server through Network Agent.

13. Details of the entered activation codes.

The User enters data in the Kaspersky Security Center Cloud Console interface.

14. User accounts.

The User enters the data listed below in the Kaspersky Security Center Cloud Console interface:

a. Name

b. Description

c. Full name

d. Email address

e. Main phone number

f. Password

15. Revision history of the following management objects: Administration Server, Administration group, Policy, Task, User / security group, Installation package.

The User enters data in the Kaspersky Security Center Cloud Console interface.

16. Registry of deleted management objects.

The User enters data in the Kaspersky Security Center Cloud Console interface.

17. Installation packages created from the file, as well as installation settings.

The User enters data in the Kaspersky Security Center Cloud Console interface.

18. Kaspersky Security Center Cloud Console user settings.

The User enters the data listed below in the Kaspersky Security Center Cloud Console interface:

a. User interface localization language

b. User interface theme

c. Display settings of the monitoring panel

d. Information about the status of notifications: Already read / Not yet read

e. Status of columns in spreadsheets: Show / Hide

f. Tutorial progress

19. Data that the User enters in the Kaspersky Security Center Cloud Console interface:

a. Administration group name when creating a hierarchy of administration groups

b. Email address when configuring email notifications

c. Tags for devices and tagging rules

d. Tags for applications

e. User categories of applications

f. Role name when assigning a role to a user

g. Information about subnets: subnet name, description, address, and mask

h. Settings of reports and selections

i. Any other data entered by the User

20. Data received from a slave Administration Server deployed on-premises.

When connecting a Kaspersky Security Center Administration Server deployed on-premises as a slave in relation to Kaspersky Security Center Cloud Console, Kaspersky Security Center Cloud Console processes the following types of data from the slave Administration Server:

a. Information about the devices in the organization’s network received as a result of device discovery in the Active Directory network or Windows network, or through scanning of IP intervals 

b. Information about the Active Directory organizational units, domains, users, and groups received as a result of Active Directory network polling 

c. Information about managed devices, their technical specifications, including those required for device identification, accounts of device users and their working sessions 

d. Information about mobile devices transferred by using the Exchange ActiveSync protocol

e. Information about mobile devices transferred by using the iOS MDM protocol

f. Details of Kaspersky applications installed on the device: settings, operation statistics, device status defined by the application, installed and applicable updates, tags

g. Information transferred with event settings from Kaspersky Security Center components and Kaspersky managed applications

h. Settings of Kaspersky Security Center components and Kaspersky managed applications presented in policies and policy profiles

i. Task settings of Kaspersky Security Center components and Kaspersky managed applications 

j. Data processed by the Vulnerability and Patch Management feature: details of applications and patches; information about the hardware; details of vulnerabilities in third-party software detected on managed devices; details of updates available for third-party applications; details of Microsoft updates found by the WSUS feature

k. User categories of applications 

l. Details of executable files detected on managed devices by the Application Control feature

m. Details of files placed in Backup 

n. Details of files placed in Quarantine 

o. Details of files requested by Kaspersky specialists for detailed analysis 

p. Information about the status and triggering of Adaptive Anomaly Control rules 

q. Details of devices (memory units, information transfer tools, information hardcopy tools, and connection buses) installed or connected to the managed device and detected by the Application Control feature 

r. Encryption settings of the Kaspersky application: repository of encryption keys, device encryption status

s. Information about the errors of data encryption performed on devices using the Data encryption feature of Kaspersky applications 

t. List of managed programmable logic controllers (PLCs) 

u. Details of the entered activation codes 

v. User accounts 

w. Revision history of management objects 

x. Registry of deleted management objects

y. Installation packages created from the file, as well as installation settings

z. Kaspersky Security Center Web Console user settings

aa. Any data that the User enters in the Administration Console or Kaspersky Security Center Web Console interface

bb. Certificate for secure connection of managed devices to the Kaspersky Security Center components

21. Information uploaded from the managed device when using the Remote Diagnostics feature: diagnostic files (dump files, log files, trace files, etc.) and data contained in those files.

Data for devices managed through Kaspersky Endpoint Security 11 for Windows

The managed application transfers data from the device to Administration Server through Network Agent.

Settings of the Kaspersky application installed on the managed device:

1. Information about the anti-virus databases used in the application: 

a. List of anti-virus database categories required for the application 

b. Date and time the currently used anti-virus databases were released and downloaded to the application 

c. Number of records in the currently used anti-virus databases 

2. Information about the licenses used by the application: 

a. License serial number and type 

b. Validity period in days 

c. Number of devices for which the license was issued 

d. License generation and expiration dates 

e. License status 

f. Date and time the application was last successfully synchronized with the activation servers, if the application had been activated using an activation code 

g. ID of the application to which the license was provided 

h. Available functionality; name of the organization to which the license was provided 

i. Additional information in case the subscription license is used (subscription license criterion, expiration date and number of days available for subscription license renewal, web address of the subscription license provider, current status and cause for assuming this status), date and time the application was activated on the device 

j. Date and time the license is set to expire on the device

3. Criterion and cause of required device restart, as well as the time of the issue that made the restart necessary.

4. Information about application updates: 

a. List of updates that must be installed or deleted; update release date and presence of Critical status 

b. Name, version, and brief description of the update 

c. Link to the article on the Kaspersky website with a detailed description of the update 

d. Text of the EULA of the update 

e. Criterion of update deletion possibility 

f. Version of the application policy and plug-in 

g. Web address for download of the application plug-in 

h. Names of the installed application updates, their installation version and date 

i. Error code and description if the update installation or deletion returned an error 

5. List of tags assigned to the device. 

6. List of device statuses and their causes.

7. Encryption status, as well as key length and algorithm of the currently used cryptographic module.

8. General status of the application and status of all its components; information about conformance with policy; real-time protection status.

9. Date and time of the last scan of the device, number of objects scanned; number of malicious objects detected; number of objects blocked, deleted, and disinfected; number of objects that failed to be disinfected; number of scan errors; number of network attacks detected.

10. Information about currently applied application settings; current status and performance results of group and local tasks, as well as values of their settings. 

11. Information about executable files detected on the device: 

a. File name, path, type, and hash 

b. Date and time of the first run 

c. Information from the VersionInfo file: file version, application name and version, organization 

d. Trust group to which the application belongs 

e. List of categories to which the application belongs 

f. Details of certificate with which the application was signed: serial number, fingerprint, publisher, subject, publishing date, expiration date, and public key

12. Information about external devices connected to the client devices: ID, name, class, vendor, description, serial number, and VID/PID. 

13. Information about files placed in Backup (name, path, object size and type, object description, name of detected threat, version of the anti-virus databases with which the threat was detected, date and time of object placement in Backup), as well as the files themselves, upon a request from the administrator.

14. Information about files requested by Kaspersky experts for detailed analysis (name, path, object size and type, object description, date and time of file request processing), as well as the files themselves, upon a request from the administrator.

15. Details of the triggering of Adaptive Anomaly Control rules: 

a. Rule ID and name 

b. Number of rule triggers 

c. Name and SID of the user on whose behalf the process was initiated 

d. Description of the suspicious activity source 

e. Description of the object that suspicious activity is aimed at

16. Information about the status of Adaptive Anomaly Control rules: 

a. Rule ID and name 

b. Number of rule triggers 

c. Rule status: Off, Smart Training state, Block state, Smart Block state, Notify state 

d. Training progress

17. Information about the operation of each application component and about the performance of each task presented as events: 

a. Date and time the event occurred 

b. Event name and type 

c. Importance level

d. Name of the task or application component in whose operation the event occurred 

e. Information about the third-party application that caused the event (third-party application name, path to the file on disk, process ID, values of settings in case an event of the application startup or modification of the application settings is published, as well as information about the attacked software module in case self-defense detected an attack) 

f. Name and type (System, Active, Event originator) of the user whose actions caused the event occurrence 

g. Object or action processing result (description, type, name, severity level and precision, file name and type of the operation performed on the device, and the application’s decision on this operation) 

h. Object details (object name and type, path to the object on disk, file version, size, as well as third-party application name and vendor name in case of Application Control events) 

i. Information about the performed action 

j. Description of the event occurrence origin 

k. Connection details: protocol, status, remote address and port, local address and port, zone 

l. Device details: vendor name, device name, path, device type, bus type, ID, VID/PID 

m. Details of the category to which the object belongs and source of categorization 

n. Details of the certificate with which the object has been signed: certificate publisher, subject, and fingerprint

o. Details of the triggered Application Control rule (name and type) and result of its application 

p. Information about temporary access provided: provision date, time, and duration 

q. Information about active and blocked connections: name, description, and type

r. Details of the requested web address 

18. Details of the triggered Web Control rule: rule name, content category and its source, address mask. 

19. Release date of downloaded updates of anti-virus databases. 

20. Details of the module in events related to the integrity check task operation (type, name, and path on disk) and its check results.

Data for devices managed through Kaspersky Endpoint Security 11 for Linux

The managed application transfers data from the device to Administration Server through Network Agent.

Settings of the Kaspersky application installed on the managed device:

1. Information about the anti-virus databases used in the application: 

a. List of anti-virus database categories required for the application 

b. Date and time the currently used anti-virus databases were released and downloaded to the application 

c. Number of records in the currently used anti-virus databases 

2. Information about the licenses used by the application: 

a. License serial number and type 

b. License validity period (in days) 

c. Number of devices that the license covers 

d. License generation date and validity period expiration date 

e. License status 

f. Date and time of the last successful synchronization with activation servers (if the application was activated by using an activation code) 

g. ID of the application for which the license was provided; available functionality 

h. Name of the company for which the license was provided 

i. Additional information in case the subscription is used (subscription criterion, expiration date and number of days available for subscription renewal, web address of the subscription provider, current status and reason for assigning this status), date and time the application was activated on the device 

j. Date and time the license is set to expire on the device

3. Criterion and reason for required restart of the device or application during the application update.

4. Information about application updates: 

a. List of updates that must be installed or deleted 

b. Update release date and presence of Critical status 

c. Name, version, and brief description of the update 

d. Link to the article with a detailed description of the update 

e. Text of the EULA of the update 

f. Criterion of update deletion possibility; version of the policy and plug-in of the managed application 

g. Web address for download of the plug-in of the managed application 

h. Names of the installed application updates, their installation version and date 

i. Error code and description if the update installation or deletion returned an error 

5. List of tags assigned to the device, list of device statuses and their causes.

6. General status of the application and status of all its components; information about conformance with policy, real-time protection status.

7. Date and time of the last scan of the device, number of objects scanned; number of malicious objects detected; number of objects blocked, deleted, and disinfected; number of objects that failed to be disinfected; number of scan errors; number of network attacks detected.

8. Information about currently applied application settings. 

9. Current status and performance results of group and local tasks, as well as values of their settings. 

10. Information about external devices connected to the client devices: ID, name, class, vendor, description, serial number, and VID/PID. 

11. Information about files placed in Backup (name, path, object size and type, object description, name of the detected threat, version of the anti-virus databases with which the threat was detected, date and time of object placement in Backup, actions (delete, restore) performed on the object in Backup), as well as the files themselves, upon a request from the administrator.

12. Information about the operation of each application component and about the performance of each task presented as events: 

a. Date and time when the event occurred 

b. Event name and type 

c. Importance level 

d. Name of the task or application component in whose operation the event occurred 

e. Information about the application that triggered the event: application name, path to the file on disk, process ID, values of settings in case an event of the application startup or modification of the application settings is published 

f. User ID 

g. Name of the originator (task scheduler, or application, or Kaspersky Security Center, or name of the user who performed the action) whose actions led to the event occurrence 

h. Name and ID of the user who initiated access to the file 

i. Object or action processing result: description, type, name, severity level and precision, file name and type of the operation performed on the device, and the application’s decision on this operation 

j. Object details (object name and type, path to the object on disk, object version, size, information about the performed action, description of the event occurrence origin, description of the reason for the non-processing and skipping of the object); device details: vendor name, device name, path, device type, bus type, ID, VID/PID 

k. Information about device locking and unlocking; information about blocked connections: name, description, device name, protocol, remote address and port, local address and port, packet rules, actions 

l. Details of the requested web address 

m. Details of detected objects 

n. Detection type and method 

o. Details of anti-virus databases: release date of downloaded updates of anti-virus databases, information about the application of databases, errors in the application of anti-virus databases, information about the cancellation of installed updates of anti-virus databases 

p. Details of encryption detection: encoder name, name of the device on which encryption was detected, information about device locking and unlocking 

q. Application settings and network settings 

r. Information about KSN (accepted agreements, modes, errors)

13. Information about the user role: 

a. Name and ID of the user who initiated the user role modification

b. User role

c. Name of the user who was assigned or revoked the role.

Data for devices managed through Kaspersky Endpoint Security 11 for Mac

The managed application transfers data from the device to Administration Server through Network Agent.

Settings of the Kaspersky application installed on the managed device:

1. Information about the anti-virus databases used in the application: 

a. List of anti-virus database categories required for the application 

b. Date and time the currently used anti-virus databases were released and downloaded to the application 

c. Number of records in the currently used anti-virus databases 

2. Information about the licenses used by the application: 

a. License serial number and type 

b. License validity period (in days) 

c. Number of devices for which the license was provided 

d. License generation date and validity period expiration date 

e. License status 

f. Date and time the application was last successfully synchronized with the activation servers, if the application had been activated using an activation code 

g. ID of the application to which the license was provided 

h. Available functionality 

i. Name of the company for which the license was provided 

j. Additional information in case subscription is used (subscription criterion, expiration date and number of days available for subscription renewal, web address of the subscription provider, current status and cause for assuming this status), date and time the application was activated on the device 

k. Date and time the license is set to expire on the device

3. Criterion and cause of required device restart, as well as the time of the issue that made the restart necessary.

4. Encryption status.

5. General status of the application and status of all its components; information about conformance with policy, real-time protection status.

6. Date and time of the last scan of the device, number of objects scanned; number of malicious objects detected; number of objects blocked, deleted, and disinfected; number of objects that failed to be disinfected; number of scan errors; number of network attacks detected.

7. Information about currently applied application settings; current status and performance results of group and local tasks, as well as values of their settings. 

8. Information about files placed in Backup (name, path, object size and type, object description, name of detected threat, version of the anti-virus databases with which the threat was detected, date and time of object placement in Backup), as well as the files themselves, upon a request from the administrator.

9. Information about the operation of each application component and about the performance of each task presented as events: 

a. Date and time when the event occurred 

b. Event name and type 

c. Importance level 

d. Name of the task or application component in whose operation the event occurred 

e. Information about the application that triggered the event: application name, path to the file on disk, process ID 

f. Name and type (System, Active, Event originator) of the user whose actions caused the event occurrence 

g. Object or action processing result: description, type, name, severity level and precision, file name and type of the operation performed on the device, and the application’s decision on this operation 

h. Object details: object name and type, path to the object on disk, object version, size 

i. Information about the performed action 

j. Description of the event occurrence origin; connection details: protocol, status, remote address and port, local address and port, zone 

k. Details of the category to which the object belongs and source of categorization 

l. Details of the certificate with which the object has been signed: certificate publisher, subject, and fingerprint 

m. Information about active and blocked connections: name, description, and type 

n. Details of the requested web address 

10. Details of the triggered Web Control rule: rule name, content category and its source, address mask.

11. Release date of downloaded updates of anti-virus databases. 

12. Details of the module in events related to the integrity check task operation (type, name, and path on disk) and its check results.

Data for devices managed through Kaspersky Endpoint Agent

The managed application transfers data from the device to Administration Server through Network Agent.

Settings of the Kaspersky application installed on the managed device:

1. Information about the application, the device, the license, and the updates:

a. Time when the application was installed and last modified

b. Display name of the application

c. Application version with build number

d. Information about the current license key:

• License key type (Commercial, Beta, Trial, Test, OEM)

• License key period in days

• License keys total

• License key serial number

• License key creation date and time

• Date and time when the license key lifetime ends

• Application version

• Names of applications

• Application suite identifier (ID)

• Application ID

• Technical support provision mode

• Name of the organization to which the license is provided

• License type

• Date when subscription expires or enters into the grace period

• Type of subscription end date

• Period (in days) when subscription user has to renew the subscription

• Web address of the subscription provider

• Current subscription state

• Reason for subscription state change

• Date and time of installation of the license key

• Date and time of expiration of the license key

• Whether the license key is installed automatically

• Number of licensed units

• Whether the license key is currently inactive (pending)

e. Set of critical updates in order of installation

f. Localized display name of the critical update

g. Localization-independent ID of the critical update

h. Set of strings that act as the device tags

i. Set of updater parameters used for retranslation of application updates

j. Relative path to the updater root index

k. Root index type

l. Whether the updater filtering is applied

m. Information about the statuses of all application components

2. Data on the Quarantine network list:

a. Unique identifier (UID) of the quarantined object

b. Status of the quarantined object

c. Time when the object was quarantined

d. Threat name passed in the assessment

e. Size of the quarantined object in bytes

f. Folder to which the object is restored

g. User in whose name the Add to Quarantine task was started

h. Information about the application that quarantined the object and about the application that made the assessment

i. Status of object processing by the application

j. Information about the method of placing the object in Quarantine

k. Quarantined object

3. Data for building Kaspersky Endpoint Agent Killchain (in the network list or in the GUI call):

a. Main data:

• Date and time of the incident

• Name of the detect

• Scan mode

• Status of the last action related to the detect

• Failure reason

• Type of the detected object

• Name of the detected object

• Status of the threat after the actions of anti-virus protection

• Reason why the actions were not performed

• Actions of  Kaspersky Endpoint Security related to the rollback of changes

o. Information about the processed object:

• UID of the process, parent process, and process file

• Windows process ID (Windows PID)

• Command line of the process

• Name of the user who started the process

• ID of the logon session in which the process was started

• Type of the session in which the process was started

• Integrity level of the processed process

• Whether the user who started the process is included in any privileged local and domain groups

• ID and full name of the processed object

• ID of the protected device

• Date and time of the event

• Full name (for a file on the hard drive) or download web address (for a file from the network)

• Hash of the processed object

• Type of the processed object

• Date the processed object was created and date it was last modified

• Size of the processed object

• Attributes of the processed object

• Authority that signed the processed object

• Result of verification of the certificate of the processed object

• Security ID (SID) of the creator of the processed object

• ZoneIdentifier parameter of the processed object

• Web address of the download of the processed object (only for a file on the hard disk)

• Name and hash of the application that downloaded the file and the application that last modified the file

• Number of runs of the processed object

• Date and time of the first run of the processed object

• UID of the file

• Path to the processed register variable

• Name, value, and type of the processed register variable

• Whether an automatic startup location exists for the processed register key

• Web address of the processed web request

• HTTP referer header of the processed web request

• User-Agent header of the processed web request

• Method of the processed web request

• Local IP address and port of the processed web request

• Remote IP address and port of the processed web request

• Connection direction of the processed web request

• ID of the process into which code was injected

4. Data on application events published in Kaspersky Security Center:

a. Data on Quarantine events:

• Object name

• Status and ID of the quarantined object

b. Data on licensing events:

• License serial number or license ID

• Code and reason of the activation error

• User name

c. Data on update events:

• Update error reason

d. Data on prevention and response events:

• PID of the processed object

• Path to the processed object

• Path to the blocked document

• OS ID

• Name and result of the IOC Scan task

• Name of the processed object

5. Results of the IOC Scan task:

a. IP address and physical address from the ARP table

b. Name and type of DNS resource record

c. IP address

d. Record ID and name of the data source in the event log

e. Name of the event log

f. User name

g. Event time

h. Hash, full name, and size of the file

i. Remote IP address and port connected at the moment of scan

j. Local adapter IP address

k. Port open on local adapter

l. Protocol as a number

m. Process name

n. Process arguments

o. Path to the process file

p. Windows PID of the process and parent process

q. Name of the user in whose name the process was initiated

r. Date and time of process start

s. Service name and description

t. Path and name of the service DLL (for svchost)

u. Path and name of the executable file of the service

v. Windows PID, type, status, and start mode of the service

w. User name

x. Volume label, letter, and type

y. Windows Registry value

z. Registry hive value

aa. Path to the registry key

bb. Registry parameter

cc. Physical address of the device

dd. Name and version of operating system

ee. Network name of the device

ff. Domain or workgroup

6. Application settings:

a. Application policy settings:

• Information about Quarantine: 

• Path to the Quarantine folder

• Whether the check of the limit on the total size of files in Quarantine is enabled 

• Maximum size of files in Quarantine

• Whether the check of the limit on the threshold of free space in Quarantine is enabled

• Threshold of free space in Quarantine

• Folder for restoring the objects

• Network isolation settings:

• Whether network isolation is enabled for the device

• Whether the custom timer disabling the network isolation is enabled

• Whether the display of the message informing the end user of the enabling of network isolation is enabled

• Time period after which network isolation must be disabled

• Network profile name

• Extended description of the network profile

• List of allow rules

• Parameters of the network isolation exclusion rule (traffic flow direction; use the protocol; network protocol ID; use the local port; local port number; use the remote port; remote port number; use the local IP address; local IP address; use the remote IP address; remote IP address; use the application that initiated the connection; path to the executable file of the application that initiated the connection)

• Tracing and dump file settings:

• Whether the tracing is enabled

• Name of the folder in which trace files must be created

• Whether the dump file creation is enabled

• Name of the folder in which the dump file must be created

• Settings of rights for management of the application and service:

• Security descriptor for rights for managing the soyuz.exe service and the application

• Self-defense and password protection settings:

• Whether the self-defense features are enabled

• Whether the password protection is enabled

• Hash sum of the password specified by the user

• Salt used for password encryption

• Settings of Kaspersky Security Network (KSN) usage:

• Whether Private Kaspersky Security Network (KPSN) is used

• Whether the user accepted the terms of the KSN Statement and the Kaspersky Managed Protection (KMP) Statement

• Whether KMP and KSN are enabled

• Settings of proxy usage:

• Whether a proxy server is used for download of application updates

• Proxy server address

• Port on which the proxy server is configured

• Proxy server authentication type

• Login and password for proxy server authentication

• Whether the proxy server is used for local addresses

• Settings of data transfer to Kaspersky Security Center:

• Whether data is transmitted in a network list to build Killchain in Kaspersky Security Center

• Whether data of quarantined objects in Kaspersky Security Center is transmitted in a network list

• Settings of use of Kaspersky Security Center as activation proxy:

• Whether Kaspersky Security Center is used as activation proxy

• Settings of prevention of the startup of applications and scripts and the opening of documents:

• Whether the prevention rules are enabled or disabled

• Whether the display of the message informing the end user of startup prevention is enabled or disabled

• Execution mode of prevention rules

• Object type (executable, script, or document) to which the rule will be applied

• Whether the hash of the object is used as a rule triggering criterion, and hash value required for triggering of the rule

• Whether the path template in the path_pattern parameter is interpreted as case-insensitive

• Settings of policy type:

• Currently used policy type (MDR, EDR, or KSB)

b. Task settings:

• IOC Scan task settings

• Whether the analysis of data on processes is enabled during the IOC Scan task

• Whether the analysis of data on executable files is enabled during the IOC Scan task

• Whether the analysis of data of Windows Registry is enabled during the IOC Scan task

• Whether the analysis of data on volumes on the device is enabled during the IOC Scan task

• Whether the analysis of data on services running on the device is enabled during the IOC Scan task

• Whether the analysis of data of Windows log is enabled during the IOC Scan task

• Whether the analysis of data of user accounts is enabled during the IOC Scan task

• Whether the analysis of data on ports is enabled during the IOC Scan task

• Whether the analysis of data of ARP entries is enabled during the IOC Scan task

• Whether the analysis of system data is enabled during the IOC Scan task

• Whether the analysis of data of DNS entries is enabled during the IOC Scan task

• Path to the folder or IOC file with the .ioc or .xml extension that you want to scan

• Whether the automatic response to the results of the IOC Scan task is enabled

• Whether a push notification must be sent to Endpoint Protection Platform (EPP) by Kaspersky Endpoint Agent to start the local task of critical areas scan on the device

• Whether network isolation must be enabled (by means of Kaspersky Endpoint Agent) on the device where the IOC was detected

• Whether the use of the predefined scan area is enabled for the RegistryItem IOC document

• Names of the Windows Registry branches to scan

• Whether the analysis of data on process memory sections is enabled during the IOC Scan task

• Whether the analysis of data on the PE headers of modules loaded to process memory is enabled during the IOC Scan task

• Whether the analysis of data on import from the PE headers of modules loaded to process memory is enabled during the IOC Scan task

• Whether the analysis of data on export from the PE headers of modules loaded to process memory is enabled during the IOC Scan task

• Whether the process scan area is limited: the full path to the executable file of the process for which data must be analyzed is specified

• Full path to the executable file of the process for which data must be analyzed

• List of names of Windows Event Log channels (logs) for which the IOC Scan task must be performed

• Whether the use of storage time of a Windows Event Log event is enabled when defining the IOC Scan task area for the corresponding IOC document

• Whether specifying the publishing date and time is available for a Windows Event Log event

• Whether the file hash calculation is enabled during the IOC Scan task

• Whether the analysis of data on sections in the PE headers of files is enabled during the IOC Scan task

• Whether the analysis of data from the PE headers of files is enabled during the IOC Scan task

• Whether the analysis of data of imported functions in the PE headers of files is enabled during the IOC Scan task

• Whether the analysis of data of exported functions in the PE headers of files is enabled during the IOC Scan task

• Whether the analysis of data on Resource-type sections in the PE headers of files is enabled during the IOC Scan task

• Whether the analysis of data from the VersionInfo resource of files is enabled during the IOC Scan task

• List of areas where Kaspersky Endpoint Agent analyzes data to check the device for compliance with the terms of the FileItem IOC document

• List of custom areas (path masks)

• Whether the data analysis is limited to the specified area

• Path to the folder with the files for which data must be analyzed

• Whether the use of exclusions from the IOC Scan task area is enabled or disabled

• List of paths of exclusions

• Settings of Quarantine:

• Full path to the file that must be placed in Quarantine, or path to the folder with the file

• Whether the deletion of the original copy of a file from disc after the file is quarantined is enabled

• Hashing algorithm to calculate the checksum of the target file

• Checksum of the target file

• Path at which the object must be restored from Quarantine

• Type of the path at which the object must be restored

• Action that must be performed by Kaspersky Endpoint Agent if a file with the same name already exists at the specified path

• Numeric and string UID of the quarantined object

• Whether the deletion of the file from Quarantine after it is restored can be enabled

• Settings of deletion of the specified object:

• Full path to the file that must be deleted [or] path to the folder(s) with the file(s) that must be deleted

• Hashing algorithm

• Checksum of the target file

• Whether the use of subfolders for the path parameter is enabled

• Settings of database and module updating:

• Type of update source

• List of custom update sources

• Whether Kaspersky update servers are used when custom sources are inaccessible

• Whether proxy settings are applied when accessing Kaspersky update servers

• Whether only the databases must be updated through the task

• Whether proxy settings are applied when accessing custom sources

• Whether only the modules must be updated through the task

• Whether the automatic downloading and applying of critical patches are enabled

• Whether the operating system is automatically restarted by means of Kaspersky Endpoint Agent

• Whether the events of new planned patches are published by Kaspersky Endpoint Agent

• Application activation settings:

• Key file

• Whether the license key is used as the reserve license key

c. Schedule settings:

• Whether the scheduled startup of the task is enabled or disabled

• Start date for the schedule that has been set

• Whether the option to stop using the schedule after the specified date is enabled or disabled

• Mode of task startup frequency

• Value for task startup frequency units

• Days of week when the task must be started

• Time of the day down to the level of seconds when the task must be started

• Whether the artificial limit of task duration is enabled

• Duration that must be assigned to the task by force

• Whether the startup of missed tasks is enabled

• Whether the randomization of task start time is enabled

• Period of task startup randomization

d. Settings of startup impersonation:

• Whether the task startup impersonation is enabled

• Login of the account under which the task must be started

• Encrypted copy of the password of the account under which the task must be started

1.5. Technical support. Kaspersky Lab will have access to and process the User Data to provide technical support service. User Data will be used only for the purpose of providing support, including purposes necessary to and consistent with providing support, such as troubleshooting recurring issues and making improvements to support and/or to the Product.

Technical support service and its rules are located at: https://support.kaspersky.com.

2. Security

2.1. Kaspersky Lab has implemented and will maintain and adhere to the following security measures for the Product, which are Kaspersky Lab’s only responsibility with respect to the security of User Data:

Organization of Information Security

1. There have been appointed one or more security officers responsible for coordinating and monitoring the security rules and procedures.

2. Personnel with access to User Data are subject to confidentiality obligations.

3. There has been performed a risk assessment before processing the User Data or launching the services.

Asset Management

4. Inventory of all assets (which User Data is stored) is maintained. Access to inventories of such media is restricted to personnel authorized to have such access.

5. User Data is classified to help identify it and to allow for access to it to be appropriately restricted.

6. It is required to obtain special authorization prior to storing User Data on portable devices, remotely accessing User Data, or processing User Data outside company facilities.

Human Resources Security

7. Kaspersky Lab informs its personnel about relevant security procedures and their respective roles.

8. Kaspersky Lab also informs its personnel of possible consequences of breaching the security rules and procedures.

9. Kaspersky Lab performs training about personal data security.

Physical and Environmental Security

10. Kaspersky Lab limits access to facilities where information systems that process User Data are located to identified authorized inpiduals:

• 7x24 security service is provided by security guards

• Perimeter access is controlled by Electronic Access Card System

• Turnstile is used with proximity card at all entrance points

• Employees must wear the Kaspersky Lab badge

• Visitors are registered and they must wear visitor badges; visitors are accompanied during their visit

• All perimeter access and secure areas are monitored with CCTV, which is monitored by the security guards

11. Kaspersky Lab maintains records of the incoming and outgoing media, including the kind of media, the authorized sender/recipients, date and time, the number of media.

12. A variety of industry standard systems to protect against loss of data due to power supply failure or line interference is used.

13. Industry standard processes to delete User Data when it is no longer needed are used.

Communications and Operations Management

14. Kaspersky Lab maintains security documents describing its security measures and the relevant procedures and responsibilities of its personnel who have access to User Data.

15. Copies of User Data and data recovery procedures are stored in a different place from where the primary computer equipment processing the User Data is located.

16. Antimalware controls to help prevent against malicious software from gaining unauthorized access to User Data, including malicious software originating from public networks, are used.

17. User Data, which is transmitted over public networks, is encrypted.

18. Kaspersky Lab logs access and use of information systems containing User Data, registering the access ID, time, authorization granted or denied, and relevant activity.

Access Control

19. Kaspersky Lab maintains and updates a record of personnel authorized to access systems that contain User Data.

20. Kaspersky Lab identifies those personnel who may grant, alter or cancel authorized access to data and resources.

21. Kaspersky Lab ensures that where more than one inpidual has access to systems containing User Data, the inpiduals have separate identifiers/log-ins.

22. Technical support personnel are only permitted to have access to User Data when needed.

23. Kaspersky Lab restricts access to User Data to only those inpiduals who require such access to perform their job function.

24. Kaspersky Lab implements role based access control.

25. Personnel have been instructed to disable administrative sessions when leaving premises controls or when computers are otherwise left unattended.

26. Passwords are stored in a way that makes them unintelligible while they are in force.

27. Kaspersky Lab uses industry standard practices to identify and authenticate users who attempt to access information systems.

28. Kaspersky Lab has established a password policy that prohibits the sharing of passwords, governs what to do if a password is disclosed, requires passwords to be changed on a regular basis and default passwords to be altered.

29. Kaspersky Lab password policy defines password complexity requirements.

30. All passwords are stored using a one-way hashing algorithm and are never transmitted unencrypted.

31. Kaspersky Lab has controls to prevent inpiduals from assuming access rights they have not been assigned to gain access to User Data they are not authorized to access.

32. Kaspersky Lab internal network channel is protected by implementing firewalls.

33. All data transfers between the Kaspersky Lab, legal, entities and partners and customers are protected with TLS/SSL protocol.

Information Security Incident Management

34. Kaspersky Lab maintains a record of security breaches with a description of the breach, the time period, the consequences of the breach, the name of the reporter, and to whom the breach was reported, and the procedure for recovering data.

Vulnerabilities Management

35. Kaspersky Lab’s information resources are regularly checked by vulnerability scanners.

Kaspersky Lab conducts penetration testing information resources and security audits.

ANNEX 2

STANDARD CONTRACTUAL CLAUSES (PROCESSORS)

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection

The User, as defined in the Data Processing Agreement (the "data exporter")

and

AO Kaspersky Lab, 39A/2 Leningradskoye Shosse, Moscow, 125212 Russian Federation (the "data importer") each a 'party'; together 'the parties',

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of inpiduals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

Clause 1

Definitions

For the purposes of the Clauses:

(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of inpiduals with regard to the processing of personal data and on the free movement of such data;

(b) ‘the data exporter’ means the controller who transfers the personal data;

(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

(d) ‘the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of inpiduals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2

Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3

Third-party beneficiary clause

1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

3. The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4

Obligations of the data exporter

The data exporter agrees and warrants:

(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

(b) that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;

(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;

(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e) that it will ensure compliance with the security measures;

(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

(g) to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i) that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

(j) that it will ensure compliance with Clause 4(a) to (i).

Clause 5

Obligations of the data importer

The data importer agrees and warrants:

(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;

(d) that it will promptly notify the data exporter about:

i. any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;

ii. any accidental or unauthorised access; and

iii. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;

(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f) at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

(h) that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;

(i) that the processing services by the sub-processor will be carried out in accordance with Clause 11;

(j) to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.

Clause 6

Liability

1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.

2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.

3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.

Clause 7

Mediation and jurisdiction

1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

(b) to refer the dispute to the courts in the Member State in which the data exporter is established.

2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8

Cooperation with supervisory authorities

1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case, the data exporter shall be entitled to take the measures foreseen in Clause 5(b).

Clause 9

Governing law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10

Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11

Sub-processing

1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor, which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement.

2. The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

3. The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.

4. The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.

Clause 12

Obligation after the termination of personal data-processing services

1. The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

2. The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.

Appendix 1 to the Standard Contractual Clauses

This Appendix forms part of the clauses and must be completed and signed by the parties.

The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.

Data exporter: The User as defined in the DPA is the data exporter.

Data importer: The data importer is AO Kaspersky Lab, 39A/2 Leningradskoye Shosse, Moscow, 125212 Russian Federation, an international developer of software security solutions and provider of the Kaspersky Security Center Cloud Console ("Product").

Data subjects: The personal data transferred concern the end users of Software, as defined in the Subsection 1 of Annex 1 in this DPA.

Categories of data: The scope and categories of data are specified in the Subsection 1 of Annex 1 in this DPA.

Special categories of data (if appropriate): The transfer of special categories of data is not anticipated.

Processing operations: The personal data transferred will be subject to the processing activities as described in the Agreement and DPA, especially in the Subsection 1 of Annex 1 in this DPA.

Appendix 2 to the Standard Contractual Clauses

Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c):

1. Technical and Organization Measures. The data importer has implemented and will maintain appropriate technical and organizational measures, internal controls, and information security routines intended to protect User Data, as defined in the Subsection 2 of the Annex 1 in this DPA, against accidental loss, destruction, or alteration; unauthorized disclosure or access; or unlawful destruction.

2. Contacts. For any questions regarding the processing of User Data, please contact Kaspersky Lab EU representative via e-mail or phone: Kaspersky Labs GmbH, Ingolstadt, Germany, info@kaspersky.de, +49 (0) 841 98 18 90.

 
 
 
 
Was this information helpful?
Yes No
Thank you
 
 
 

 
 

How can we improve this article?

Your feedback will be used for content improvement purposes only. If you need assistance, please contact technical support.

Submit Submit

Thank you for your feedback!

Your suggestions will help improve this article.

OK