Manage technical and organisational measures (TOMs)

Data protection and data security are directly related. One way of analysing the data security of an organisation is to look at the technical and organisational data security measures that have been implemented.

Background

According to Article 32 GDPR, the controller must take appropriate protection measures:

"Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:"

In concrete terms, this means that the data security in the organisation must be analysed and suitable technical and organisational measures must be taken in order to implement data security in practice.

According to Art. 32, the implementation of data security includes the following measures, among others:

  • the use of pseudonymisation of personal data
  • the use of encryption in the storage and transmission of personal data
  • the use of state-of-the-art technical security measures
  • the sensitisation of employees on the subject of data security


In the current version of the Robin Data software, the analysis can be performed along predefined, industry-specific checkpoints in relation to the technical and organisational measures taken by the organisation.

Manage technical and organisational measures (TOMs)

  1. In the main menu, click on Data security: A dropdown menu will open.
  2. In the dropdown menu, click on Technical-organisational measures (TOM): The table view will open.
The general functionality of the table view is described in the article Using the table view.


In the table view, you can see the overview of the TOMs that have already been created.

Import technical and organisational measures (TOMs)

  1. In the main menu, click on Data security: A dropdown menu will open.
  2. In the dropdown menu, click on Technical-organisational measures (TOM): The table view will open.
  3. Click on the button +Technical-organisational measures (TOM): A slider will open.
  4. Mark the checkboxes of the TOMs you want to import.
  5. Click on Import: The TOMs will be imported.

Data areas in the slider


Import technical and organisational measures (TOMs)

Click to enlarge the image

The slider has the following data areas:

  • Industry: Select the industry that applies to your company from over 350 available industries 
  • Category: Select the category that applies to the TOM you are looking for from the available categories to filter the table
  • Search: Use the search to look for TOMs from your company
  • Table: 
    • Checkboxes: In the table, you will find a checkbox in the first column that allows you to select TOMs
    • Title: In the column "Title" you will find the TOMs
  • Show all / Show non-existent: If you have already imported TOMs, you can you can hide the already imported TOMs from the table by toggling the button to "Show non-existent"
  • Import: By clicking on "Import", the TOMs selected via the checkboxes in the table are transferred to your data protection documentation.

You are a Robin Data client and you are missing a TOM in our database?

Robin Data will create missing TOMs on request for clients. In this case, please contact us via support@robin-data.io and briefly describe the missing Technical-Organisational Measure.

Create technical and organisational measures (TOMs)

  1. In the main menu, click on Data security: A dropdown menu will open.
  2. In the dropdown menu, click on Technical-organisational measures (TOM): The table view will open.
  3. Click on the button +Technical-organisational measures (TOM): A slider will open.
  4. In the slider, click on the button +Technical-organisational measures (TOM): A quick start input mask will open in which the title can be recorded.
    Zwischenfenster-toms-EN
  5. Fill out the fields of the quick start input mask.
  6. Click on Edit: An input mask will open.
  7. Fill out the input fields in the input mask.
  8. Click on Save: The TOM will be created.

Note

If you select Without edit in the quick start window, the TOM will be saved in the table view without any further details, and can be edited at a later time. 

Data areas of the input maskcreate TOM

Click to enlarge the image

The left form area has the following data areas:

  • Document ID: Assign a document ID to the processing activity, the use of document IDs serves the system-wide unique marking and identification of documents (more information on the help page "Documented Information").
  • Data area specification: In this area you will find the checkpoint of the TOM and information about the measure of the TOM. 

Data area: Specification

This data area has the following form fields:

  • Check question: Enter a review question for this TOM
  • Category: Enter a protection goal to which this TOM is assigned
  • Services used: Specify a service that is used in this TOM
  • Risk assesment: Assess the risk of this TOM to data security
  • Description of measures: Describe the actions you have taken to implement this TOM

The right form area has the following data areas:

  • Status Tab: In this tab it is possible to manage the status of a document and to store notes about the erasure class.
  • Governance Tab: The Governance Tab is equally available in several documents in the Robin Data software. It offers the possibility to record various basic parameters for the respective document. a more detailed explanation can be found in the article Manage Governance Content.
  • Activity Tab: This tab displays all the activities associated with your record. To create an activity, click the Create Activity button in the upper right corner. This will open a new input form, for a more detailed explanation please refer to the article Activity Manager.
  • Attachments tab: In this tab you can add related documents by clicking the Add Attachment button.
  • External Links Tab: In this tab you can link related information using the Add external link button.

Data area: Status & Release

In this data area it is possible to manage the status of a document and to map the release procedure of the document.

  • A TOM is usually created by one person, for example the employee of a specialist department
  • In addition to this person, another person should check whether this TOM is appropriate. This could be the data protection officer, for example
  • At the end of the chain, the TOM must be officially released. This can be done, for example, by the supervisor

This data area has the following form fields:

  • Status: Indicate the current processing status of the TOM
  • Created by: Indicate the person who created this TOM
  • Created on: Enter the date on which the creation of this TOM was completed
  • Tested by: Enter the person who reviewed this TOM
  • Tested on: Enter the date on which the review of this TOM was completed
  • Release of: Enter the person who released this TOM
  • Released on: Enter the date this TOM was released for use
  • Notes: Make notes about the TOM.

Whitepaper with checklist, samples, templates and examples as PDF

Cover-EloPage-WhitePaper-TOMs

In the whitepaper on Technical Organisational Measures you will find:

  • 43 examples for TOMs divided into confidentiality, integrity and other categories
  • 12 ready-made examples for your data protection documentation
  • Examples of technical AND organisational measures
  • Checklist to tick off the TOMs for your company
  • References to background information and relevant legal basis

For only 9,00 Euro*

* All prices plus statutory value added tax

Get the whitepaper now

Further questions? - We are here for you.

If you have any questions about the software, please contact our support team. You can reach us at support@robin-data.io.