Help Center
News
Help Center
News
Getting Started
Compliance Settings
IT Settings
Risk Settings
Modules
Document
Documents & PoliciesAssessmentsControls & Technical and Organizational Measures (TOMs)Report ExplorerAsset RegisterInternational StandardsRecord of Processing Activities (ROPA)Exporting your ROPAVendorsData Protection Impact Assessments (DPIA)Legitimate Interest DocumentationsMeetings & ActivitiesRetentions & Deletions PeriodsData Collection Point (DCP)Add documents to vendors
Manage
React & Resolve
Sharing & Group functions
Assessments
Features
How-To Guides & Tips
Get Help
Release Notes

Controls & Technical and Organizational Measures (TOMs)

Overview

Controls and technical and organizational measures (TOMs) are any measures taken to protect personal data at the information security level. Generally, you will add TOMs in connection with your assets, which support and enable the processing. We recommend following the Asset Register guide first if you haven't already done so.

On this page, all your Controls and TOMs are subdivided into All, Active, Draft, Inactive, and Review. Click on an existing TOM to edit it or the Create button to create a new one.

Creating a new TOM

As with every element, you can create the TOM manually or download a shared one from the organization. This guide focuses on manual creation. To learn more about downloading elements, read the corresponding guide. You also have the option to import externally stored TOMs.

Manually Creating a TOM

  • Click on Create and select Create TOM.
  • Assign a responsible person and set the status.
  • Name the TOM.
  • Choose the type: it can be either a Technical or Organizational Measure.
  • Classification is a freely selectable attribute used for organizational purposes. Attributes can be created on the fly by typing the name into the field and selecting it.
  • Provide a detailed description of the measure.
  • Assign the TOM to a specific domain.
  • Select the applicable standard.
  • Click Save to finalize.

Editing a TOM

Click on an existing TOM to edit it.

General

On the General tab, you will find all the general information on the TOM that was provided when it was created. You can edit this information by clicking on the Edit button.

As with most elements, you may write notes by clicking the Notes button on the right or manage its Access and Sharing by clicking the three horizontal dots in the top right corner.

Click on the blue menu icon at the top left to expand or minimize the menu.

Documents

Uploading certain documents on the TOM may be necessary for documentation purposes. These can be documents of all kinds. Examples could be a firewall configuration or an updated internal data protection policy version. Since the TOMs are very different from each other, the documents you upload will also be various. Just remember that documentation is a vital part of data protection compliance.

Risk Scenarios

Risk scenarios are devised for various elements, such as assets. These risks are, in turn, addressed by implementing certain TOMs. With every TOM, you can link Risk Scenarios. This way, whenever you link Risk Scenarios to an asset, the system will recommend the TOMs linked to that Risk Scenario.

  • Click the Add button to link the risk scenarios to which the TOM applies. 
  • You may choose a Risk Scenario from the library or create a new one.
  • Click on Add to list.

Assets

You will find all the assets linked to the TOM in the Assets tab. Click on an asset to view detailed information.

  • See the TOM, the asset, or the asset group on which it is implemented, along with the risk scenarios it addresses.
  • Select or change the implementor.
  • Add tasks related to the asset.

ROPA

On the ROPA tab, you will find all your linked ROPAs. Click on one. 

  • You can see then the connection between the implemented TOM, ROPA, and mitigated risk scenarios. 
  • Select the Implementor.
  • Add tasks.

Tasks

The tasks linked to the TOM are on the Tasks tab. To link a Task to the TOM you are managing, choose one from the library with the Add button or create a new one by clicking the Create button. To learn more, follow the steps in the Tasks guide.

Assessments

Regarding implementing your TOMs, linking or conducting an assessment may be helpful. The questionnaires on the ISO27000 standards may be especially relevant.

If you have already created assessments, click the Add button and choose the ones you want to link. Otherwise, you may create new ones by clicking the Create button. Follow the guide on Assessments to learn more.

 

Was this article helpful?

English
Powered by Product Fruits