Help Center
News
Help Center
News
Sign in
Document
Documents & PoliciesQuestionnairesControls & Technical and Organizational Measures (TOMs)Report ExplorerAsset RegisterFrameworksRecord of Processing Activities (ROPA)Exporting your ROPAVendorsImpact Assessments (IA)Legitimate Interest DocumentationsMeetings & ActivitiesRetentions & Deletions PeriodsData Collection Point (DCP)Add documents to vendors
DPIA
Assessments
ROPA
Assets
International Standards & Frameworks
TOMs & Controls
Categories & Attributes
Data Collection Points
Legal Basis
Legitimate Interest
Documents & Policies
Retention & Deletion
Data Flow
Vendors
Questionnaires
Manage
Process Risk OverviewData Flow Map
Dashboards
AI Assistance & Automation
Projects
Tasks
Meetings & Activities
Workflows & Automations
Reporting
React & Resolve
TasksProjectsIncidents & BreachesData Subject Requests
Risk Scenarios & Treatments
Incidents & Breaches
Release Notes
Q2 2026
Q1 2026
Q4 2025
Q3 2025
Q2 2025
Q1 2025
Q4 2024
Q3 2024
Q2 2024
Q1 2024
Q4 2023
Q3 2023
Q2 2023
Q1 2023
Q4 2022
Q3 2022
Getting Started
Quickstart GuideQuestionnairesTasksProcess Risk OverviewIT SettingsFrameworksThe Information Security / Asset Risk ModelData Subject RequestsDownloading an elementLegitimate Interest DocumentationsAssigning Audiences to ElementsDocuments & PoliciesControls & Technical and Organizational Measures (TOMs)General SettingsCreating attributes that fit your industryDocument list for onboardingThe Data Protection Risk ModelIncidents & BreachesProjectsManaging audiencesAdd documents to vendorsHow to answer an assessment/questionnaireSetting up the first organization or companyData Collection Point (DCP)Use AI to create elementsSetting Risk models in General SettingsSharing ElementsHow can a user change the language?Data Flow MapRecord of Processing Activities (ROPA)Time MachineCreate and evaluate assessments Company Widget FeatureAsset RegisterVendorsImpact Assessments (IA)Creating organizational unitsExporting your ROPAMeetings & ActivitiesTerms for legitimate processingRetentions & Deletions PeriodsHow to create a new user and how to change the password for loginReport ExplorerMaturity modelAdding risk scenarios to assets or asset groupsRelevant Risk SzenariosPriverion GRC Platform overviewDocument list for onboardingHow can a user change the language?Setting up the first organization or companyCreating attributes that fit your industry
User account
Sharing & Group functions
Features
How-To Guides & Tips
Get Help
Legal
Settings
General Settings
Compliance settings
Identity and access management
IT Settings
Risk Settings

IT Settings

IT Settings is the central configuration hub for your DPMS platform — the place where IT Administrators, DPOs, and SuperAdmins come to enable AI assistance, configure file-scanning rules, manage user provisioning, and keep multilingual content up to date. Getting these settings right is a prerequisite for many of the platform's most important features.

The IT Settings area is where the technical foundations of your DPMS are laid. Without the right configuration here, AI helper buttons remain greyed out across every form, file uploads go unscanned, automated workflow emails fail to send, and users provisioned through an external identity provider cannot log in. Think of IT Settings as the engine room: most users never need to visit it, but the people who do — IT Administrators, Data Protection Officers, System Managers, and SuperAdmins — need to understand it well, because their choices here ripple across the entire platform.

How to open it

Click IT Settings in the main left-hand sidebar of DPMS. The sidebar expands to reveal a vertical sub-menu listing every available configuration section. Click any section name to open it in the content area on the right.

Access to individual sections is permission-controlled. You need the IT Settings – AI read permission to view the AI and AI Credentials pages, and the corresponding edit permission to make changes. Anti-Malware has its own read and edit permissions. The Development Language, Auto-translations Job, and External Migration sections are restricted to users with the SuperAdmin role — anyone else who navigates there will see an "Access Denied" page.

What you see

When you arrive at any IT Settings section, the screen splits into two zones. On the left, a narrow panel labelled IT SETTINGS lists every sub-section as a clickable link; the currently active section is highlighted. Some sections, such as AI, expand to reveal sub-items (for example, "AI" and "AI Credentials") indented beneath them.

The rest of the screen is taken up by a settings card — a clean read-only summary of the current configuration for that section, with an Edit button in its top-right corner. Above the card, a breadcrumb bar shows where you are: "IT Settings" on the left, a separator, and the current section name highlighted in blue.

Next to the section name in the breadcrumb you will see two small chevron arrows (‹ and ›). These let you step forward or backward through the IT Settings sections in order, without having to return to the sub-menu. If you are already on the first or last section, the corresponding chevron is greyed out.

The Edit button on each card opens the configuration form for that section. If your role does not include the edit permission for that section, the button appears greyed out and hovering over it shows a tooltip explaining why it is disabled.

Working with this screen

Setting up your AI assistant for the first time

Before any AI features become visible to your colleagues, two things must be in place: valid provider credentials, and the AI autocomplete feature switched on. It is easiest to do these in order.

Step 1 — Enter your provider credentials.
In the left-hand menu, click AI, then click the AI Credentials sub-item that appears beneath it. On the view page, click Edit.

You will see a form with an AI Provider dropdown at the top. Open it and select your provider — for example, Anthropic, OpenAI, or Google. The form immediately updates to show the fields specific to that provider.

For most providers, the most important field is the API key. When you open this form for the first time the field is empty; type or paste your key. (If you have previously saved a key, you will see a masked preview like sk-***** — only click into the field if you intend to replace it, because clicking clears the mask and puts the field into entry mode.)

Next, open the Default Model dropdown and choose the model your organisation wants to use. As soon as you select a model, two useful pieces of information appear just below the dropdown: the model's Context Window (how many tokens it can process in one go) and its Max Output (the maximum length of its response). Larger context windows handle longer documents but may be slower.

Finally, make sure the Activated toggle is switched on. A credential set that is saved but not activated will not be used — the AI buttons across the platform stay disabled. Once everything looks correct, click Save.

Step 2 — Enable AI autocomplete and choose your industry.
Now click AI in the left-hand menu (the parent item, not AI Credentials). Click Edit. You will see a toggle for the AI feature. Switch it on. An Industry dropdown immediately appears — this tells the AI which sector your organisation operates in (for example, healthcare, finance, or retail) so that it frames its suggestions in the right context. Select your industry and click Save.

From this point, AI helper buttons will appear on forms throughout DPMS — on Records of Processing Activities, Vendor entries, Assets, Risk Scenarios, and more.

Configuring the anti-malware file scanner

The anti-malware scanner inspects files when users upload them to DPMS. You control which file types are scanned and what happens to an infected file.

In the left-hand menu, click Virus Scanner. The view page shows the current configuration: which extensions are scanned, and whether infected files are deleted or quarantined. To make changes, click Edit.

The form presents two mutually exclusive choices: Delete infected files and Quarantine infected files. Enabling one automatically disables the other — there is no in-between state. Choose "Delete" if infected files should be removed immediately; choose "Quarantine" if you want an opportunity to review them first.

Below these toggles is a Show anti-malware icon switch. When this is on, a small visual badge appears next to files that have been scanned, reassuring users that the file has passed the check.

The File extensions multi-select is where you define exactly which file types trigger a scan. A default set of common formats is pre-populated. To add a custom format — say, .csv — type the extension into the field and select the new option that appears. Custom extensions must be between 1 and 255 characters and cannot duplicate an entry that already exists in the list.

Click Save when done. The new settings take effect immediately for all subsequent uploads.

Running auto-translations to keep multilingual content current (SuperAdmin)

If your DPMS instance serves users in multiple languages, the auto-translation feature ensures that records created in one language are also available in the others. This section is visible only to SuperAdmins.

In the left-hand menu, click Auto-translations. The view page shows a summary card. Click Edit to open the full translation job manager.

You will see a table listing every element type in the system — Vendors, Risk Scenarios, Assets, and so on — along with how many records exist, how many are missing translations, and the current job status for each. Status icons give you an at-a-glance picture: a grey circle means the job has not run yet, a spinning blue icon means it is currently in progress, and a green tick means all records are fully translated.

To translate everything at once, click Autotranslate all. If you only need to update specific element types, check the boxes next to those rows first — the button label updates to show how many are selected (for example, Autotranslate 2 selected). Click the button to kick off the job.

Once triggered, the button greys out and the table begins refreshing automatically every five seconds. Watch the Status column — rows will move from "Open" through "In Progress" to "No Missing" as the jobs complete. Polling stops on its own once all triggered jobs are finished.

If you only need to update a single element type, you can also use the small Autotranslate button in that row, without selecting anything.

Preparing a data migration (SuperAdmin only)

The External Migration section is a specialised tool for SuperAdmins who need to migrate data from an external system into DPMS. It should only be used during a planned, supervised migration exercise.

Navigate to IT Settings → External Migration. Click Edit to open the migration configuration form.

Start by using the Responsible User search dropdown to find and assign the person who will be accountable for the migration. Type a partial email address and the dropdown will show matching users.

Next, apply regulations to your company list. Select the relevant regulations (for example, GDPR and UK GDPR) in the global regulations dropdown and click Apply to all. This pre-populates every company row in the table below with those regulations. You can still adjust individual rows afterwards.

When you are ready to begin the migration itself, click Activate in the Migration Mode panel. This switches the system into a mode where duplicate records are automatically renamed rather than rejected, preventing validation failures during import.

The Migration User panel manages a special service account (migration@priverion.dev). If the account does not yet exist, enter a password of at least eight characters and click Create User. Once created, the panel turns green to confirm the account is active.

Work through the company table and click Updated for each company to initialise its baseline data with the selected regulations. Note that this action cannot be undone from the UI — only click it when you are certain.

After the migration is complete, return to the edit form, click Deactivate to end migration mode, and click Delete User to remove the service account.

Field reference

AI Provider — Select your AI provider from the dropdown. The form fields below it change dynamically based on your selection. Switching providers after entering credentials will clear those credentials.

API Key / Credential fields — The secret key used to authenticate with your chosen AI provider. Displayed as a masked preview (abc***) if a value is already saved. Click the field only if you intend to overwrite the existing key — clicking clears the preview and activates password-entry mode.

Default Model — The AI model DPMS will use for all AI-assisted actions. Choosing a model displays its Context Window and Max Output token limits below the dropdown. Larger context windows handle longer documents; higher max output allows longer AI responses.

Activated (AI Credentials) — Must be switched on for the credential set to be used. Credentials saved with this toggle off are stored but inactive; AI features across the platform remain disabled.

AI Auto-complete toggle — Enables or disables the AI helper buttons that appear on object forms throughout DPMS. Requires a valid active credential set to have any effect.

Industry — Appears only when the AI Auto-complete toggle is on. Select the sector that best describes your organisation. This shapes how the AI frames its suggestions. Required — you cannot save with this field blank.

Delete infected files / Quarantine infected files — Mutually exclusive toggles. Choose one to determine what happens when the anti-malware engine finds a problem. Delete removes the file immediately; Quarantine holds it for review.

Show anti-malware icon — When on, a small badge is shown next to scanned files. Off by default.

File extensions — A multi-select list of file types to scan. Type a custom extension to add it; extensions must be 1–255 characters and cannot duplicate an existing entry.

How this connects to the rest of DPMS

What you configure in IT Settings quietly governs a great deal of what everyone else in the platform experiences.

The AI credentials and settings you save here determine whether the AI helper button is available on every ROPA entry, Vendor record, Asset, TOM, Incident, DPIA, and more. The context window size you choose affects how much of a document the AI can read at once. The industry setting shapes the relevance of every AI suggestion across all those forms.

The Anti-Malware settings protect every file upload in the platform — evidence attachments, policy documents, supporting files on any record type. The extensions list and the delete/quarantine choice apply globally.

The Auto-translations job manager keeps multilingual deployments consistent. Without regular runs, records created in one language may appear blank or untranslated when viewed in another language.

The Email Logs section (accessible via the left-hand menu) shows a history of notification emails sent by workflow automations. Each log entry that relates to a workflow contains a direct link that takes you straight into the Workflow Editor for that workflow — making IT Settings a convenient jumping-off point when you need to troubleshoot a notification that did not arrive.

IAM settings (SAML, OAuth, Microsoft Entra ID, SCIM) govern how users are created and removed from the platform automatically. If SCIM or Entra ID provisioning stops working, this is where you come to investigate.

After finishing your configuration in any section, it is worth navigating to a record elsewhere in DPMS to verify the result — for example, open a ROPA entry to confirm the AI button is now active, or attempt to upload a test file to confirm anti-malware scanning is running.

Tips & common pitfalls

Heads up: You must select an Industry before you can save the AI settings. If you enable the AI Auto-complete toggle and leave the Industry dropdown empty, a red validation message will block the save. Even if you plan to revisit the industry choice later, select a placeholder value now.
Heads up: Saving AI credentials with the Activated toggle switched off means those credentials are stored but completely idle. AI helper buttons across the entire platform will remain greyed out. After saving, check the view page to confirm the Status row shows the credentials as active.
  • Credential masking is not the saved value. When you open the AI Credentials edit form, masked values like sk-***** are just placeholders that indicate a value is saved. Do not click the field unless you want to replace it — clicking immediately clears the mask.
  • Delete and Quarantine cannot both be off. The Anti-Malware form enforces that exactly one option is selected at all times. Enabling one automatically disables the other. There is no way to save the form with neither option active.
Heads up: The Development Language toggle is intended exclusively for development and testing environments. Enabling it switches all UI labels to raw translation keys for every user at your company. If this is left on in a live environment, it will cause significant confusion for all users. If you see unfamiliar text strings appearing in the interface (such as MENU.ROPA instead of "Records of Processing Activities"), check this setting first.
  • Auto-translation polling is page-specific. The status table only refreshes while you are on the Auto-translations edit page. If you navigate away and return, polling will restart if jobs are still running — but the status shown on the view page may be stale until you open the edit page again.
  • External Migration's "Updated" button is irreversible from the UI. Initialising a company's baseline data via the company table cannot be undone through the interface. Only proceed when you are certain, and coordinate with your migration team before clicking.


Was this article helpful?

English
Powered by Product Fruits