Audit of technical and organisational measures (TOMs)
Every controller and every processor is obliged to guarantee a level of protection appropriate to risk by means of technical and organisational measures (TOMs).
An appropriate level of protection must be assessed on a case-by-case basis; globalised assessments are not possible.
This is where ISiCO’s interdisciplinary team brings its strengths to bear: we review your TOM in the context of your specific company and recommend the TOMs that best suit your situation.
You process particularly sensitive data? Are the data you process popular among hackers? Need to review the security in place at one of your service providers? What measures can be financed? How likely is it that the identified risk will occur? These are all relevant questions that you should ask yourself when ensuring an appropriate level of protection pursuant to Article 32 of the GDPR.
Why choose our TOMs audit?
- Advice on implementing technical and organisational measures
- Current record of all TOMs (group-wide on request)
- Review of any TOMs already implemented (potentially under former legislation)
- Support in identifying particularly risky processing activities
- Advice on selecting appropriate TOMs
- Documentation of all relevant measures
- Certificate for submission to controller
The GDPR is increasing the importance of IT security. As part of the general obligation to demonstrate compliance, a TOMs audit can act as initial proof of compliance with data protection law By avoiding notifiable data protection incidents thanks to the application of security measures, you also invest indirectly in your reputation.
Trust in the expertise of our interdisciplinary team of data protection and IT experts and allow us to help you put in place the protective measures you need.