Creating TOMs
Types of TOMs
Technical Measures involve using technology to protect data, such as:
- Encryption: Securing data in transit and at rest.
- Access Controls: Limiting data access to authorized personnel only.
- Regular Software Updates: Keeping systems up-to-date to protect against vulnerabilities.
- Network Security: Using firewalls, intrusion detection systems, and other tools to protect against cyber threats.
Organizational Measures involve policies and procedures within the organization, such as:
- Data Protection Policies: Establishing rules and guidelines for handling personal data.
- Employee Training: Educating staff about data protection and security practices.
- Incident Response Plans: Preparing procedures for responding to data breaches.
- Data Minimization: Collecting only the data necessary for a specific purpose and retaining it only for as long as needed.
Overview page
The TOMs overview provides an initial glance at the protection goals and policies found in both the draft folder and the active folder.
In the TOMs overview, we differentiate between Draft and Active. Initially, TOMs are placed in the Draft section and are not yet considered "valid." Subsequently, the responsible person can use the "Set Active" button to move them to the Active section, making them officially part of the TOMs list.
Protection Goals Listing: On the left-hand side, protection goals are listed. These goals form the basis of the TOMs that are assigned to them. You can find a comprehensive catalogue of TOMs to choose from.
Once active, they can be formally declared to third parties.
Detail view page
When you click on a policy, a window will open providing you with additional information about the policy. This includes the associated protection goals and it's subcategory, the TOMs owner, its status, and a detailed TOMs description.
How to create TOMs
Import via the catalog
1. On the menu bar on the left-hand side, go to "TOMs".
2. Click on "Catalog".
3. Go through the catalogue and select the TOMs that apply to your organization.
4. You can also filter by protection goal or Technical or organisational measure. Furthermore, you can search by name in the search field.
5. Click "Set to active".
Once this step is done, the TOMs show up in the βActiveβ overview.
How to create TOMs β manually
1. Click on "Add measure".
2. Fill out the form with the required information:
- Name of the measure,
- Protection goal,
- Measure Type
- a status to create individual policies
- Category (protection goal)
- Subcategory of protection goal
- Providing a description is optional
Exporting TOMs
You can export the data from the detail view of TOMs dashboard for external use, such as audits or internal reviews. Follow these steps to export:
1. In the TOMs dashboard, click on the Export button at the top right.
2. You can choose between pdf and excel format as downlaod.
3. The file is downloaded and available instantly