One place to gather the documentation for your Privacy and Information Security programs. From the Record of Processing Activities with a process based risk view to the Asset Register with an asset based risks view you are covered from all angles.
Manage your Privacy and Information Security operations by triggering reviews and audits as well as creating risk reports based on standards or organizational units (such as departments).
React to incidence, check notification requirements or simply create tasks and projects to keep your Privacy and Information Security programs on track. Create corrective actions for standard related improvements
The ROPA contains a detailed documentation of all processes within your company that use personal data. It aggregates all necessary legal information such as the purpose of processing as well as the legal basis for processing. Through intelligent linking to deletion and retention periods and your system landscape, you always know which deletion and retention periods apply to each system and who is reponsible.
International Standards such as ISO27001, NIST or Cloud Security Standard are the basis for most InfoSec programs. Using the international standards module allows you to create all standard specific required elements such as the Statement of Applicability.
DPIAs are necessary to evaluate the processing of specific data in a high risk context. These evaluations are necessary under many different laws, such as the GPDR or state law in the US. If you are planning to process sensitive or special categories of data you will likely need to conduct a DPIA.
This register supports the information security officer and risk owners in determining the asset based risks. Using scenario based approaches and a damage and likelihood based approach the high risk assets can be identified. Easily create your risk mitigation plan on the basis of your asset risks.
Create individual reports on the fly. Do you want to create a report with high risk vendors or open tasks? Using search and filter functionalities you can create your individual report to answer the specific question you might have. Standardized compliance reports supplement the individual reports.
Create individual reports on the fly. Do you want to create a report with high risk vendors or open tasks? Using search and filter functionalities you can create your individual report to provide you with a custom overview over the state of your data protection organisation. Standardized compliance reports supplement the individual reports.
Documenting meetings and any relevant activities is an important task in privacy compliance. As the burden of proof in most cases is on the organization, keeping a record of any privacy related activities will support your defense. The meetings & activities modules allows you to create the relevant records on the fly.
Documenting meetings and all relevant activities is an important task in privacy compliance. As the burden of proof in most cases is on the organization, keeping a record of all privacy related activities will support you in showing that appropriate controls are in place. The meetings & activities module allows you to create the relevant records on the fly.
Version tracking and communicating your internal policies is important in implementing a efficient privacy management system. Using the policy module you can track new versions of documents and determine how well your organization is informed about each policy.
IT Security Policies such as the BYOD Policy are important measures for Information Security. Using the Policy module the Information Security Officers can track the distribution of Policies within the organization, keep track of changes and update as required.
Automated decision making and artifical intelligence are becoming more and more important. Creating a sound documentation on these technologies and their effects on data subjects is paramount in complying with new regulations such as the AI Act.
Keeping track of the information security measures for your automated decision making processes and artificial intelligence technologies allows your organization to pass external assessments. The more attention your AI technologies receive, the more stakeholders will seek documentation on its security and privacy compliance.
TOM are how your organization implements legal and regulatory requirements. Regular reviews and up to date documentation lets you keep track of the maturity and implementation level of your TOM. Using this information, reporting to the board is based on newest information and provides an up to date representation.
After evaluating the risks for an organization’s assets TOM are implemented to reduce the identified risk. Linking TOM to risk szenarios and monitoring the implementation state on each assets makes sure that no gaps are missed.
Assessments are an important pillar of your privacy program. Assessments can be conducted internally on specific elements such as a ROPA or externally for example on vendors. Using our best practice templates or your own customized assessments we support the automatization of your yearly reviews.
Assessing the maturity Level of your information security can be challenging. Using an assessment based approach to evaluate maturity levels supports you by automating most of the work for you. Automatically sending reminders and keeping track of deadlines enables a manageable InfoSec program.
Privacy risk in supply chains is becoming more and more important. Having insights into your vendors privacy posture as well as the hidden sub-processors helps your organization understand and monitor their risks and apply appropriate controls through Data Processing Agreements and assessments.
Any data flowing in or out of your organization is a potential risk. Keeping track of the data flows and applying the right measures to your vendors is crucial for your information security. From your external law office to your external development partner. Every interface is important for your information security and should be regularly monitored.
Keeping track of an organizations retention and deletion periods is an important task. By creating organization wide retention and deletion periods and applying these to your processes and assets the operationalization for your IT admins becomes much easier.
To comply with information requirements an organization must keep track of all interfaces from which personal data flows into the organization. These so called Data Collection Points are linked to Privacy Notices and automatically inform the responsible Person if a Privacy Notice is changed. This way you can be sure that your information requirements are fulfilled.
The Privacy Center allows any organization to publish their Privacy and InfoSec information on one central page. This increases the sales cycles as customers can easily check compliance documentation. Additionally, data subject requests are directed through standardized best practice forms.
As an organization you might use your legitimate interests as basis to process personal data. For this it is essential to document the interests of the affected persons and balance these against your organizations interests. Using the Legitimate Interests module you can do this in a structured way and ensure that you have all required information.
The ROPA documents all processes within your company that use personal data. It aggregates all necessary legal information such as the purpose of processing as well as the legal basis for processing. Through intelligent linking to deletion and retention periods and your system landscape, you always know which deletion and retention periods apply to each system (on prem and in the cloud).
Most international standards in information security take an asset based view on risk. Using risk szenarios the threat to your assets are identified. Afterwards based on your risk model, the likelihoods and damages of the risk szenario by assets are defined. Using technical and organizational measures these risks can then be continously reduced.
With our overview of all privacy topics, actions that Need to be taken and risks that have been assigned you are able to audit your current privacy state with the click of a button and identify areas in which further action is required.
Depending on the applicable standards, regular information security audits are necessary. For example the internal audits according to ISO27001. Using the InfoSec audit module, standard specific or cutomized audits can be carried out in a fast and efficient manner.
Each Vendor has their own specific risk profile. Using various different risk dimensions, the data protection or privacy officer can take a birds eye view on each vendor’s privacy maturity. From regulatory to technical and organizational controls. Risk stems from a low maturity level of the necessary controls.
Depending on the criticallity of your vendor, the information security officers can decide on the level of maturity which is needed for a control. The vendor risk overview gives you a direct understanding of the vendor’s information security posture.
Manage your data subject requests and create cases, track progress and deadlines. Create one form for all requests and dynamically assign workflows depending on the applicable laws.
Mitigate identified risks in information security by creating corrective actions to reduce likelihood or damage of non-conformities. Document decisions taken by management on whether to carry out the proposed measures.
Handling incidents according to country specific requirements is challenging. Using the Priverion incident management process allows you to cover all necessary information and notification obligations in one place. These steps are necessary under applicable laws, such as the GPDR or state law in the United States. If you are planning to process sensitive or special categories of data preparing for this process becomes even more crucial. Being prepared is the only way to handle incidents when they arise. We provide all necessary processes so you are ready when the case arises.
Record, classify and mitigate incidents. From initial evaluation to reporting and notification requirements to data protection authorities or data subjects. The guided process supports information security officers and data protection officers in carrying out the required steps in accordance with best practices.
Create, manage and assign tasks in your organization. Track progress and automatically remind the users of deadlines. Determine workload of tasks to monitor the workload of your privacy program and to plan your resources accordingly.
Create, manage and assign information security tasks in your organization. Track progress and automatically remind the users of deadlines. Determine workload of tasks to monitor the workload of your Infosec program.
Considering implementing a new CRM or starting to implement an international privacy standard? Create a project and break down the work into tasks. Conduct gap assessments before getting started, so you know what tasks have to be done and who will carry these out.
Regularly occuring tasks can be bundled to reoccuring projects which re-create themselves each year. With this functionality you can put your internal reviews on autopilot.
Group Management supports the standardization of data protection and information security topics.
Standardize your approach and gain insights into the maturity of your organizations within your corporate group.
Create shared services with one source of documentation.
Each organization can download shared services and use its documentation within their own organization. Customize the general documentation for your country specific needs.
Connect your Azure Active Directory and immediatly give access to your employees,assign tasks and create momentum for your projects.
We offer servers in Switzerland and as well as in Germany and other locations. From hyperscalers as well as local providers.
Analyze a DPA within a minute and receive advice and recommendations on changes.Directly send your feedback to the vendor to enable fast implemetation.
One point of contact for all privacy and information security related information and requests.
Load retention and deletion periods of over 150 countries. No more searching for deletion and retention periods in laws and regulations.
No more manual creation of vendors. Load up to date vendor information from our database and receive automatic updates should changes occur.
Need to implement a new policy? Download templates and drafts from our library to get started fast.
Most organizations have standard processes such as HR employee files or email systems. Download these processing activties as templates from our library giving you time to focus on the more complex topics.
