✅ Data protection organisation
(user and rights management, responsibilities, risk status, implementation status, evaluations, checklists, tickets, task overview, audits, error lists, appointments, reports, guidelines, manuals, concepts, objectives, training and further training, deletion concepts, PDCA cycles, confidentiality agreements, document control)
✅Register of processing activities (VVT)
(Responsibility, description, legality, purposes, purpose limitation, deletion rules, forwarding, data and person categories, DSFA threshold value analysis, systems used and security of processing, processing status, status of order processing, risk status, TOM, checks, deadlines, tasks, tickets, numerous templates and templates, link to external documents, report/export to PDF, DOCX, XLSX, HTML, ...)
✅ Data protection impact assessment (DPIA)
(Description, delimitation, purposes, information diagram, network diagram, requirement modules, affected warranty objectives, individual requirements with risks and effects, TOM, description of the effect, probabilities of occurrence, risk matrices with and without TOM, residual risk, open measures, deadlines, tickets, reviews, DPO statement, PDCA cycles, link to external documents, report/export to PDF, DOCX, XLSX, HTML, ...)
✅ Data Protection Officer (DPO)
(Appointment and proof of notification, proof of expertise, conflicts of interest, statements, training and consultations, time recording, minutes of meetings, correspondence with authorities and affected persons, deadline tracking, audit logs with error lists and processing statuses)
✅ Data subjects
(Recording complaints and exercising rights, documentation of identifications, information, corrections, deletions, objections, transfer requests, logging and tracking of deadlines, communication with data subjects, consent management)
✅ Data breaches
(Documentation, notification to supervisory authorities, communication with data subjects, remedial measures, proof of effectiveness, tickets, deadlines, tasks)
✅ Order processing
(Documentation of order processing contracts, audit criteria for processors, audit criteria for order processing contracts, regular reviews, tickets, deadlines, tasks)
✅BSI Grundschutz
(Concepts and planning, guidelines, directives, responsibilities, delimitations, business processes, resources, structural analysis, determination of protection requirements, modelling, risk analysis, continuous improvement (PDCA), audit plans, audit results, defect lists with processing statuses)
✅ISO 27001
(Concepts and planning, guidelines, policies, responsibilities, demarcations, assets and resources, risk analysis, protection needs analysis, SOAs, risk treatment, continuous improvement (PDCA), audit plans, audit results, defect lists with processing statuses)
✅Technical systems
(Name and description, risk status, vulnerability check, list of assets, associated DSMS processing activities)
✅Target object groups
(List of technical systems, risk status, associated ISMS business processes)
✅CveCheckups
(Checking all assets in the asset database against new CVE data records and notifying the check group, relevance check)
✅Vulnerabilities
(Vulnerability management for assets, delegation of treatment status to associated technical systems, processing activities (DSMS) and business processes (ISMS), tracking of vulnerability treatment status, report and management review, tickets, tasks, deadlines, PDCA cycles)
(c) 2024 Haiko Buchholz