Systems and services involved

The documentation of the technical systems used is an essential part of the data protection and security requirements. These systems are significantly involved in the processing of personal data and must therefore be documented in a comprehensible manner.

In addition, the Art. 32 GDPRthat companies take appropriate technical and organisational measures (TOM) to protect personal data. In order to plan and implement these measures effectively, it is first necessary to identify the technical systems involved and their security risks.

Systematic recording of the IT landscape makes this possible, recognise potential risks at an early stage and derive suitable protective measures. This is particularly important in connection with vulnerability management and risk assessment: Which systems are affected? What security gaps exist? Have these already been dealt with or are there acute risks?

Anyva supports companies in documenting the technical systems used in detail. In addition to a complete list of systems and assets, Anyva provides a risk assessment that is dynamically derived from the analysis of existing vulnerabilities. This not only minimises the Legal obligation to provide evidence The new system not only fulfils the requirements of the IT security standard, but also creates a sound basis for decision-making for the improvement of IT security.

Beteiligte Systeme
Systems and services used for processing

Example of a participating system: Web server

All deployed assets are recorded. The risk status shown in colour is determined based on the existing, treated or untreated vulnerabilities for the assets. The highest risk in each case is transferred to the processing activitiesof which this system is a part.


Beteiligtes System
System involved: Web server

Example of an asset: Fritz! Box

The asset is managed in the "Asset Management" module. If you use your own asset management system, these assets can be displayed here.

 

Asset
Asset: Fritz! Box

CVE search terms
The Anyva CVE Service downloads all new assets from the MITRE CVE database every hour and checks whether there are any potential new vulnerabilities for its own assets. If this is the case, the "notification group" is informed.

Search terms can be linked with AND, OR or NOT. An AI model is used to reduce the number of FALSE POSITIVES.

 

CVE Suchbegriffe
CVE search terms

(c) 2024 Haiko Buchholz