The JOUO TOMs
for data protection laws
Here you can find out which extensions we are currently working on for JOUO
What are TOMs?
TOMs = Technical and Organisational Measures
- TOMs list all the precautions that a company takes to ensure the security of personal data.
- In the case of your website, this includes precautions taken by your own company, but also those of your service providers (e.g. your web hosting provider).
- Documenting the TOMs is mandatory for GDPR, for example. The TOMs are also relevant for other data protection laws such as NIS2, the BDSG and nDSG.
In JOUO, you can quickly and easily generate your TOMs and export them as a PDF for your documentation.
Visualised explanation
Then as now
Back in the Middle Ages, just like today, protective measures had to be taken...
The treasures
gold, treasures, supplies, inhabitants
data, business secrets, IT systems, hardware
The protective measures
The dangers
robbers, spies, wars, sieges
hackers, malicious or negligent employees, natural disasters
The protection of personal data
Today, personal data must be protected, especially according to the GDPR.
For this reason, the measures that ensure this protection must be documented. These include...
... technical measures such as:
- passwords
- key cards
- video surveillance
... organizational measures such as:
- employee training
- authorization concepts
- data protection audits
What is in the JOUO TOMs included?
A list of all measures as a PDF for download
The JOUO TOMs consists of a checklist to document your technical and organisational measures.
You will be guided step by step through the minimum of topics that you should complete.
You only need to complete this configuration one time when you first set it up. After that, you simply maintain your measures - in other words, your workload is minimal after the initial entry.
Unfortunately, the security vulnerabilities of your trading and supply partners can also become your own vulnerability. NIS2-affected companies in particular are obliged to ensure the security of their supply chain. With JOUO, you will soon gain insight into website compliance and thus the security of your partners.
What makes JOUO TOMs unique?
Unfortunately, the security vulnerabilities of your trading and supply partners can also become your own vulnerability. NIS2-affected companies in particular are obliged to ensure the security of their supply chain. With JOUO, you will soon gain insight into website compliance and thus the security of your partners.
We help you with what you need to document
Sometimes it's not so easy to keep track of what you ultimately need to document the TOMs for.
Ultimately, it depends on which service providers you use, i.e. technical services such as web hosting, server infrastructure or maintenance - all of which store your customers' or your company's data.
Through our security audit, we can give you a list of your service providers for which you need to document the TOMs. You can then use JOUO to track how complete your documentation currently is, so you always have an overview.
Duplicate TOMs and save time
When you have finished a TOM, you can duplicate it and use it as a template for a new TOM so that you don't have to enter everything again and again. This can save you a lot of time and concentration!
Unfortunately, the security vulnerabilities of your trading and supply partners can also become your own vulnerability. NIS2-affected companies in particular are obliged to ensure the security of their supply chain. With JOUO, you will soon gain insight into website compliance and thus the security of your partners.
A PDF for download
It may happen that, for example, business partners or data protection authorities request your TOMs. Then you can easily go to JOUO and have your TOMs generated and downloaded as a PDF for sharing with third parties. With JOUO, you always have your TOMs at your fingertips.
Infrastructure Documentation
You can export an Infrastructure Documentation for each TOM.
As soon as you create a TOM, a PDF is automatically generated that you can download, which contains all the data on your website infrastructure that JOUO found in the security audit. This includes IP addresses, security vulnerabilities, DNS data and more.
Unfortunately, the security vulnerabilities of your trading and supply partners can also become your own vulnerability. NIS2-affected companies in particular are obliged to ensure the security of their supply chain. With JOUO, you will soon gain insight into website compliance and thus the security of your partners.
A PDF for download
Zu jedem TOM kannst du eine Infrastruktur Dokumentation exportieren lassen.
It may happen that, for example, business partners or data protection authorities request your TOMs. Then you can easily go to JOUO and have your TOMs generated and downloaded as a PDF for sharing with third parties. With JOUO, you always have your TOMs at your fingertips.
Checked by our lawyer
To create the TOMs, we used official and publicly available templates that were checked by our lawyer. The legal conformity of the generated PDFs has also been checked. So you can trust our content without any problems.
How do I create a TOM in JOUO?
- First, your website must be registered in JOUO and your first security audit must have been completed.
- You can then click on TOM Documentation in the navigation bar to create new documentation for your website. Thereafter, you can document the measures per service provider and per location in this documentation. You will be guided through the documentation step by step.
- Finally, you can generate a joint PDF from your documented measures for a report that you can download.
All your details are saved automatically. You do not have to actively save your data and can therefore interrupt the TOM at any time and continue working on it at another time.
How much do JOUO TOMs cost?
Basic + TOMs
for monitoring + documenting one website
€ 90
monthly
-
all the benefits of the Basic subscription
-
create and edit TOMs at any time
-
receive automated infrastructure docs
-
download PDFs at any time
As a registered user, you can extend your Basic subscription with the TOMs.
This gives you all the functions of the Basic subscription and you can also create and export JOUO TOMs.
You can create and edit new documentation at any time as well as generate related PDFs and download them at any time and as often as you like.
The TOMs extension also includes the Infrastructure Documentation.
And all for just €50 more than the Basic subscription!
What does GDPR and NIS2 mean?
GDPR
This is the EU's ‘General Data Protection Regulation’, which every EU member state has implemented. Sometimes you will also find the German term Datenschutz Grundverordnung (DSGVO).
Germany
The GDPR is implemented in Germany by the Federal Data Protection Act (BDSG) and the state data protection laws. JOUO covers both: GDPR and BDSG.
Swiss
The nDSG (‘new Data Protection Act’) differs from the European General Data Protection Regulation (GDPR) primarily in that individuals can be fined up to CHF 250,000. The EU law does not provide for fines for individuals. JOUO also covers the nDSG.
NIS2
The NIS2 Directive (Network and Information Security Directive) obliges the member states of the European Union to adopt a national cyber security strategy. With NIS2, mandatory security measures and reporting obligations in the event of security incidents apply to companies and organisations of medium size and above from 18 defined sectors. Service providers and suppliers of affected organisations are also obliged, even if they are based outside the EU, if they are active in the EU.