Login
Try Demo
🎁 NEW: AI insights & action suggestions.
Discover what’s new

Technical and organizational measures (TOM)

Confidentiality

  • Physical Access Control: Protection against unauthorized entry to data processing facilities through chip keys and electronic door openers, locked doors and windows
  • System Access Control: Protection against unauthorized system use through passwords (including corresponding policy), automatic lock mechanisms, two-factor authentication, encryption of storage media
  • Data Access Control: No unauthorized reading, copying, modification, or removal within the system, e.g., standard authorization profiles on a “need-to-know” basis, a standard process for granting permissions, logging of access, and periodic review of granted permissions, especially for administrative user accounts
  • Pseudonymization: Wherever feasible for a given data processing activity, primary identifiers in personal data are removed within the respective application and stored separately.

Integrity

  • Transmission Control: No unauthorized reading, copying, modification, or removal during electronic transmission or transport through encryption
  • Input Control: Identification of whether and by whom personal data was entered, modified, or deleted in data processing systems, through logging and document management

Availability and Resilience

  • Availability Control: Protection against accidental or malicious destruction or loss through backup strategies, antivirus software, firewall, alert channels, and emergency plans; security checks at the infrastructure and application level, a multi-tier backup concept with encrypted off-site storage in an alternative data center, and standard processes for when staff change roles or leave the organization
  • Rapid Recoverability
  • Retention and Deletion Periods: Applicable both to the data itself and to metadata such as log files

Procedures for Regular Review, Assessment, and Evaluation

  • Data protection management, including regular employee training
  • Incident response management
  • Privacy-friendly default settings
  • Contract Control: No commissioned processing within the meaning of Art. 28 GDPR without corresponding instructions from the Controller, ensured by clear contractual arrangements, formalized contract management, rigorous selection of the Processor (ISO certification, ISMS), obligation to conduct due diligence in advance, and subsequent audits
Login
Demo testen
Stimmungsbarometer
Use Cases
Kunden
Preise
Resources
Über uns

Kannst du es auch schon hören?

Login
Test demo
Mood barometer
Use Cases
Customers
Pricing
Resources
About us

Can you hear it already?

Curious now?

How about a personal tour of teamecho? Just book an appointment. Our feedback experts are happy to help.

Arrange a demo now

Neugierig geworden?

Wie wär’s mit einer persönlichen Tour durch teamecho? Buch dir gleich einen Termin. Unsere Feedback-Expert*innen freuen sich auf ein Gespräch mit dir.