As an organisation, you must be able to demonstrate - with the right questions and documents - that you have taken adequate, organisational and technical measures in accordance with legislation and regulations. As an organisation, you must at all times be able to comply with the reversed burden of proof (file creation), including recording responsibility & accountability. Collect logs, perform audits and report. The (EU) Privacy legislation requires it!
This means that there is no standard package of organisational & technical measures that you have to comply with. Moreover, security is a continuous process (plan, do, check, act). You must continue to monitor whether the security measures taken are still adequate.
The privacy legislation requires, among other things, appropriate technical and/or organisational measures. You, as a company, must take these measures, but you must also guarantee them. What if you have already taken these measures in another context - from the point of view of certification or your company's objectives? CompLions also offers a solution in this case.
Demo or request a quote?
With GRCcontrol you anticipate current risks and take appropriate safety measures.
For audit planning including automatic and periodic audits, as well as registration of external audits and registration and handling of improvement tasks.
Comes with various standard reports with the possibility to build your own reports.
For management, specialists and employees, up-to-date insight into your compliance (per organization (part), standard, process, means), risks, incidents and (internal/external) audit findings.
Numerous standards frameworks including best-practice measures mapping, numerous risks/threats set(s) including best-practice measures mapping, examples of questionnaires and registers, reporting and dashboarding.
2-factor authentication on login and encrypted traffic for secure communication and data storage in a certified data centre.
Management system for granting authorisations.
Access control based on individuals and functions including AD linking capabilities.
For recording the execution of successive activities.
For recording and distribution of documentation and burden of proof. Includes expiration dates and e-mail notification.
NL, UK, FR and GE
Access control based on individuals, roles and functions including AD/FD linking capabilities.
Incident management, including registration and handling by means of protocols (work processes) that can be set up entirely according to your own working method.