The R2C_SECURITY consists of two modules: information security (ISMS) and data protection to implement the demands of the EU General Data Protection Regulation. You can choose one of the modules or take both together. As both modules are fully integrated, you can use the risks and the actions together.
The information security module is part of our R2C_SECURITY software solution, with which you can professionally organise and document your information security management (ISMS).
The documentation of the ISMS lays the foundation stone for checking your information management. The ISMS status report provides information at any time about the condition and the progress of your ISMS.
The information security module provides support in all phases of the process – from selection of the standard up to an organisation ready for certification.
The information security module offers you the opportunity to determine the critical nature and the need for protection of your processes and assets with regard to the targets to be protected. Critical and non-critical processes and assets can be determined and documented. In this way, you can analyse which assets are essential for important processes
With the information security module you can assess information security risks, store risk management strategies and allocate security measures. Threat and vulnerability catalogues will support you in the risk analysis.
Scoping can be performed quickly and straightforwardly by allocating ISMS catalogues to principals. Irrelevant management areas can be deactivated, giving reasons if binding standards apply. The areas of application determined in this way are available to you in internal and external audits as well as for self-checks.
In developing the modules, we place great value on consistent, intuitive and efficient operation. This means you will be able to administer even large amounts of data easily. Those users who do not use the application much will nonetheless find their way around quite easily and have a low entry threshold.
With the passing of the EU General Data Protection Regulation (abbreviated to EU-GDPR) at the latest, it has become clear that data protection is an important part of corporate governance and good company management.
The EU General Data Protection Regulation puts data protection within the European Union on a uniform legal basis. It must be implemented by 25th May 2018, otherwise steep fines of up to 20 million euros or 4% of world-wide annual turnover may be payable. In Chapter 4 the EU-GDPR demands that an index of processing activities be set up, along with the carrying out of impact assessments for data protection, insofar as the rights and freedoms of individual persons are at a high level of risk. In addition, suitable technical and organisational measures to ensure an appropriate level of protection should be taken. This all demonstrates that data protection is not a one-off process, but an ongoing task that can be resolved with the data protection module.
The index of processing activities is a central component of the EU-GDPR. For the index, essential information is required about the purposes of the process, the categories of people affected, personal data and periods set for the deletion of the various categories of data, both those made by recipients and those provided. The data protection module offers the option of recording the data in a structured and convenient way.
The module will support you in deciding on the need to carry out a data protection impact assessment. This can be created both for a single and for several processing activities at the same time . The information required will be requested in the input mask in a structured manner.
With our software solution, you can collect and assess the data protection risks, as well as storing technical and organisational measures (TOMs). These measures are then assessed and followed up.
The “Index of processing activities“ supplies all the information required by EU-GDPR and can be made available on request to the supervisory authority. The index can be prepared both from the viewpoint of a controller and from the viewpoint of a processor.
The report “Data protection impact assessment” supplies all the information required by the EU-GDPR and can be used, for example, as part of a consultation with the supervisory authority.