QSEC® meets the requirements of an integrated data protection management system and information security management system (DIMS). The EU GDPR is already implemented in the following QSEC® modules:
- Compliance: the EU GDPR is already integrated in our compliance module as a separate catalog with all chapters and the corresponding questions for maturity assessment. In addition to the established ISO standards (ISO / IEC 27001 et seq., 27019 etc.), all necessary valuations according to the GDPR can be carried out.
- Information Assets – capturing of methods (business processes) and personal data (information). The information security classification criteria (confidentiality, integrity, availability) now also include data protection relevance. Additional necessary assessments (additional attributes) such as i.e. affected or responsibles, recipient, third countries, deletion deadlines, privacy by design, privacy by default, impact analysis, data processing, data processor, approvals etc. can also be captured.
- Risk Management – risk assessment of all (IT) assets storing personal data.
- Measure Management – assessment, capturing and implementation of TOMs (Technical and Organisational Measures).
- Document Management – capturing and administration of contract management as required by the EU GDPR (processing contracts etc.). The contracts are linked to the respective methods (business processes). The standard criteria for contract valuation are customisable at any time.
- Security Incident – Capturing of all data privacy incidents. A security incident that includes privacy data, is classified and reported as a data privacy incident.
- Master Data – Capturing of the organisational structure, defining of scopes and all responsibilities.
- Reports – QSEC® provides all reports, that are required for your data protection. Multiple reports are generated directly from within the respective modules via an excel export.
With this integrated approach, the requirements of information security and data protection meet simultaneously without significant additional expenses.