Skip to main content
Metasoul Docs
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Metasoul Docs
  2. /
  3. Metasoul Business
  4. /
  5. Technical and organizational measures (TOM)

Technical and organizational measures (TOM)

How can I manage my technical and organizational measures (TOM) in Metasoul?

In the Metasoul module “Technical & Organizational Measures”, the technical and organizational measures implemented in the company to protect personal data can be documented, tracked, and managed.

While technical and organizational measures can be defined individually, Metasoul already provides predefined TOMs that can match the respective processes within the company.

Home page of the “Technical & Organizational Measures” featuring a table with multiple entries.

On what basis does Metasoul suggest technical and organizational measures to me?

The GDPR requires that personal data be adequately protected in relation to processing based on the associated risks through technical and organizational measures.

This means there are no clear rules on when to apply which technical and organizational measures (TOMs); instead, it is always to be decided individually in the context of the respective company which measures are appropriate.

Metasoul aims to create technical and organizational measures based on various details in the company profile and other completed questionnaires that are, based on experience, suitable for the respective situation and align with common industry standards.

Many companies with less experience in properly assessing the implementation of appropriate technical and organizational measures can adopt the suggestions from Metasoul to establish a solid and highly likely appropriate foundation for protecting personal data.

How can I create new technical or organizational measures in Metasoul?

Technical and organizational measures (TOMs) can be created in the module “Technical & Organizational Measures” by selecting the option “Add Measure.”

Two options are available: “Add Custom Measure” and “Add from Template.”

The main page titled “Technical & Organizational Measures (TOMs)” features the option “Add Measure” in the top right corner, with the sub-options “Add Custom Measure” and “Add from Template.” In the center of the page, a list of the measures already created is displayed.

If the template option is chosen, an overview opens where measures from the TOM templates provided by Metasoul can be selected.

A window that provides a list of predefined technical and organizational measures to be selected as templates.

If “Add Custom Measure” is chosen, a window opens where relevant information for the custom-created technical or organizational measure can be entered.

The menu “Create New Measure” with the input fields “Measure,” “Description,” “Type,” “Security Objectives,” “Implementation Level,” and “Create Measure.” The first two fields are text fields, while the remaining fields are single-answer fields, except for the “Security Objectives” field.

In general, it is recommended to primarily use the Metasoul templates.

All selected or custom-created TOMs will be displayed in the TOM overview.

How can I delete a technical or organizational measure?

In the module “Technical & Organizational Measures”, next to each entry, there is a “trash bin” icon through which the respective technical or organizational measure can be deleted.

Home page of the “Technical & Organizational Measures” featuring a table with multiple entries.

Do I have to implement all technical and organizational measures that are suggested to me?

According to the GDPR, it is the responsibility of the controller to choose and implement appropriate technical and organizational measures. The technical and organizational measures suggested by Metasoul are based on experience and established industry practices.

This means that the controller is free to decide whether to adopt the suggestions from Metasoul and which measures to implement. In case of doubt, the Metasoul suggestions provide a good starting point. Alternatively, an expert can be consulted for advice in the specific situation.

How do I know which technical and organizational measures I need?

The GDPR requires that personal data be adequately protected in relation to processing based on the associated risks through technical and organizational measures.

This means there are no clear rules on when to apply which technical and organizational measures (TOMs); instead, it must always be decided individually in the context of the respective company which measures are appropriate.

The technical and organizational measures suggested by Metasoul can serve as a good foundation, and consulting with data privacy experts may also be helpful in case of doubt.

How can I document the level of implementation of a technical or organizational measure?

In the module “Technical & Organizational Measures”, there is a column “Implementation Level” for each TOM entry. Here, the user can choose between “Not Implemented,” “Partially Implemented,” and “Fully Implemented” to document the implementation status for each TOM.

Home page of the “Technical & Organizational Measures” featuring a table with multiple entries.

How do the different TOM groupings differ, and which one should I use?

In the module “Technical & Organizational Measures”, the documented technical and organizational measures can be grouped either by “Type” or by “Security Objective.”

Home page of the “Technical & Organizational Measures” featuring a table with multiple entries.

If the grouping “Type” is selected, the TOMs are divided into technical and organizational measures.

If the grouping “Security Objectives” is selected, the TOMs are divided into the following groups:

  • Confidentiality
  • Integrity
  • Availability
  • Regular review, assessment, and evaluation

The choice of grouping is not relevant from a data protection perspective but rather a matter of preference. What is important is that the correct, appropriate technical and organizational measures have been selected and implemented.

How can I export my technical and organizational measures (TOMs)?

In the Metasoul module “Technical & Organizational Measures”, the “Export Measures” button is located in the top menu.

Home page of the module “Technical & Organizational Measures” with the “Export Measures” option marked in the top right corner.

When the button is pressed, a window opens where the export format can be selected. Important: The export only includes technical and organizational measures that are fully implemented. Optionally, it can be selected in the “Export” window to include measures that are partially implemented as well.

The export can be initiated via the “Export Measures” button.

A window titled “Export Measures” with the options “CSV,” “Cancel,” and “Export Measures.”

How can I embed my technical and organizational measures on a website?

Work is currently underway to provide technical and organizational measures in a structured format for display on websites via HTML, JavaScript, or iFrame. The feature will be available soon.