The JOUO TOMs

for GDPR and NIS2

Here you can find out which extensions we are currently working on for JOUO

TOM = Technical and Organisational Measures

  • TOMs list all the precautions that a company takes to ensure the security of personal data

  • In the case of your website, this includes precautions taken by your own company, but also those of your service providers (e.g. your web hosting provider).

  • Documenting the TOMs is mandatory for GDPR. NIS2 classified companies and companies that work with NIS2 companies are also obliged to create TOMs.

In JOUO, you can quickly and easily generate your TOMs and export them as a PDF for your documentation.

What does the JOUO TOM include?

Your JOUO TOM consists of two parts...

List of all measures

The second part consists of a checklist to document the technical and organisational measures.

You will be guided step by step through the minimum of topics that you should complete.

You only need to complete this configuration once when you first set it up. After that, you simply maintain your measures - in other words, your workload is minimal after the initial entry.

Unfortunately, the security vulnerabilities of your trading and supply partners can also become your own vulnerability. NIS2-affected companies in particular are obliged to ensure the security of their supply chain. With JOUO, you will soon gain insight into website compliance and thus the security of your partners.

Unfortunately, the security vulnerabilities of your trading and supply partners can also become your own vulnerability. NIS2-affected companies in particular are obliged to ensure the security of their supply chain. With JOUO, you will soon gain insight into website compliance and thus the security of your partners.

Automatic list of all vulnerabilities

You can choose to include an automatically generated list of all vulnerabilities identified by JOUO on your website in the TOMs.

This includes the following content, which you can also see in your JOUO account:

  • Vulnerabilities (CVEs)
  • Server information (IP addresses and open ports)
  • DNS data

If you need to respond to a request from the data protection officer or your legal department, for example, you can use this function to export your vulnerabilities as a PDF.

Commenting on technical weaknesses

It is also very important for the TOMs to regularly comment on the technical weaknesses identified: what are you/your company doing to rectify them?

You can easily record this in the JOUO TOMs.

What makes JOUO TOMs unique?

Our offer is unique in that we can automatically generate a list of your vulnerabilities using the JOUO Audit - a task that can often take days. This list not only contains all the detailed technical data, but is also clearly presented in a PDF for you to export.

Checked by our lawyer

To create the TOMs, we used official and publicly available templates that were checked by our lawyer. The legal conformity of the generated PDFs has also been checked. So you can trust our content without any problems.

How do I create a TOM in JOUO?

  1. Firstly, your website must be registered in JOUO and your first security audit must have been completed.

  2. You can then click on TOMs in the navigation bar to start a new TOM. You can select the server providers and locations for which you want to document the measures and will then be guided through the documentation step by step.

  3. Finally, you can generate a joint PDF from your documented measures, which you can download.

How much do JOUO TOMs cost?

Basic + TOMs

for monitoring one website
+ one PDF per month

€90

monthly

  • all the benefits of the Basic subscription

  • create and edit TOMs at any time

  • generate a PDF once a month

  • download PDFs at any time

As a registered user, you can extend your Basic subscription with the Basic + TOMs subscription.

This gives you all the functions of the Basic subscription and you can also generate one JOUO TOM PDF per month.

You can create and edit new documentation at any time, but you can only generate a related PDF once a month. You can download the generated PDFs at any time and as often as you like.

And all for just €30 more than the Basic subscription!

What does GDPR and NIS2 mean?

GDPR

This is the EU's ‘General Data Protection Regulation’, which every EU member state has implemented. Sometimes you will also find the German term Datenschutz Grundverordnung (DSGVO).

Germany

The GDPR is implemented in Germany by the Federal Data Protection Act (BDSG) and the state data protection laws. JOUO covers both: GDPR and BDSG.

Swiss

The nDSG (‘new Data Protection Act’) differs from the European General Data Protection Regulation (GDPR) primarily in that private controllers can be fined up to CHF 250,000. The EU law does not provide for fines for private individuals. JOUO also covers the nDSG.

NIS2

The NIS2 Directive (Network and Information Security Directive) obliges the member states of the European Union to adopt a national cyber security strategy. With NIS2, mandatory security measures and reporting obligations in the event of security incidents apply to companies and organisations of medium size and above from 18 defined sectors. Service providers and suppliers of affected organisations are also obliged, even if they are based outside the EU, if they are active in the EU.