The JOUO TOMs

for GDPR and NIS2

Here you can find out which extensions we are currently working on for JOUO

What are TOMs?

TOM = Technical and Organisational Measures

  • TOMs list all the precautions that a company takes to ensure the security of personal data
  • In the case of your website, this includes precautions taken by your own company, but also those of your service providers (e.g. your web hosting provider).
  • Documenting the TOMs is mandatory for GDPR. NIS2 classified companies and companies that work with NIS2 companies are also obliged to create TOMs.

In JOUO, you can quickly and easily generate your TOMs and export them as a PDF for your documentation.

  • Vivid explanation

    • What does the JOUO TOM include?

    Eine Liste aller Maßnahmen als PDF zum herunterladen

    The second part consists of a checklist to document the technical and organisational measures.

    You will be guided step by step through the minimum of topics that you should complete.

    You only need to complete this configuration once when you first set it up. After that, you simply maintain your measures - in other words, your workload is minimal after the initial entry.

    Unfortunately, the security vulnerabilities of your trading and supply partners can also become your own vulnerability. NIS2-affected companies in particular are obliged to ensure the security of their supply chain. With JOUO, you will soon gain insight into website compliance and thus the security of your partners.

    What makes JOUO TOMs unique?

    Eine Liste aller Maßnahmen als PDF zum herunterladen

    Unfortunately, the security vulnerabilities of your trading and supply partners can also become your own vulnerability. NIS2-affected companies in particular are obliged to ensure the security of their supply chain. With JOUO, you will soon gain insight into website compliance and thus the security of your partners.

    We help you with what you need to document

    Sometimes it's not so easy to keep track of what you ultimately need to document the TOMs for.

    Ultimately, it depends on which service providers you use, i.e. technical services such as web hosting, server infrastructure or maintenance - all of which store your customers' or your company's data.

    Through our security audit, we can give you a list of your service providers for which you need to document the TOMs. You can then use JOUO to track how complete your documentation currently is, so you always have an overview.

    Unfortunately, the security vulnerabilities of your trading and supply partners can also become your own vulnerability. NIS2-affected companies in particular are obliged to ensure the security of their supply chain. With JOUO, you will soon gain insight into website compliance and thus the security of your partners.

    A PDF for download

    It may happen that, for example, business partners or data protection authorities request your TOMs. Then you can easily go to JOUO and have your TOMs generated and downloaded as a PDF for sharing with third parties. With JOUO, you always have your TOMs at your fingertips.

    Checked by our lawyer

    To create the TOMs, we used official and publicly available templates that were checked by our lawyer. The legal conformity of the generated PDFs has also been checked. So you can trust our content without any problems.

    How do I create a TOM in JOUO?

    1. First, your website must be registered in JOUO and your first security audit must have been completed
       
    2. You can then click on TOM Documentation in the navigation bar to create new documentation for your website. You can then document the measures per service provider and per location in this documentation. You will be guided through the documentation step by step.
       
    3. Finally, you can generate a joint PDF from your documented measures for a report that you can download.

    All your details are saved automatically. You do not have to actively save your data and can therefore interrupt the TOM at any time and continue working on it at another time.

    How much do JOUO TOMs cost?

    Basic + TOMs

    for monitoring one website
    + one PDF per month

    €90

    monthly

    • all the benefits of the Basic subscription

    • create and edit TOMs at any time

    • generate a PDF once a month

    • download PDFs at any time

    As a registered user, you can extend your Basic subscription with the Basic + TOMs subscription.

    This gives you all the functions of the Basic subscription and you can also generate one JOUO TOM PDF per month.

    You can create and edit new documentation at any time, but you can only generate a related PDF once a month. You can download the generated PDFs at any time and as often as you like.

    And all for just €50 more than the Basic subscription!

    What does GDPR and NIS2 mean?

    GDPR

    This is the EU's ‘General Data Protection Regulation’, which every EU member state has implemented. Sometimes you will also find the German term Datenschutz Grundverordnung (DSGVO).

    Germany

    The GDPR is implemented in Germany by the Federal Data Protection Act (BDSG) and the state data protection laws. JOUO covers both: GDPR and BDSG.

    Swiss

    The nDSG (‘new Data Protection Act’) differs from the European General Data Protection Regulation (GDPR) primarily in that private controllers can be fined up to CHF 250,000. The EU law does not provide for fines for private individuals. JOUO also covers the nDSG.

    NIS2

    The NIS2 Directive (Network and Information Security Directive) obliges the member states of the European Union to adopt a national cyber security strategy. With NIS2, mandatory security measures and reporting obligations in the event of security incidents apply to companies and organisations of medium size and above from 18 defined sectors. Service providers and suppliers of affected organisations are also obliged, even if they are based outside the EU, if they are active in the EU.