TOM Check - Trigonum - Managementsysteme für Informationssicherheit und Datenschutz auf Basis Mircosoft 365

TOM Check

Transparent – Structured – Secure
With Trigonum's TOM Check, you get a transparent overview of the implemented Technical and Organizational Measures (TOMs) and the level of protection in your company.

Companies that collect, process, or use personal data are required to take technical and organizational measures (TOMs) and adequately document them to ensure that data processing complies with the requirements of the GDPR and that the security of personal data processing is maintained. Measures from the various areas outlined below must be taken as long as their cost is proportionate to the intended protection purpose. Additionally, the TOMs must be documented by the data controllers in a record of processing activities.

As experienced data protection and ISO 27001 auditors, we support you in reviewing your TOMs, adjusting them if necessary, and developing appropriate measures for your company if required. Initially, a status analysis (audit) of the technical and organizational measures you have implemented is conducted. We evaluate the measures in terms of compliance with legal and regulatory requirements for data protection. Another aspect is verifying the security level of your service providers. For this purpose, we have developed a TOM Check based on GDPR, ISO 27001, and TISAX information. Furthermore, we identify areas for improvement and work with you to develop measures to address vulnerabilities where necessary.

Protect your customers', employees', and partners' data by ensuring the effectiveness of your technical and organizational measures today. Trigonum is your experienced partner in achieving this goal.

Companies that collect, process, or use personal data are required to take technical and organizational measures (TOMs) and adequately document them to ensure that data processing complies with the requirements of the GDPR and that the security of personal data processing is maintained. Measures from the various areas outlined below must be taken as long as their cost is proportionate to the intended protection purpose. Additionally, the TOMs must be documented by the data controllers in a record of processing activities.

As experienced data protection and ISO 27001 auditors, we support you in reviewing your TOMs, adjusting them if necessary, and developing appropriate measures for your company if required. Initially, a status analysis (audit) of the technical and organizational measures you have implemented is conducted. We evaluate the measures in terms of compliance with legal and regulatory requirements for data protection. Another aspect is verifying the security level of your service providers. For this purpose, we have developed a TOM Check based on GDPR, ISO 27001, and TISAX information. Furthermore, we identify areas for improvement and work with you to develop measures to address vulnerabilities where necessary.

Protect your customers', employees', and partners' data by ensuring the effectiveness of your technical and organizational measures today. Trigonum is your experienced partner in achieving this goal.

Our Services

  • Support in conducting a status analysis to review TOMs
  • Review of the security level of service providers
  • Independent and objective auditing
  • On-site or remote audits
  • Development of specific recommendations for action
  • Creation of solution concepts
  • Support in documenting TOMs within an ISO 27001 and GDPR-compliant documentation framework

What We Offer

Tailored Solutions

Since every company faces different requirements and challenges, we work with you to develop tailored solutions. In doing so, your individual needs and ideas are at the center of our focus. Our solutions meet the legal requirements for data protection and information security, are customer-oriented, and take into account various conditions while adhering to high-quality standards. Thanks to our extensive practical experience, we can adapt to your company’s specific situation and work together to create tailored solutions.

Transparent Results Report with Specific Recommendations for Action

As a result of your data protection status assessment, we provide you with a clear and comprehensive report on the state of data protection in your company. This report ensures transparency and serves as a basis for further steps toward building a professional data protection management system. The report summarizes the audit results and organizes them according to data protection processes. Trigonum uses a “traffic light” reporting system to indicate which processes still need improvement and which requirements have already been well implemented. In addition, Trigonum provides you with individual recommendations for implementing data protection in your company and measures to establish a Data Protection Management System (DSMS). Upon request, we can also assist with implementing these recommendations and actions.

Extensive Experience

Our consultants have extensive practical, leadership, and project experience in data protection, information security, organizational development, and business processes across various industries, including SMEs and large corporations. Our team consolidates decades of knowledge and experience in implementing data protection requirements, as well as in establishing, operating, and continuously improving data protection management systems. Our broad range of proven methods, procedures, and solutions ensures a holistic approach to addressing challenges and helps prevent errors.

Greater Security with Certified and Qualified Consultants

For your safety and compliance, our consultants hold a variety of certifications from reputable organizations such as TÜV Rheinland, TÜV Nord, DEKRA, the Data Protection Certification Company (DSZ), and the Federal Office for Information Security (BSI). They are qualified data protection officers, data protection auditors (DSZ), ISO 27001 Lead Auditors, ISO 27001 Audit Team Leaders from BSI, IT Baseline Protection Auditors (BSI), ISO 20000 Auditors, and IT Security Officers, ensuring greater security for your company.

Personal Consultation at Eye Level

Together with you, we develop practical, tailored solutions for your company through open and personal exchanges at eye level. Our goal is to take your wishes, ideas, and requirements into account in the individual solutions we create.

Location Hamburg – Nationwide and International Presence

Trigonum GmbH is based in Hamburg but operates nationwide and internationally. Depending on your needs and preferences, we provide consultations either on-site or remotely.

TOM Check – What Are the Benefits?

  • Transparency over TOMs and compliance with GDPR legal requirements
  • Ensuring an adequate security level within the company and with service providers
  • Transparency regarding deviations and necessary actions
  • Specific recommendations for action to ensure the required security level
  • Flexibility through personal consultation and auditing on-site or remotely

TOM Check – What Are the Benefits?

  • Transparency over TOMs and compliance with GDPR legal requirements
  • Ensuring an adequate security level within the company and with service providers
  • Transparency regarding deviations and necessary actions
  • Specific recommendations for action to ensure the required security level
  • Flexibility through personal consultation and auditing on-site or remotely

More on This Topic

  • Status Determination Process
  • Our structured status determination process consists of four steps:

    1. Defining the Scope
      The initial consultation with you is used to agree on the goals, standards to be assessed, and the scope of the status analysis. During this exchange, we determine which companies (in a corporate context), which departments, and which IT systems and applications should be audited. The points of contact and audit participants are also defined.
    2. Preparing for On-Site or Remote Audits
      For audit preparation, we compile the necessary checklists and determine the interview partners. These checklists serve as guidelines for conversations and for systematically documenting the status. They help structure the audit and support document review.
    3. Conducting the Status Determination
      The status determination is carried out through interviews based on the checklists. Together with the interview partners, the current status of data protection is evaluated and compared with the requirements of the standards. Additionally, document audits are conducted.
    4. Creating the Report
      Based on the audits, a report is created that identifies deviations, highlights risks and necessary actions, and provides concrete recommendations for improvement measures. The report includes a combination of traffic light reports and detailed component and action summaries, providing the client with a clear overview of the current data protection status.
  • Transparent Report
  • Following the status determination, we provide you with a clear and comprehensive report on the state of data protection in your company. This report ensures transparency and serves as the foundation for further steps in developing a professional data protection management system. The report summarizes the audit results, organized by data protection processes. Trigonum employs a traffic light reporting system, indicating where further action is needed and which requirements have already been successfully implemented. In addition to this, Trigonum provides you with tailored recommendations for implementing data protection in your company, as well as suggestions for building a Data Protection Management System (DSMS). If desired, we will assist you in implementing these recommendations and measures.

  • Status Determination and Audits
  • To navigate effectively and develop a strategy for tailored data protection, it’s crucial to know your current position. We conduct a professional status determination at your company. By combining comprehensive checklists that consider the requirements of various recognized standards (GDPR, ISO 27701, ISO 27001, ISO 20000, TISAX, etc.), extensive practical experience, and an innovative approach, we can help you determine your current position and chart the best path toward your data protection management system.

  • Integrated DSMS + ISMS
  • In today’s world, data protection and information security can no longer be viewed in isolation. It is increasingly important to address the requirements of both disciplines through comprehensive technical and organizational measures (TOMs). A critical success factor for effective data protection and information security management is the integration into existing business processes, which helps avoid redundancy and impractical solutions. Trigonum has developed an integrated approach based on this understanding, aligning with the requirements of the GDPR, ISO 27701, ISO 27001, TISAX, and other recognized standards, to address both information security and data protection together.

    If you want to conduct a TOM Check now,
    please contact us!

    Direct Contact with Trigonum:
    +49 40 3199 1618 0
    Trigonum GmbH
    Notkestrasse 9
    22607 Hamburg

      We need the data marked with an asterisk in order to process your enquiry. We process the data you enter in the contact form in accordance with our Privacy policy.