Information Security - GDPR
iFACTS approach to information security is based on process orientation and asset management principles - inspired by the ISO27000 series.
Common work steps within Information Security are ownership, responsibilities, classification, requirements, policy, document handling, dependencies, GAP analysis, nonconformity handling, risk assessment.
Several types of regulation, law, and standards impact information security. For example NIS-directive, ISO 27000, GDPR, PCI and more. iFACTS can support all of these by the unified approach to Governance including information security.
GDPR is handled within information security. Each Processing is registered as an asset and all the necessary functionality is available in the software. For example records of processing, DPIA, data breach reporting, consent, data request, and erasure.
iFACTS supports as well the certification process of the ISMS in ISO 27001. Starting with scoping, risk assessment, selection of controls including the statement of applicability, and the full rollout and implementation.
Base functionality in the iFACTS software: access control, inventory, classification, trigger logic, requirement and control libraries, dependencies, document management, notification, risk management, incident management, control program, reports, and dashboards.