Menu
GDPR solution

GDPR solution

The General Data Protection Regulation (GDPR) is Regulation (EU) No. 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (General Data Protection Regulation), a European Union regulation aimed at significantly increasing the protection of citizens‘ personal data.

The solution takes into account the individual needs of the customer in relation to the GDPR, whether it concerns public offices, hospitals, schools or businesses. First, a differential analysis is carried out, and then organizational and technical measures are delivered and implemented in response to the outputs of this analysis.

The main features of the offered solution include identification and provision of measures to comply with the principles for the processing of personal data according to the GDPR, fulfilment of the obligations of the controller or processor and fulfilment of the rights of the data subject. The solution is based on generally accepted standards, frameworks and guidelines of ISO 27001, TOGAF, ITIL.

Provided services

Cyber security solution from the company TESCO SW a.s. consists of several parts, which tie in with one another:

1. Differential analysis

It maps the effects of Law on Cyber Security (LoCS) and Decree on Cyber Security (DoCS) on the customer’s IS in question. The analysis consists of a detailed analysis of LoCS and DoCS. 

Identification of controller's duties

Division into 3 areas: obligation is met; failure to meet it; partially met, change is necessary.

Product breakdown

It identifies customer needs in the form of documents, services and HW & SW deliveries necessary to ensure the fulfilment of administrator’s obligations.

Individual assignments

Logical division of product break-down into individual partial executions and detailed wording of assignment for implementer.

Migration plan or delivery schedule

Process schedule for introduction of organizational and technical measures, incl. timetable for partial deliveries.

2. Implementation of security measures

After approval of differential analysis, there follows a phase of executing organisational and technical security measures:

Safety documentation

Editing or creating documentation, whose subject is to define (security policy) objectives and state how to achieve them. Risk analysis is also included.

Other documents

In connection with the introduction of changes updating organizational and controlling documents.

Supervision and security SW

Modification or delivery of systems monitoring and protecting the concerned infrastructure – proactive monitoring tool of IT environment (e.g. MS SCOM for operational logs), SIEM containing security logs for advanced service management of network data flow filtering or HSM for advanced security operations.

Application SW

Modification or delivery of Service Desk supporting processes in the area of ITSM and providing reporting tool functionality on the basis of logs and alerts from monitoring systems.

3. Provision of support services

The section provision of support services includes:

Professional capacities

Provision of expertise according to section 6 of clause 2 of DoCS (Cyber security administrator, Cyber security architect).

Training

Training in accordance with the development plan of the security awareness according to section 9 of DoCS.

Certification

Preparation for ISO 27001 certification according to section 29 of DoCS.

Measures

Providing execution of reactive and protective measures of NSO according to section 11 of LoCS.

4. Security supervision

The Security Oversight section includes the following services:

Identification of controller's duties

Division into 3 areas: obligation is met; failure to meet it; partially met, change is necessary.

Product breakdown

It identifies customer needs in the form of documents, services and HW & SW deliveries necessary to ensure the fulfilment of administrator’s obligations.

Individual assignments

Logical division of product break-down into individual partial executions and detailed wording of assignment for implementer. They also contain a price estimate and proposed date of partial execution.

Migration plan or delivery schedule

PProcess schedule for introduction of organizational and technical measures, incl. timetable for partial deliveries.

Reference projects

  • The Office for Personal Data Protection
  • Ministry for regional development of the Czech Republic

Technology

  • HW: Thales e-Security nShield Connect
  • SW: CryptoID, FaMa+ ITSM, Microsoft System Center Operations Manager

TESCO SW 

General license terms
General terms and conditions

WE CO-OPERATE

Moravian Business College Olomouc
Regional Centre Olomouc
BEA Centre Olomouc
HELP CZ

QUICK CONTACT

info@tescosw.cz
tel. 587 333 602

tř. Kosmonautů 1288/1
779 00 Olomouc

FOLLOW US

TESCO SW 

General license terms
General terms and conditions

QUICK CONTACT

info@tescosw.cz
tel. 587 333 602

tř. Kosmonautů 1288/1
779 00 Olomouc

WE CO-OPERATE

Moravian Business College Olomouc
Regional Centre Olomouc
BEA Centre Olomouc
HELP CZ

FOLLOW US