LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

PETs are one side of the technical coin. The other side is a broader framework that combines technical and organizational measures. What are TOMs, and where do they come from legally?

Technische und Organisatorische Massnahmen, meaning Technical and Organizational Measures or TOMs, are the combined safeguards organizations must implement to protect personal data, mandated by DSGVO Article 32 and Swiss DSG Article 8 Paragraph 1.

TOMs split into technical and organizational measures, each with examples (GDPR Art. 32, DSG Art. 8).

* TOMs taxonomy: technical vs organizational measures. *

Diagram of the CIA triad.

* Security goals TOMs protect: the CIA triad. — Michel Bakni, CC BY-SA 4.0, via Wikimedia Commons. *

The legal requirement is clear: personal data must be protected through appropriate technical and organizational measures against unauthorized processing.

Organizational measures include:

  • Employee training and awareness programs.
  • Defined roles and responsibilities.
  • Incident response plans and emergency procedures.
  • Compliance management processes.

Technical measures include:

  • End-to-end encryption.
  • Access controls and logging.
  • Pseudonymization and anonymization.
  • Secure data architectures.

Real-world reference: AWS publishes a detailed whitepaper documenting and certifying their comprehensive cloud TOMs for various compliance requirements. This serves as a model for how large organizations demonstrate TOM implementation to regulators.

Go deeper:

From Quiz: PRIVACY / TOM and OSINT | Updated: Jul 05, 2026