Quiz Entry - updated: 2026.07.14
Swiss and EU data protection law breaks TOMs down into eight specific control areas. What are these eight controls, and what does each one protect?
The eight TOM controls cover every layer of data protection, from physical building access all the way to logical data separation.
* The eight TOM controls as a serpentine grid. *
| German Term | English | What It Covers |
|---|---|---|
| Zutrittskontrolle | Physical Access Control | Who can physically enter the building or data center. |
| Zugangskontrolle | System Access Control | Authentication: who can log into systems. |
| Zugriffskontrolle | Data Access Control | Authorization: who can access which specific data. |
| Weitergabekontrolle | Transfer Control | Securing data during transmission, audit logs. |
| Eingabekontrolle | Input Control | Tracking who creates, modifies, or deletes data. |
| Auftragskontrolle | Processing Control | Ensuring processors follow controller instructions. |
| Verfügbarkeitskontrolle | Availability Control | Backups, disaster recovery, uptime guarantees. |
| Datentrennung | Data Separation | Keeping data collected for different purposes apart. |
Memory tip: The first three controls form a natural progression. First you enter the building, that's Zutrittskontrolle. Then you log into a system, that's Zugangskontrolle. Then you access specific data, that's Zugriffskontrolle. Physical access leads to system access leads to data access.