LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Technical measures are only half the equation. What organizational measures and certifications demonstrate TOM compliance?

Organizational TOMs include physical security zones, 24/7 incident response, and employee training, validated through certifications like ISO 27001 and SOC reports.

Physical security measures:

  • Data centers organized into security zones with progressively stricter access controls.
  • The deeper you go into the facility, the more authentication steps are required.

Incident response:

  • 24/7 monitoring and response teams ready to act on security events.
  • Documented escalation procedures and communication plans.

Employee measures:

  • Regular training programs on security awareness and data protection.
  • Ongoing awareness campaigns to keep security top of mind.

Key certifications to know:

Certification What It Covers
ISO/IEC 27001 Information security management systems. The gold standard for security governance.
ISO/IEC 27701 Privacy information management. Extends 27001 specifically for data protection.
SOC 1, SOC 2, SOC 3 Service Organization Controls. SOC 2 is the most common for cloud services, covering security, availability, and confidentiality.
C5 BSI Cloud Computing Compliance Criteria Catalogue from Germany's Federal Office for Information Security. Important in the DACH region.

From Quiz: PRIVACY / TOM and OSINT | Updated: Jul 14, 2026