Quiz Entry - updated: 2026.07.14
Technical measures are only half the equation. What organizational measures and certifications demonstrate TOM compliance?
Organizational TOMs include physical security zones, 24/7 incident response, and employee training, validated through certifications like ISO 27001 and SOC reports.
Physical security measures:
- Data centers organized into security zones with progressively stricter access controls.
- The deeper you go into the facility, the more authentication steps are required.
Incident response:
- 24/7 monitoring and response teams ready to act on security events.
- Documented escalation procedures and communication plans.
Employee measures:
- Regular training programs on security awareness and data protection.
- Ongoing awareness campaigns to keep security top of mind.
Key certifications to know:
| Certification | What It Covers |
|---|---|
| ISO/IEC 27001 | Information security management systems. The gold standard for security governance. |
| ISO/IEC 27701 | Privacy information management. Extends 27001 specifically for data protection. |
| SOC 1, SOC 2, SOC 3 | Service Organization Controls. SOC 2 is the most common for cloud services, covering security, availability, and confidentiality. |
| C5 BSI | Cloud Computing Compliance Criteria Catalogue from Germany's Federal Office for Information Security. Important in the DACH region. |