¶ Policy Recommendations
Generate a new SENTINEL Policy and get proposed recommendations
¶ Context
The main purpose of this section is to analyse your organisation profile as well as the information registered for each completed processing activity, and propose human-readable, enforceable and actionable recommendations. Taking into account the full list of proposed recommendations, this section drafts tailor-made optimization policies for your organisation regarding its technologies, tools and procedures. Proposed recommendations are grouped in two different groups:
¶ Global recommendations
The OTM recommendations below are better applied at the organisation level and not individually per personal data processing activity.
- Defining and enforcing a policy
- Assigning roles and responsibilities
- Enforcing an access control policy
- Securely managing assets
- Managing change
- Handling incidents
- Cybersecurity awareness, education and training
- Endpoint security – workstations
- Endpoint security – mobile devices
- Physical security
¶ PA-specific recommendations
These recommendations are related to individual Processing Activities, categorised in the following topics:
- Managing data processors for the GDPR
- Managing human resources
- Authentication and access control
- Logging and monitoring
- Server and database security
- Network security
- Backup policy
- Application lifecycle security
- Data disposal
Each recommendation comes with a brief description and its implementation status along with a list of proposed software tools and a list of relative and available training material.
¶ Procedure
Visit SENTINEL Policy Recommendations section
-
- Click on “Policy” / “Recommendations” on the main menu
-
- Click on “Request New Recommendations” button in order to generate a new SENTINEL Policy consisting of proposed recommendations
-
- Upon generating a SENTINEL Policy, this will be available till the next time you will generate a new one. The date and time of creation of the latest generated Policy is always visible and available on your screen.
Review your organisation’s assessments results
- Review your organisation’s assessment results, selecting the tab entitled as “Assessments”
- MISSING
Review SENTINEL recommendations
-
- Select the tab “Recommendations” in order to visit your organisation’s recommended security and privacy measures. These are grouped in two different categories “Global recommendation” and “Recommendations related to individual PD processing activities”
-
- Select a recommendation in order to get informed of its details (i.e. description, implementation status, proposed software tools, available training materials)
-
- Get informed of the proposed recommendation from its description, and review its implementation status in your organisation
Review list of recommended Software & Tools
-
- Check the list of proposed software and tools that you may use in order to successfully address the recommendation or cover specific aspects of it
Review list of available Training Materials
-
- Check the list of the available training materials that will help you to better understand, decide on actions to be taken, and/or address the proposed recommendation within your organisation
¶ Prerequisites
- (Required) Create Organisation Profile (hyperlink) in order to get global recommendations
- (Optional) Create new PA (link) for getting recommendations related to individual PD processing activities
- (Optional) Perform a GDPR-CSA-assessment in order to view its results
- (Optional) Perform a DPIA-assessment in order to view its results
- (Optional) Perform a CSRA-assessment in order to view its results
Previous topic:CSRA-assessment
Next topic: CyberRange