IScomply: the SaaS solution for the governance of GDPR compliance.
IScomply is a GRC (Governance, Risk and Compliance) Platform in SaaS (Software as a Service), which allows you to manage all the formalities to reach the compliance with the GDPR. Through integration with a document system, the workflows defined by the Platform allow the collection of information, their registration and processing for the purpose of drafting, modifying, approving, sign and archive all the documentation prepared under the GDPR. IScomply therefore manages the life cycle of documents prepared under the GDPR and including creation, compilation, sharing, subscription, transmission, storage, searching and access, viewing.
IScomply combines document and process management through workflow into a single solution and by joining the characteristics of the latest collaboration, smart working and user experience tools, it offers a solution:
- To comply with the accountability principle established by the GDPR;
- To manage the obligations in compliance with the principles of privacy by design and by default defined by the GDPR;
- It can be integrated with the main management and ERP systems;
- Scalable and adaptable to any organizational need;
- Configurable to manage any management system (ISO, SOX, etc);
- It can be integrated with other digitized processes;
- Accessible from any device, browser or operating system.
- Having a solution capable of centralizing all regulatory obligations.
- Organizing the management of compliance with the GDPR through guided procedures.
- Automatically filling in the documentation for the GDPR.
- Digitizing the evidence of the fulfilments.
- Centrally archiving the information and documentation created, in an easier and faster way.
- Having a system that allows you to monitor the progress of all open «cases».
- Having a system equipped with a punctual search mechanism in order to easily and quickly retrieve all the information relating to the data processing activities, systems and parties involved in the processing operations.
- Making certain company functions responsible for regulatory compliance.
- Registration of personal data processing activities, through a process of approval.
- Implementation of the DPIA (Data Protection Impact Assessment).
- Creation of an inventory of the ICT systems involved in the personal data processing activities.
- Creation of an inventory of paper archives, prepared for the conservation of the processed data.
- Risk analysis on ICT systems and definition of suitable security measures to be adopted.
- Creation of the supplier database and their association with the personal data processing activities.
- Creation of customer details and their association with multiple personal data processing activities for which the Company acts as Data Processor or Sub-Processor.
- Creation of the Joint Data Controllers details and their association with multiple personal data processing activities.
- Creation of the Authorized data processing database..
- Creation of the System Administrators database.
- Collection of requests from data subjects.
- Data breach management.
How it works
Each process involves different corporate functions, depending on the role assigned in the compliance and governance area. The workflow assigns appropriate tasks to the users involved in order to:
- Collect and verify the necessary information.
- Verify and approve the operations realized by colleagues or the documentation received from other third parties, according to a hierarchical setting of the roles defined in IScomply.
- Prepare the necessary documentation through a process of compilation, verification, approval, sharing with third parties, reprocessing in pdf and digital signature.
- To guide each user in carrying out the activities that belong to him, according to the roleassigned to him.
- Create a «file» relating to each person involved in the processing operations, which contains all the information and documents associated with him.
As a result of the Workflows, Iscomply produces:
- Record of data processing activities, both in the case that the Company works as Data Controller and Data Processor.
- Data Processing Agreements with Suppliers acting as Data Processors or Sub-Processors, also providing for the digital signature and centralized archiving of the documents.
- Data Processing Agreements with Customers acting as Data Controllers, also providing for the digital signature and centralized archiving of the documents.
- Data Processing Agreements with Partners acting as Joint Controllers, also providing for the digital signature and centralized archiving of the documents.
- Supplementary agreements on data processing, to supplement the agreements already signed with Customers and Suppliers.
- Appointments for those authorized to process data and system administrators, signed by digital and centralized archiving of the documents.
- Data Breach Record and management of the communications to be provided to the competent Authority, to the Data Controllers and to the interested parties when required by current legislation.
- Formal answers to the requests of the data subjects, with consequent compilation of the register of requests.
Thanks to its flexibility, upon specific customer request, IScomply can be customized in relation to: