Technical and organisational measures (TOM)

Technical and organisational measures (TOM)

Information security, data protection and IT security: together unbeatable

Effective security solutions are based on a balanced interaction of technical and organisational measures (TOM). This is especially true for ensuring data protection and data security. It is therefore no coincidence that the EU General Data Protection Regulation (GDPR) explicitly calls for the implementation of appropriate technical and organisational measures in Article 32. As the new Swiss Data Protection Act (NFADP) is based on the GDPR and now provides for heavy fines for non-compliance with the minimum requirements for data security, the interaction of TOM takes on a whole new significance in this country.


TOM in brief

Technical measures are directly connected to the information system. Specialists in information security and IT security take care of these types of measures. They include, for example, aspects of physical security (access controls) and hardware (network security), aspects of workplace security (lock screen, antivirus programmes), access security (access management, role model) etc.

Organisational measures however concern the system environment. This means in particular the people who use it and the guidelines that are directed at these people: Keywords employee sensitisation and internal guidelines. These are of great importance because humans are still the number 1 security risk and wrong actions trigger about 80% of data protection incidents.

Important terms relating to TOM:

  • Data and information security
  • Data protection
  • IT security
  • Information systems
  • Risk management
  • Classification of information
  • Personnel measures
  • Physical protection
  • Identity and Access Management (IAM) systems


Objective of TOM: Ensuring data security during the whole data lifecycle. What does this mean?

In short: data must remain trustworthy, integer and often also available from the beginning to the end, i.e. from its feeding into the information system to its destruction and anonymisation. This is achieved by perfectly fitting the individual cogs of information security, data protection and IT security into one another. While information security guarantees the confidentiality, integrity and availability of data in general and IT security serves to protect electronic information or IT systems, data protection encompasses all measures that relate to personal data. This ensures that all criteria for the security and protection of data prescribed by law are met. TOM are therefore the must-have for legally compliant data protection solutions.


TOM: Advice and support from one source

For balanced cooperation between technology and organisation, it is best to contact Swiss Infosec AG. Where specialists in information security, data protection and IT security work together across disciplines under one roof. This way you have only one contact person for all technical and organisational security measures, namely us. This saves time, prevents coordination problems and guarantees a flawless interaction of the TOM.


Get in contact! We will be happy to advise you and answer any questions you may have.

Eugen Roesle

Eugen Roesle
Head of
Legal & Data Privacy Consulting



Non-binding enquiry


Of course 100% confidential, free and non-binding!