Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook
Academy home
Content update published to Cyberday

A couple of weeks ago we told you about a significantly updated Cyberday, where we introduced features like compliance framework management, cyber security tasks and taskbook for key persons and security guidelines for the whole personnel.

Now we've also released an update to the templates on the documentation side. The goal was to streamline documentation, highlight the most important things and significantly reduce the amount of separately documented items. Interpretations of e.g. required GDPR documentation have gradually become more accurate, and we've been able to utilize this information during this update.

Here's a short summary of the update. This doesn't require any action from our current customers and all old content is available normally.

Information materials help document data categories

Information material connects databanks (e.g. registers) and data systems together. Its goal is to make documenting data categories clearer and reduce the amount of double data. Data categories are now only documentend once - in the data card of information materials.

Information materials means a piece of data that is utilized for one specified task. A databank (e.g. customer register) can comprise of multiple information materials and these materials can be processed using multiple data system (or even manually).

Data categories are defined only once - in connection with information materials

It is usually enough to describe the data in an information material using category-level documentation. After this the material is linked to a processing purpose or data system.

Less separate items to document

Most of documentation in Cyberday is now handled through three main elements, i.e. databanks, information materials and data systems. We've also removed some separate documentation lists, so that the user can focus his attention on the most essential things.

When a data system is on your own maintenance, you need to document logs and backups

E.g. access rights and backups are treated in connection with data systems, when necessary. Also other things which previously where documented in connection with processing purposes separately (e.g. automated decisions, data transfer) are now on the databank-level, so they need to be documented only once.

Chosen framework affects the presented documentation and questions directly. Smaller framework -> less things to document.

Other changes

Personal data registers renamed to Databanks

All databanks do not include personal data. Thus we have started using the databank-term, which is used on many legislations too. When a databank includes personal data, it can be referred to as a personal data register.

Integrations are now Interfaces

Data systems are not always connected to each other via technical interfaces, but data can be exported as printout or exported files and transferred manually to other systems.

Describing of these interfaces is essential e.g. for companies obeying the ISO27001-framework.

Need help with updated content?

We're happy to help and give a short intro to the updates.

Book a meeting with our team >>


Share article