An error has occurred

You may want to try one of the following:

Close this dialog and continue to use this page.
Reload this page. Note that you will lose any unsaved changes.
If the above does not work, try reloading the page yourself. Note that you will lose any unsaved changes:
- With Firefox: hold down the shift key and click the Reload button in your browser toolbar.
- With Safari and Chrome: click the Reload button in your browser toolbar.
- With Internet Explorer: hold down the control key and click the Reload button in your browser toolbar.
Return home.

Reloading form

This form has to be reloaded. This most likely happened because your session has expired, which might take to the login page. (If you think that you shouldn't see this message and that the problem persists, please contact support.)

Application NameCOMPLIANCE Form NameCOMPLIANCE_APPLICATION_SUPPORT_INFORMATION_SECURITY Form TitleApplication Support Information Systems Form DescriptionThis is used to capture application Information systems.

Form Builder

Form Structure

Text Controls

Typed Controls

Date and Time

Selection Controls

Attachments

Buttons

Advanced

Permissions

Orbeon Forms PE Feature

Application Support Information Systems

Form Name

en | English |

It appears that you are using Internet Explorer or earlier. Form Builder is likely not working properly with this browser. We recommend you upgrade to Internet Explorer or newer, or use Google Chrome, Firefox, Safari, or Opera. If we made a mistake and you are not using Internet Explorer or earlier, please let us know.

Form Settings

Control Settings

Section/Grid Settings

Edit Choices

Confirm

Risk Information

Is this a GDPR Applicaiton

Status

Application NamePlease provide the name of the application used within Flex N Gate

Application VersionThe current version number of the application being used.

Hosted - Internal/ External Is this application Hosted internal or external

DescriptionPlease provide a description of this application.

PurposeWhat is the Purpose of this application?

Classification of Information Identify how sensitive your information is Public/Internal/Confidential/ Strictly Confidential

Source Is the source paper or electronic?

Application CategoryType of Application

2FA-Two Factor Authentication Identify if you have 2FA Enabled.

Submitted ByWho submitted this information?

Application AdminWho is in charge of the application maintenance?

Application OwnerWho is the business owner of this application?

Flex ContactWho do you contact with regards to questions or issues with the application?

Regions AffectedGLOBALARGENTINACANADACHINAENGLANDFRANCEGERMANYITALYMEXICOSPAINSPAIN-AEEUSAITALYWhat region does this affect?

Which regions would be affected by this applications failure or breach of data?Location (Facility) that use this application

Risk Information

Risk Analysis Has a risk analysis been performed? (YES, NO)

Risk Overall rating based on impact and likelihood (LOW, MED, HIGH)

Impact What impact would this applications failure or breach?

Likelihood What is the likelihood this application would fail or be breached? (LOW, MED, HIGH)

GDPR Applications - Step 1

License Required? Does use of the application require a license? (YES, NO)

Software Updates Installed Regularly Are the updates for this application installed regularly and on time? (YES, NO)

System Monitoring Unusual Activity Is the application consistently monitored for unusual activity? (YES, NO)

Target AvailabilityWhat is the targeted up-time of the application? (%)

Data Encrypted Is the software encrypted (YES, NO)

Data Backed UpIs the application data being backed up?

Users Affected Number of users affected by application failure/breach. (LOW, GDPR = <30, MEDIUM GDPR = 31 - 300, HIGH) GDPR = >300

Service Level Agreement Does the application have and require the acceptance of a service agreement? (YES, NO)

Comments

GDPR Applications - Step 2

Personal Data Does the application contain personal data? (YES, NO)

Data Quality - Integrity The measure of accuracy, completeness, consistency, and the overall validity of the data itself. (YES, NO)

Data Quality - Accuracy The proximity of the data to the exact or true values. (YES, NO)

Consistency Data is within an agreed format which conforms to recognized national and local standards (YES, NO)

Data Quality - Conformity Data is following the set of standard data definitions like data type, size and format. (YES, NO)

For what purpose are we storing this information?Data Quality – Purpose

Data Quality - Consistency Adherence to the concept that information is to be in the same format and structure throughout various environments. (YES, NO)

Data Quality - Illustration The final representation and use of data and its ability to meet the needs of the company. (YES, NO)

Data Quality - Precision The granularity of the data that is necessary for processing and producing quantifiable information that is valid, accurate, and complete. (YES, NO)

Data Quality - Timeliness How quickly data is created, updated and deleted. (ASAP, DELAYED, LATE)

Criticality Is this application critical? (NO, ADMINISTRATION SERVICE, BUSINESS OPERATIONAL)

Does the application contain special categories of personal data? [Special categories of personal data racial or ethnic origin, political opinions, religious beliefs or other beliefs of a similar nature, trade union membership, physical or mental health or condition, sex life and sexual orientation, generic data and biometric dataSpecial Categories of Personal Data

Regional Controller

Data Quality - OrginWhere data come from, its overall history, how it was acquired, and other related factors.

Provide a list of what Personal Data is captured.List of Personal Data Stored (Standard)

Provide a list of what Personal Data is captured.ured.List of Personal Data Stored (At RISK)

In which country is the data stored?Country of Data Server

Data RecipientsCORPORATEITISENGINEERINGENVIRONMENTAL HEALTH & SAFETYFINANCEHRMAINTENANCEMANUFACTURINGMATERIALSPRODUCTIONPURCHASINGQUALITYSECURITYSALESSHIPPING/RECEIVINGTOOLINGWhich departments will have access to the application data?

Data Transfer Outside EU Is the data transferred outside of Europe? (YES, NO)

Breach Detection Technology Can the application detect a data breach? (YES, NO)

Security Measures in PlaceDoes the application have security measures in place to prevent data loss/breaches?

Privacy Notice Required Does the application require a Privacy Notice? (YES, NO)

Supplier Vendor Customer Consent Supplier/Customer approves storage of their personal information? (YES, NO)

CNIL Notification Does the application require CNIL to be notified in the event of a breach? (YES, NO)

Security Measures for this application

Comments

Logon Mechanism for Access

Comments

Policy and Procedures Has a policy and procedures been defined for the application? (YES, NO)

Policy and Procedure OwnerDepartment in charge/possession of the applications policy and procedures.

Building Security Requirements Does use of the application have building security requirements? (YES, NO)

Building Security Issues CommentsWhat building security requirements must be met for use of the application?	Contractor Agreement GDPRWas a contractor agreement signed relating to GDPR rules and regulations

Third Party GDPR Compliance If there is a third party involved, do they comply with GDPR? (Internal / External / Both))

Third Party Non Disclosure If there is a third party involved is there a non disclosure agreement? (YES, NO)

Third Party Contact InfoInformation of the third party (if any) related to supply and support of the application.

Employee GDPR Training Have the employees using the application received GDPR training? (YES, NO)

Supplier Signed ANNEX	Data ProcessorWho is processing the data?

Data Processor CommentsDPS Comments

GDPR - Applications - Step 3 - DPIA (Data Protection Impact Assessment)

Name of ControllerName of Controller for the region this software is used.

Step 1: Identify the need for a DPIAExplain broadly what project aims to achieve and what type of processing it involves. You may find it helpful to refer or link to other documents, such as a project proposal. Summarise why you identified the need for a DPIA.

Step 2: Describe the processingDescribe the nature of the processing: how will you collect, use, store and delete data? What is the source of the data? Will you be sharing data with anyone? You might find it useful to refer to a flow diagram or other way of describing data flows. What types of processing identified as likely high risk are involved?

What is the nature of the dataDescribe the scope of the processing: what is the nature of the data, and does it include special category or criminal offence data? How much data will you be collecting and using? How often? How long will you keep it? How many individuals are affected? What geographical area does it cover?

What is the Context of the processingDescribe the context of the processing: what is the nature of your relationship with the individuals? How much control will they have? Would they expect you to use their data in this way? Do they include children or other vulnerable groups? Are there prior concerns over this type of processing or security flaws? Is it novel in any way? What is the current state of technology in this area? Are there any current issues of public concern that you should factor in? Are you signed up to any approved code of conduct or certification scheme (once any have been approved)?

What is the purpose of processingDescribe the purposes of the processing: what do you want to achieve? What is the intended effect on individuals? What are the benefits of the processing – for you, and more broadly?

Step 3: Consultation processConsider how to consult with relevant stakeholders: describe when and how you will seek individuals’ views – or justify why it’s not appropriate to do so. Who else do you need to involve within your organisation? Do you need to ask your processors to assist? Do you plan to consult information security experts, or any other experts?

Step 4: Assess necessity and proportionalityDescribe compliance and proportionality measures, in particular: what is your lawful basis for processing? Does the processing actually achieve your purpose? Is there another way to achieve the same outcome? How will you prevent function creep? How will you ensure data quality and data minimisation? What information will you give individuals? How will you help to support their rights? What measures do you take to ensure processors comply? How do you safeguard any international transfers?

Step 5: Identify and access riskDescribe source of risk and nature of potential impact on individuals

6. Identify measures to reduce the riskIdentify additional measures you could take to reduce or elimate risks identified as medium or high risks

DPO CommentsComments from the DPO

Hidden Section

System Number

Internal Referece Number

Mark this checkbox if you'd like to type HTML tags Click to enter a label Type your label here Click to add a hint Type your hint here Click to enter text Type your text here Remove File

Click to enter a section title Type your section title

truee617ad8a8a80534b3943946ea5774d3da680b6d6

Source

Add Language

Attach a PDF template file

Publish Form

XML Schema Upload

HTTP Service Editor

Actions Editor

Database Service Editor

Confirm

Form Preview

Confirm

Found draft

Found drafts

Existing form data found

Form Submitted

Review Form Validation Messages

Unable to complete action

Confirmation