[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8e0TS2xja2FXDIkI19TWVW45apo0Rq9jsGzA12KX5qs":3},{"sections":4,"resultAnalysis":887,"id":888,"version":889,"newVersion":22,"label":890,"isPinned":22,"isShared":56,"sharingToken":891,"isRevision":22,"isBlockAnalysisShared":22,"nbReferences":325,"referenceId":9,"nbResponses":11,"parentId":9,"revisionDescription":9,"logoUrl":892,"description":893,"scheduleIntervalDays":9,"versionNumber":30,"dateCreation":894,"dateUpdate":895,"dateArchived":9,"archived":22,"type":896,"typeIndex":46,"typeColor":9,"typeIcon":9,"typeText":897,"creator":9,"objectType":898,"objectTypeIndex":11,"objectTypeColor":55,"objectTypeIcon":899,"objectTypeText":900,"defaultOwners":901,"tags":910,"privacyHubs":9,"nbQuestions":920,"nbQuestionsRequired":921,"nbDatas":11,"deadLineDays":9},[5,245,295,388,452,609,723,775],{"id":6,"slug":7,"label":8,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":13,"questions":14,"sections":244},"9f06b73e-1556-4c3a-9814-8a96922b5b5b","gdpr-privacy-policy","GDPR Compliance Policy",null,"Default",0,"SectionType_Default","\u003Cp>Section on the subcontractor's GDPR compliance policy.\u003C/p>\u003Cp>\u003C/p>",[15,57,81,96,112,124,140,154,169,181,197,209,225],{"id":16,"slug":17,"label":18,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":23,"displayConditions":9,"answers":24,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"9f4649a8-0ef3-4828-ad8a-453b8016e08a","is-there-a-contract-between-the-data-controller-and-the-processor","Is there a contract between the Data Controller and the processor?","Radio",7,"Unique choice list",false,[],[25,41],{"id":26,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":34},"67abf9e1-6ab0-4d24-9394-272874170eff","Yes",2,"VeryLow",1,"var(--bs-success)","Negligible","Remote",[35],{"id":36,"label":37,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"f70e3126-4748-47d8-ad38-cb1926b9a01d","Upload the contract evidence in the platform","","Medium","#ffc107",{"id":42,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":44,"impactIndex":28,"impactColor":45,"impactIcon":9,"impactText":44,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":49},"d96c60d1-9843-486e-9f3f-13211add2ef0","No","Low","var(--bs-info)",3,"var(--bs-warning)","Possible",[50],{"id":51,"label":52,"userId":9,"color":9,"description":53,"priority":54,"priorityIndex":30,"priorityColor":55,"priorityIcon":9,"priorityText":54},"623c3975-59b4-46bb-9880-7ea5ecf72005","Ask the subcontractor for an GDPR-compliant contract","\u003Cp>The contract must include GDPR-compliant clauses specifying the data controller / data processor relationship and responsibilities.\u003C/p>","High","#DC3545",true,{"id":58,"slug":59,"label":60,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":61,"displayConditions":62,"answers":70,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"dd2e9c31-71a7-4318-8c3b-1028c30a961e","does-the-contract-contain-clauses-defining-the-subcontractors-responsibilities-that-comply-with-the-rgpd","Does the contract contain clauses defining the subcontractor's responsibilities that comply with the GDPR?",[],{"id":63,"separator":64,"field":9,"operator":65,"value":9,"rules":66},"73d77d35-b81f-4bee-b25b-70ab0fad184b","And","equal",[67],{"id":68,"separator":9,"field":16,"operator":65,"value":26,"rules":69},"810b14a7-2bf6-400a-b590-99365c999e43",[],[71,74],{"id":72,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":73},"ba222d5d-5961-4922-b8d2-fa37e1c22290",[],{"id":75,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":76},"fddc2c1a-c47b-40fa-9407-15f3379bb518",[77],{"id":78,"label":79,"userId":9,"color":9,"description":80,"priority":54,"priorityIndex":30,"priorityColor":55,"priorityIcon":9,"priorityText":54},"079f5991-23e6-4c36-b6e6-b357ccbf24d8","Ask the subcontractor to draw up a contractual amendment","\u003Cp>The contractual amendment must include GDPR-compliant clauses specifying the relationship and data controller / data processor responsibilities.\u003C/p>",{"id":82,"slug":83,"label":84,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":46,"regex":9,"unit":9,"type":85,"typeIndex":86,"typeColor":9,"typeIcon":9,"typeText":87,"dynamicSelectType":9,"editableOptions":22,"complianceRules":88,"displayConditions":89,"answers":95,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"7b7d2310-92e3-4239-a387-995d4254d0a9","please-download-the-contract-andor-the-addendum","Please download the contract and/or the addendum.","Attachments",12,"Files (attachments drop)",[],{"id":90,"separator":64,"field":9,"operator":65,"value":9,"rules":91},"ae265289-1645-4332-af07-0b566c51c4d0",[92],{"id":93,"separator":9,"field":16,"operator":65,"value":26,"rules":94},"3cc0b508-10cd-4594-bfb4-92300442a28a",[],[],{"id":97,"slug":98,"label":99,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":100,"displayConditions":9,"answers":101,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"387b2181-d74c-4ec2-b0f5-ec268dbf17b9","has-the-processor-formalised-a-privacy-policy","Has the processor formalised a Privacy Policy?",[],[102,105],{"id":103,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":104},"767f5b49-8876-4bf5-b63c-f2490771c902",[],{"id":106,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":107},"a35cec2f-826a-4f58-8112-2fbe14d16244",[108],{"id":109,"label":110,"userId":9,"color":9,"description":38,"priority":44,"priorityIndex":46,"priorityColor":111,"priorityIcon":9,"priorityText":44},"043f14a3-2d64-4490-8823-7ade6a1e4990","Encourage the subcontractor to draw up its privacy policy.","#1E8EE1",{"id":113,"slug":114,"label":115,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":85,"typeIndex":86,"typeColor":9,"typeIcon":9,"typeText":87,"dynamicSelectType":9,"editableOptions":22,"complianceRules":116,"displayConditions":117,"answers":123,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"a7f6aeab-db16-41ba-b2fc-8d1721c6a1d7","merci-de-telecharger-la-politique-de-confidentialite","Please download the privacy policy",[],{"id":118,"separator":64,"field":9,"operator":65,"value":9,"rules":119},"7b199124-2a3e-479b-be4e-32200d2f275b",[120],{"id":121,"separator":9,"field":97,"operator":65,"value":103,"rules":122},"329f8808-e8ca-46d4-b9a3-4dbcb589e851",[],[],{"id":125,"slug":126,"label":127,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":128,"displayConditions":9,"answers":129,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"d3fa2b62-7887-4f79-ab8a-85c8c6f6f104","has-the-subcontractor-appointed-a-dpo","Has the processor appointed a DPO?",[],[130,134],{"id":131,"color":9,"rangeValue":9,"label":132,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":133},"46279a7c-6a17-4902-86bf-4a2a4dd92f2e","yes",[],{"id":135,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":136},"db1bc681-49e9-4113-8e5a-e01f72203ead",[137],{"id":138,"label":139,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"3002ff0a-6372-49d1-a373-26215c6e8977","Recommend the appointment of a DPO",{"id":141,"slug":142,"label":143,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":11,"max":9,"regex":9,"unit":9,"type":144,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":145,"dynamicSelectType":9,"editableOptions":22,"complianceRules":146,"displayConditions":147,"answers":153,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"614edd6e-c8cf-437f-be82-c770c4e05e35","please-indicate-dpo-details-name-first-name-telephone-number-email-address","Please indicate DPO details (name, first name, telephone number, email address)","LongText","Long text",[],{"id":148,"separator":64,"field":9,"operator":65,"value":9,"rules":149},"546fb1ea-7bff-4cd6-b894-f39867631a18",[150],{"id":151,"separator":9,"field":125,"operator":65,"value":131,"rules":152},"2c267c30-c826-4b55-b1db-b468628608b6",[],[],{"id":155,"slug":156,"label":157,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":158,"displayConditions":9,"answers":159,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"b1eda752-207d-466b-a5c8-fe6f854b7696","has-the-processor-appointed-an-chief-information-security-officer-ciso","Has the processor appointed an Chief Information Security Officer (CISO)?",[],[160,163],{"id":161,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":162},"82632490-6ecf-4269-9ceb-7ca6fc52feb0",[],{"id":164,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":165},"ed9a66e3-958a-4915-8b19-80b0393a3b38",[166],{"id":167,"label":168,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"cf773347-d298-4f5c-b4d2-cbc5b0614170","Recommend the appointment of a CISO",{"id":170,"slug":171,"label":172,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":144,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":145,"dynamicSelectType":9,"editableOptions":22,"complianceRules":173,"displayConditions":174,"answers":180,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"dae495b5-6a9a-4530-b6e1-9a971d0e7ea5","please-indicate-ciso-details-name-first-name-telephone-number-email-address","Please indicate CISO details (name, first name, telephone number, email address)",[],{"id":175,"separator":64,"field":9,"operator":65,"value":9,"rules":176},"5ac26f06-869c-4cfb-8323-b3aa5c796aa2",[177],{"id":178,"separator":9,"field":155,"operator":65,"value":161,"rules":179},"a2cdbe23-db31-4d07-ad23-e59e065599f3",[],[],{"id":182,"slug":183,"label":184,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":185,"displayConditions":9,"answers":186,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"807b7a35-6883-47f6-8a6c-f82679a42e70","does-the-processor-keep-a-record-of-processing-activities-for-the-services-entrusted-to-it-by-the-controller","Does the processor keep a record of processing activities for the services entrusted to it by the controller?",[],[187,190],{"id":188,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":189},"53b6b1a3-b695-4277-813a-21eacbff99cb",[],{"id":191,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":192},"6be4bcf1-8938-48a2-b0a1-d076d080d3f2",[193],{"id":194,"label":195,"userId":9,"color":9,"description":196,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"569d70b5-f727-4c6d-af57-15b0ec6a7323","Exiger que le sous-traitant tienne à jour son registre","\u003Cp>La tenue du registre de traitement est une obligation pour un sous-traitant\u003C/p>",{"id":198,"slug":199,"label":200,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":201,"displayConditions":9,"answers":202,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"c33563dc-8445-4b52-966d-6f52daeff679","has-the-processor-already-carried-out-a-compliance-audit-of-the-personal-data-used-in-connection-with-the-services-entrusted-to-it-by-the-controller","Has the processor already carried out a compliance audit of the personal data used in connection with the services entrusted to it by the controller?",[],[203,206],{"id":204,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":205},"c0a1e1ca-3f07-4bf3-b7aa-3f2553857831",[],{"id":207,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":208},"8ff21edd-3700-48a1-9e4d-82241a85db5e",[],{"id":210,"slug":211,"label":212,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":213,"displayConditions":9,"answers":214,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"0500d9f6-5122-4245-8f80-0e91ca9a7bba","has-a-risk-analysis-privacy-impact-assessment-as-defined-in-the-gdpr-been-carried-out-on-the-services-entrusted-from-the-point-of-view-of-the-protection-of-personal-data","Has a risk analysis (privacy impact assessment as defined in the GDPR) been carried out on the services entrusted from the point of view of the protection of personal data?",[],[215,222],{"id":216,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":217},"df794dd2-7aa5-4fd4-912a-c35fdb46648c",[218],{"id":219,"label":220,"userId":9,"color":9,"description":221,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"8086f64a-5861-4f7f-a86c-5ef35f05d824","Ask the subcontractor for the results","\u003Cp>In particular, the security measures put in place\u003C/p>",{"id":223,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":224},"27a44815-8baf-4357-a53a-0a06742bd2f2",[],{"id":226,"slug":227,"label":228,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":229,"displayConditions":9,"answers":230,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"b8dc7940-c297-4188-a2cc-2cf1b42640db","has-the-processor-defined-and-formalised-data-protection-procedures-exercise-of-personal-rights-data-breaches-privacy-by-design-default-etc","Has the processor defined and formalised data protection procedures (exercise of data subject rights, data breach, privacy by design / default, etc.)?",[],[231,237],{"id":232,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":233},"81fd91fd-9930-492e-8245-6bdc3987c9ea",[234],{"id":235,"label":236,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"963a8c1f-6e9e-40de-b5a9-fd9199f8c5d3","Collect procedures",{"id":238,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":239},"92103379-a759-44a1-b63f-959cbfa39729",[240],{"id":241,"label":242,"userId":9,"color":9,"description":243,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"6b6062da-f0b7-4f98-9603-9aeca480336e","Ask subcontractors to draw up these procedures","\u003Cp>Drafting these procedures will make it possible to check how the processor will be able to meet its obligations in the event of a data breach or the exercise of rights.\u003C/p>",[],{"id":246,"slug":247,"label":248,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":249,"questions":250,"sections":294},"ee06b7f8-fc04-49c9-a4fc-05d5d33fb3ec","human-ressources","Human resources","\u003Cp>Section relating to human resources measures\u003C/p>",[251,267,282],{"id":252,"slug":253,"label":254,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":255,"displayConditions":9,"answers":256,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"c47d9df5-7407-4001-8688-ce24edc9c754","has-the-processor-defined-and-implemented-a-plan-to-raise-awareness-of-the-gdpr-among-employees","Has the processor defined and implemented a plan to raise awareness of the GDPR among employees?",[],[257,260],{"id":258,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":259},"f5a5d42f-dd45-4f45-b2d3-5d53b5d322bb",[],{"id":261,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":262},"b77bc76e-9833-49ce-a622-337f87bd9372",[263],{"id":264,"label":265,"userId":9,"color":9,"description":266,"priority":54,"priorityIndex":30,"priorityColor":55,"priorityIcon":9,"priorityText":54},"a490df77-c188-414f-8c59-d7d27c80e078","Requiring the processor to increase the awareness of its employees","\u003Cp>Obligation of the processor persuant to article 28 GDPR\u003C/p>",{"id":268,"slug":269,"label":270,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":271,"displayConditions":9,"answers":272,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"350bb280-02ba-48b3-9cb0-f8b4db0ac0eb","has-the-processor-made-its-employees-who-have-access-to-the-data-entrusted-to-it-by-its-clients-sign-a-confidentiality-agreement-possibly-in-the-employment-contract","Has the processor made its employees who have access to the data entrusted to it by its clients sign a confidentiality agreement, possibly in the employment contract?",[],[273,276],{"id":274,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":275},"2a6a6289-b958-4d8d-ba9a-2cc792c30c6b",[],{"id":277,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":278},"d577db8a-c930-4cd5-83d1-3746a03198f5",[279],{"id":280,"label":281,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"c847deda-e1d2-4ce6-a826-5986d6983848","Require the signing of a confidentiality agreement",{"id":283,"slug":284,"label":285,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":286,"displayConditions":9,"answers":287,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"752593bc-6c3c-4f0f-83c3-43e0988319ef","has-the-subcontractor-drawn-up-a-charter-for-the-use-of-it-resources","Has the subcontractor drawn up a charter for the use of IT resources?",[],[288,291],{"id":289,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":290},"e22a966a-cda9-4090-9042-ed23242a0a58",[],{"id":292,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":293},"60f0fade-e6e8-4c7c-9846-51d15d40d210",[],[],{"id":296,"slug":297,"label":298,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":299,"questions":300,"sections":387},"f78db345-6876-43b0-becb-a1d7fed07af1","physical-access-control-to-office-areas-","Physical access control to premises","\u003Cp>Section on access to the subcontractor's premises, facilities and IT systems.\u003C/p>",[301,320,355,367],{"id":302,"slug":303,"label":304,"tooltipHtml":305,"descriptionHtml":306,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":307,"displayConditions":9,"answers":308,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"08756d39-8dfa-480e-bae6-8e814f42c6d3","has-the-subcontractor-taken-appropriate-state-of-the-art-technical-and-organisational-measures-to-control-access-to-its-premises","Has the subcontractor taken appropriate state-of-the-art technical and organisational measures to control access to its premises?","\u003Cp>\u003Cstrong>\u003Cem>Example: \u003C/em>\u003C/strong>\u003Cem>access control system (ID reader, magnetic card, smart card), key (issuing), door locks (electric door openers, etc.), security staff, guards, surveillance installations (alarm system, video / CCTV), access connection to the data centre, regular review of permanent access authorisations, etc.\u003C/em>\u003C/p>","\u003Cp>\u003C/p>",[],[309,312],{"id":310,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":311},"0820a6b8-19ba-40d4-b06b-bec049e056ea",[],{"id":313,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":54,"impactIndex":314,"impactColor":315,"impactIcon":9,"impactText":54,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":316},"68cdc688-d984-4ea8-9416-65e8a40d2068",4,"var(--bs-primary)",[317],{"id":318,"label":319,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"bf24e47d-2d04-44dd-ab56-136a0723df9d","Require the subcontractor to put in place provisions",{"id":321,"slug":322,"label":323,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":324,"typeIndex":325,"typeColor":9,"typeIcon":9,"typeText":326,"dynamicSelectType":9,"editableOptions":22,"complianceRules":327,"displayConditions":9,"answers":328,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"547753ad-88d7-4cb4-871e-c7e65f00317e","select-the-measures-taken-to-control-access-to-the-premises","Select the measures taken to control access to the premises","Checkbox",8,"Multi choice list",[],[329,336,343,347,351],{"id":330,"color":9,"rangeValue":9,"label":331,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":44,"impactIndex":28,"impactColor":45,"impactIcon":9,"impactText":44,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":332},"eb80d0bb-a45e-4061-a5a5-5807e30621a8","Doors closed at all entrances (e.g. electronic locks; physical locks; etc.) ",[333],{"id":334,"label":335,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"d02137e8-87e9-48f6-b8a8-e65b02bbb46a","Set up access control with locks",{"id":337,"color":9,"rangeValue":9,"label":338,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":339},"67491518-7985-4c4d-b600-583915788b87","Presence of security personnel (e.g. security at the entrance desk)",[340],{"id":341,"label":342,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"2f272b86-4e1b-4a12-9543-69984aadac7e","Set up a visitor control system",{"id":344,"color":9,"rangeValue":9,"label":345,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":346},"d84d74e2-a8bd-4565-b6eb-60a5bd3286e7","Access control systems (e.g. biometric security; secure access cards; etc.)",[],{"id":348,"color":9,"rangeValue":9,"label":349,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":350},"9b8a1244-794c-4122-9156-00750d013b54","CCTV systems (Video surveillance)",[],{"id":352,"color":9,"rangeValue":9,"label":353,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":354},"0d9938f7-48ee-4577-9e58-16c5eddf1c1b","Security alarm systems",[],{"id":356,"slug":357,"label":358,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":359,"displayConditions":9,"answers":360,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"e18fe4ed-2a43-4b82-92e5-5ccffd76aa45","has-the-processor-taken-appropriate-state-of-the-art-technical-and-organisational-measures-to-control-access-to-the-facilities-where-personal-data-are-processed-in-particular-to-verify-authorisation","Has the processor taken appropriate state-of-the-art technical and organisational measures to control access to the facilities where personal data are processed, in particular to verify authorisation?",[],[361,364],{"id":362,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":363},"8dac5c3d-a23f-4736-962c-b9880989256a",[],{"id":365,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":366},"5e650d5f-6984-46ff-8d73-083118ac81a9",[],{"id":368,"slug":369,"label":370,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":324,"typeIndex":325,"typeColor":9,"typeIcon":9,"typeText":326,"dynamicSelectType":9,"editableOptions":22,"complianceRules":371,"displayConditions":9,"answers":372,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"b5bf7705-eb7b-4b54-b367-6a8d2cf825a8","select-the-measures-taken-to-control-access-to-the-facilities-where-personal-data-are-processed-in-particular-to-verify-authorization","Select the measures taken to control access to the facilities where personal data are processed, in particular to verify authorization",[],[373,376,380,383],{"id":374,"color":9,"rangeValue":9,"label":331,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":375},"d4b0f3d5-efa6-4970-bb38-31459582f4d8",[],{"id":377,"color":9,"rangeValue":9,"label":378,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":379},"a518e92f-a0a2-408a-90c8-a30eb05de63b","Access control systems (e.g. secure access cards; digicode; speaker registration book; etc.)",[],{"id":381,"color":9,"rangeValue":9,"label":349,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":382},"2d20a236-9baf-44bf-81e4-af762befee11",[],{"id":384,"color":9,"rangeValue":9,"label":385,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":386},"f6f60aba-305b-4713-bff5-57b3f7cf5365","Systematic presence of a member of the IT department during an intervention on the IT premises",[],[],{"id":389,"slug":390,"label":391,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":392,"questions":393,"sections":451},"ddd36f02-a417-4ec3-b1a9-dd730f7300f3","logical-access-control-to-it-systems","Logical access control to IT systems","\u003Cp>Section on the logical security of IT systems\u003C/p>",[394,409],{"id":395,"slug":396,"label":397,"tooltipHtml":398,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":399,"displayConditions":9,"answers":400,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"8825bafe-3622-4a62-99fe-d1c3376ca78e","has-the-subcontractor-taken-the-technical-and-organisational-measures-for-user-identification-and-authentication-to-limit-access-to-it-systems-to-only-those-persons-concerned-by-the-use-of-personal-data-for-the-service-entrusted","Has the subcontractor taken the technical and organisational measures for user identification and authentication to limit access to IT systems to only those persons concerned by the use of personal data for the service entrusted?","\u003Cp>Examples: password procedures (including special characters, minimum length, regular password change), automatic locking (e.g. password or shutdown), creation of a master folder per user, encryption of data carriers\u003C/p>",[],[401,404],{"id":402,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":403},"d99eae5b-f0ae-4807-baf0-5025bff850b2",[],{"id":405,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":54,"impactIndex":314,"impactColor":315,"impactIcon":9,"impactText":54,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":406},"b56d586f-be02-41ee-ba30-29e37038b4f9",[407],{"id":408,"label":319,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"cfde12b9-d6d4-4796-b28f-bf9501136e19",{"id":410,"slug":411,"label":412,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":324,"typeIndex":325,"typeColor":9,"typeIcon":9,"typeText":326,"dynamicSelectType":9,"editableOptions":22,"complianceRules":413,"displayConditions":9,"answers":414,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"d45c72e7-3264-478d-899e-3764d48265a1","select-identification-and-authentication-measures","Select identification and authentication measures",[],[415,419,423,427,431,435,439,443,447],{"id":416,"color":9,"rangeValue":9,"label":417,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":418},"e91fba4e-f4d6-47e4-883d-44b4f6819c02","IT security systems requiring individual users to log in with a unique username",[],{"id":420,"color":9,"rangeValue":9,"label":421,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":422},"61cfa531-47ec-4cc6-9832-e565c241c22f","Computer security systems requiring the use of strong passwords (e.g. minimum 8 characters with use of 3 of the 4 character types)",[],{"id":424,"color":9,"rangeValue":9,"label":425,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":426},"89931fec-eb95-4576-b146-7cb20d4fa63b","Computer security systems requiring the use of multi-factor authentication",[],{"id":428,"color":9,"rangeValue":9,"label":429,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":430},"ef3f1356-e61a-4013-98cb-af8d19eda022","Mandatory password change at fixed intervals (e.g. every six (6) months)",[],{"id":432,"color":9,"rangeValue":9,"label":433,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":434},"799575fe-311f-4fb3-ae0e-a26933fe156d","Automatic locking of computer terminals and devices after a period of non-use, with a password required to \"turn on\" the terminal or device ",[],{"id":436,"color":9,"rangeValue":9,"label":437,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":438},"20dd76f2-0ae2-4c59-a49d-0e1f8a2e8123","Powerful encryption/hashing of password databases (e.g. use of Keepass on all workstations)",[],{"id":440,"color":9,"rangeValue":9,"label":441,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":442},"453f9ccb-b359-4229-a276-136321733559","Use of very restrictive passwords for privileged accounts (e.g. minimum 12 characters with use of 3 of the 4 character types)",[],{"id":444,"color":9,"rangeValue":9,"label":445,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":446},"b67f40f0-dfc9-4e2e-9c40-fce512c27a4f","Implementation of user profiles with principle of least privilege managed in the Active Directory",[],{"id":448,"color":9,"rangeValue":9,"label":449,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":450},"1b0c7e98-ea25-44d5-a42d-aee02bc154f2","Management of rights and profiles in external software",[],[],{"id":453,"slug":454,"label":455,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":456,"questions":457,"sections":608},"ba5a8366-77f4-42a0-8846-0bc6eb6ba456","hosting-and-storage-of-personal-data","Hosting and storage of personal data","\u003Cp>Section relating to the hosting and storage of personal data by the processor.\u003C/p>",[458,472,484,502,518,531,545,563,590],{"id":459,"slug":460,"label":461,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":462,"displayConditions":9,"answers":463,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"37e7a7bd-c05d-4aeb-a772-ddea327d59a6","where-are-the-data-entrusted-by-the-data-controller-hosted","Where are the data entrusted by the data controller hosted?",[],[464,468],{"id":465,"color":9,"rangeValue":9,"label":466,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":467},"3ad18ddd-3110-4a32-acca-3c3fc3efed1b","On internal servers",[],{"id":469,"color":9,"rangeValue":9,"label":470,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":471},"dcf84fa8-40bb-4fa2-8323-16d37c931475","At a hosting provider",[],{"id":473,"slug":474,"label":475,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":144,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":145,"dynamicSelectType":9,"editableOptions":22,"complianceRules":476,"displayConditions":477,"answers":483,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"2e39cca7-4a41-4099-8db4-9104323c3312","identify-the-hosts-where-the-data-entrusted-by-the-data-controller-is-stored","Identify the host(s) where the data entrusted by the data controller is stored",[],{"id":478,"separator":64,"field":9,"operator":65,"value":9,"rules":479},"87fda68d-4db6-411f-a6f8-36d43136161f",[480],{"id":481,"separator":9,"field":459,"operator":65,"value":469,"rules":482},"d93a0795-df35-40ff-8cb2-d9870942390b",[],[],{"id":485,"slug":486,"label":487,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":488,"displayConditions":489,"answers":495,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"d2cf80e5-4745-4682-9403-35ceaad84e41","are-the-hosting-providers-iso-27001-certified","Are the hosting provider(s) ISO 27001 certified?",[],{"id":490,"separator":64,"field":9,"operator":65,"value":9,"rules":491},"05a92d45-4b29-46fa-97a4-3084b1748598",[492],{"id":493,"separator":9,"field":459,"operator":65,"value":469,"rules":494},"0e775213-fc21-41d4-888f-5f8a107c3e8d",[],[496,499],{"id":497,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":498},"981e6ffb-34f4-411a-b6c0-55b548d28f73",[],{"id":500,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":501},"899821fa-b199-455f-94c5-a0095a3df4cc",[],{"id":503,"slug":504,"label":505,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":506,"displayConditions":9,"answers":507,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"7dda791a-60f6-443b-ab9c-98d33259a93b","is-the-processor-iso-27001-certified","Is the processor ISO 27001 certified?",[],[508,511,514],{"id":509,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":510},"0d3ddfb5-846d-4376-a501-f69897a9f9ae",[],{"id":512,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":513},"99c2ef29-68d9-472b-9a7e-d6811336884c",[],{"id":515,"color":9,"rangeValue":9,"label":516,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":517},"75fecf41-c2c5-44c7-b280-ca3d64a23466","Ongoing",[],{"id":519,"slug":520,"label":521,"tooltipHtml":9,"descriptionHtml":522,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":523,"displayConditions":9,"answers":524,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"88199549-2993-47a1-8d69-4d73ab2b8b5b","has-the-processor-defined-and-implemented-an-internal-data-retention-policy-that-complies-with-the-requirements-of-the-rgpd","Has the processor defined and implemented an internal data retention policy that complies with the requirements of the GDPR?","\u003Cp>E.g. retention and disposal policy.\u003C/p>",[],[525,528],{"id":526,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":527},"700420e0-4871-45c6-81fc-cbd47bb51c3e",[],{"id":529,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":530},"5e6ac164-fd76-4814-9633-43d8c5a44984",[],{"id":532,"slug":533,"label":534,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":535,"displayConditions":9,"answers":536,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"0776d7ee-d54e-4875-9cde-916e32990e39","does-the-processor-delete-or-return-personal-data-in-accordance-with-the-documented-instructions-received-from-the-controller","Does the processor delete or return personal data in accordance with the documented instructions received from the controller?",[],[537,540],{"id":538,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":539},"e11706f3-c1a4-48e0-bb74-ca8f91e97d09",[],{"id":541,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":54,"impactIndex":314,"impactColor":315,"impactIcon":9,"impactText":54,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":542},"5b6a5c71-474a-4aae-bdcb-4c2645c7bddd",[543],{"id":544,"label":319,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"83d42b47-8ba2-459c-8a00-667c7dff3b27",{"id":546,"slug":547,"label":548,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":549,"displayConditions":9,"answers":550,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"47d082ca-efeb-4928-8ac0-c156b25ffeff","unless-expressly-authorised-in-the-contract-is-the-data-entrusted-by-the-customer-to-the-processor-for-processing-hosted-and-used-within-the-eueea-or-in-an-appropriate-country","Unless expressly authorised in the contract, is the data entrusted by the Customer to the processor for processing hosted and used within the EU/EEA or in an appropriate country?",[],[551,557],{"id":552,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":553},"98190edd-4822-4473-a28f-20a022c4a37f",[554],{"id":555,"label":556,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"6147397c-3d4e-4fdd-8de4-3341d7dd1015","Identify the hosting provider",{"id":558,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":54,"impactIndex":314,"impactColor":315,"impactIcon":9,"impactText":54,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":559},"21dae29a-f798-4411-a475-f1e4cc46ad31",[560],{"id":561,"label":562,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"7561ef84-4f02-4590-accf-0f312b15cabf","Prohibiting transfers outside the EU/EEA",{"id":564,"slug":565,"label":566,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":567,"displayConditions":568,"answers":574,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"4d49bd6a-99cd-4220-8c99-c7b62cf1fb3b","how-are-transfers-of-data-outside-the-eueea-or-to-an-unsuitable-country-regulated","How is it permitted to transfer personal data to countries outside the EU/EEA  or to an unsuitable country?",[],{"id":569,"separator":64,"field":9,"operator":65,"value":9,"rules":570},"bf7e583f-8742-4301-a3fa-5c6dbb232a67",[571],{"id":572,"separator":9,"field":546,"operator":65,"value":558,"rules":573},"e62de3ed-8f13-487d-ab5a-e306124ece24",[],[575,579,583],{"id":576,"color":9,"rangeValue":9,"label":577,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":578},"2761d035-1108-41f2-9bc6-da1abef274df","Standard contractual clauses (SCC)",[],{"id":580,"color":9,"rangeValue":9,"label":581,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":582},"0ab31604-91e5-494c-bef5-2fd6adaa115b","Binding Corporate Rules (BCR) ",[],{"id":584,"color":9,"rangeValue":9,"label":585,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":54,"probabilityIndex":314,"probabilityColor":315,"probabilityIcon":9,"probabilityText":586,"taskSuggestions":587},"ed2ce034-2d5f-49f7-b78a-12c738f0e42e","No specific conditions","Likely",[588],{"id":589,"label":319,"userId":9,"color":9,"description":38,"priority":54,"priorityIndex":30,"priorityColor":55,"priorityIcon":9,"priorityText":54},"4431d647-fb3b-4767-8f2c-dd1c38f0bf3a",{"id":591,"slug":592,"label":593,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":324,"typeIndex":325,"typeColor":9,"typeIcon":9,"typeText":326,"dynamicSelectType":9,"editableOptions":22,"complianceRules":594,"displayConditions":9,"answers":595,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"0c2e0241-338f-464b-a9e4-98233b377243","what-measures-are-in-place-to-protect-it-infrastructures","What measures are in place to protect IT infrastructures?",[],[596,600,604],{"id":597,"color":9,"rangeValue":9,"label":598,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":599},"4fae62fd-35b7-4189-9294-4397e4dce333","Redundant network equipment",[],{"id":601,"color":9,"rangeValue":9,"label":602,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":603},"3dbd5631-78bd-4a50-98d8-83013c9eba01","Redundant firewalls",[],{"id":605,"color":9,"rangeValue":9,"label":606,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":607},"e2776a59-4527-4b48-afae-93eff8a6a0fb","Outsourced SOC",[],[],{"id":610,"slug":611,"label":612,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":613,"questions":614,"sections":722},"0c069194-24a5-4d5d-894f-d4a92e4aa1e0","data-security","Data security","\u003Cp>Section on data security\u003C/p>",[615,632,650,684,698,710],{"id":616,"slug":617,"label":618,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":619,"displayConditions":9,"answers":620,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"cd985b6a-590d-4fb0-95ad-9245d8241f78","has-the-subcontractor-set-up-a-security-incident-management-procedure","Has the subcontractor set up a security incident management procedure?",[],[621,626],{"id":622,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":623},"d2876c52-d9b5-44b7-8dab-7ee030f81913",[624],{"id":625,"label":236,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"61e71d47-ee89-44c6-b75a-aa7bc733b5f1",{"id":627,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":54,"impactIndex":314,"impactColor":315,"impactIcon":9,"impactText":54,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":628},"11a4ddf3-99dc-4d93-a9f8-ea68c583c239",[629],{"id":630,"label":631,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"1a017c48-3802-4499-81aa-8b2ce2fb7533","Require the processor to put in place provisions",{"id":633,"slug":634,"label":635,"tooltipHtml":636,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":637,"displayConditions":9,"answers":638,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"60de4d78-3b2d-4cf5-8050-2117fff26a07","does-the-subcontractor-take-measures-to-prevent-loss-alteration-or-unauthorised-disclosure-during-electronic-transfer-data-transport-transmission-control-communication-or-storage-of-data-on-data-media-manual-or-electronic-etc-and-thus-control-the-risks-of-unauthorised-disclosure","Does the subcontractor take measures to prevent loss, alteration or unauthorised disclosure during electronic transfer, data transport, transmission control, communication or storage of data on data media (manual or electronic), etc, and thus control the risks of unauthorised disclosure?","\u003Cp>\u003Cstrong>\u003Cem>Examples: \u003C/em>\u003C/strong>\u003Cem>Encryption /canalisation (VPN=Virtual Private Network), Electronic signature, Connection, Transport security\u003C/em>\u003C/p>",[],[639,644],{"id":640,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":641},"2f5785d9-3207-4a86-9c74-0112600a1418",[642],{"id":643,"label":236,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"957d85cb-3130-4003-b329-c3d19c4d449c",{"id":645,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":54,"impactIndex":314,"impactColor":315,"impactIcon":9,"impactText":54,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":646},"86cb4b42-f39c-4a31-a519-b218c74869fb",[647],{"id":648,"label":649,"userId":9,"color":9,"description":38,"priority":54,"priorityIndex":30,"priorityColor":55,"priorityIcon":9,"priorityText":54},"03e458e6-2100-408a-9a0f-6ca88ab799c2"," Require a description of the safety measures taken by the subcontractor",{"id":651,"slug":652,"label":653,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":324,"typeIndex":325,"typeColor":9,"typeIcon":9,"typeText":326,"dynamicSelectType":9,"editableOptions":22,"complianceRules":654,"displayConditions":9,"answers":655,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"2429ae8f-6baf-4b43-aeaa-a5509e864725","describe-the-measures-in-place","Describe the measures in place",[],[656,660,664,668,672,676,680],{"id":657,"color":9,"rangeValue":9,"label":658,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":659},"895fa868-86ba-49c2-bb87-5ab3e172c832","Implementation of vulnerability assessment systems, threat protection technologies, update management, and monitoring procedures designed to identify, assess, mitigate, and protect against identified security threats, viruses and other malicious code",[],{"id":661,"color":9,"rangeValue":9,"label":662,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":663},"9c97c589-b27e-4dfd-8d37-995693fe6878","Flow encryption (SSL/TLS)",[],{"id":665,"color":9,"rangeValue":9,"label":666,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":667},"15466a73-f595-4330-a820-7c3205e8b35b","Encryption of workstations (for example with Bitlocker)",[],{"id":669,"color":9,"rangeValue":9,"label":670,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":671},"8b52bdcc-9052-46c2-999d-7b580cce981e","Encryption of removable media (for example with Bitlocker)",[],{"id":673,"color":9,"rangeValue":9,"label":674,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":675},"5df812f8-b698-4d11-af60-5e6898cc063c","Possible encryption of email content (for example with 7-Zip)",[],{"id":677,"color":9,"rangeValue":9,"label":678,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":679},"9addc457-adee-4bc3-b0be-cc9911d29c24","Limiting email exchanges in favor of secure spaces (e.g. OODrive, Sharepoint)",[],{"id":681,"color":9,"rangeValue":9,"label":682,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":683},"00ecaa8c-10cd-48ba-8dad-9c32ff3e3b09","Secure data network (e.g. VPN)",[],{"id":685,"slug":686,"label":687,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":688,"displayConditions":9,"answers":689,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"4d36f988-b8bd-413f-8b73-cfc7e4b1fdad","does-the-processor-regularly-assess-the-technical-and-organisational-measures-designed-to-control-access-to-personal-data-eg-penetration-tests","Does the processor regularly assess the technical and organisational measures designed to control access to personal data (e.g. penetration tests)?",[],[690,693],{"id":691,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":692},"f3d3e07e-8a51-4d95-8460-7ef348ae5cea",[],{"id":694,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":695},"64c23fc7-9ede-474e-b070-4e1da5411794",[696],{"id":697,"label":631,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"163a5225-56ba-4245-b9f3-23b2cc817500",{"id":699,"slug":700,"label":701,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":702,"displayConditions":9,"answers":703,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"2eb80fea-0a4a-429a-88ce-5e7af7259bc2","does-the-subcontractor-have-a-business-continuity-plan-bcp-with-data-replication-to-a-backup-site","Does the subcontractor have a business continuity plan (BCP) with data replication to a backup site?",[],[704,707],{"id":705,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":706},"677f23dc-985a-4cdf-89ef-4b0e83f00173",[],{"id":708,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":709},"6b438fc6-720c-4dcf-b99f-2e5e8ce8e8b3",[],{"id":711,"slug":712,"label":713,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":714,"displayConditions":9,"answers":715,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"69ef92b2-468d-4c97-8780-e9e3b1228cb5","has-the-subcontractor-implemented-a-data-backup-plan","Has the subcontractor implemented a data backup plan?",[],[716,719],{"id":717,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":718},"96db6a90-5b6c-4376-bb20-993fefd302e0",[],{"id":720,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":54,"probabilityIndex":314,"probabilityColor":315,"probabilityIcon":9,"probabilityText":586,"taskSuggestions":721},"085b7dd3-0ccd-42c9-b05a-252ad802e012",[],[],{"id":724,"slug":725,"label":726,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":727,"questions":728,"sections":774},"a0876b61-e4cc-40c4-9ff6-522361dd1c55","compliance-with-implementation-of-processing-activities","Compliance of processing activities' implementation","\u003Cp>Section relating to the compliance of the processor's processing activities.\u003C/p>",[729,743,757],{"id":730,"slug":731,"label":732,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":733,"displayConditions":9,"answers":734,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"df63318d-25fa-492c-a9e6-37c0569798fb","has-the-processor-put-in-place-measures-for-subsequent-verification-of-the-entry-modification-or-deletion-of-data-and-of-the-person-who-carried-it-out-logging-of-access-and-reporting","Has the processor put in place measures for subsequent verification of the entry, modification or deletion of data, and of the person who carried it out (logging of access and reporting)?",[],[735,738],{"id":736,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":737},"cd0bbc1c-a981-4a5f-838a-a1ffdbf74b9d",[],{"id":739,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":54,"impactIndex":314,"impactColor":315,"impactIcon":9,"impactText":54,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":740},"48f27438-5c98-4600-94c2-e1201875b6c7",[741],{"id":742,"label":631,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"1e0eb885-8bb1-4164-b8a8-261ff0a7126a",{"id":744,"slug":745,"label":746,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":747,"displayConditions":9,"answers":748,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"f11429b6-d223-4d90-af00-5162e2b03c2a","does-the-subcontractor-regularly-inform-the-customer-of-the-proper-performance-of-the-contract-for-the-services-entrusted-to-it-compliance-with-documented-instructions","Does the subcontractor regularly inform the Customer of the proper execution of the Contract for the services entrusted to it (compliance with documented instructions)?",[],[749,752],{"id":750,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":751},"2d2f8fe8-563c-45b1-b2c4-f616bb95dba6",[],{"id":753,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":754},"5a107061-fed5-469d-bac1-1477ad3bef05",[755],{"id":756,"label":631,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"507f00f5-ccb8-4f86-8625-f0229fe57199",{"id":758,"slug":759,"label":760,"tooltipHtml":761,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":762,"displayConditions":9,"answers":763,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"121a3d3e-e121-496c-908c-f5414c3bb29f","does-the-processor-comply-with-the-principles-of-isolation-of-processing-for-different-purposes-and-has-it-put-in-place-appropriate-measures","Does the processor comply with the principles of isolation of processing for different purposes and has it put in place appropriate measures?","\u003Cp>Example: sandboxes for development activities, separation of activities in the organization of rights, ...\u003C/p>",[],[764,769],{"id":765,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":766},"38ce39cf-01db-4772-9883-390109721ccc",[767],{"id":768,"label":236,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"cc802fd7-6937-415f-a475-21a65dbee988",{"id":770,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":54,"impactIndex":314,"impactColor":315,"impactIcon":9,"impactText":54,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":771},"c39357c7-69f2-4489-943b-d132e905188c",[772],{"id":773,"label":631,"userId":9,"color":9,"description":38,"priority":54,"priorityIndex":30,"priorityColor":55,"priorityIcon":9,"priorityText":54},"280c83b1-059c-4e2e-ae35-0b8a31dcfff7",[],{"id":776,"slug":777,"label":778,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":779,"questions":780,"sections":886},"011ed9eb-4620-4e69-ba5f-28bc997c51eb","subsequent-subcontracting","Subsequent subcontracting","\u003Cp>Section relating to the processor's subsequent subcontracting.\u003C/p>",[781,796,818,838,858,872],{"id":782,"slug":783,"label":784,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":785,"displayConditions":9,"answers":786,"listQuestions":9,"required":56,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"32b41ddf-19b5-4728-8b5a-a0eb8282d2e4","is-subsequent-subcontracting-part-of-the-contract-with-the-subcontractor","Is subsequent subcontracting part of the contract with the subcontractor?",[],[787,790],{"id":788,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":789},"d069c0c3-bce1-42df-84ad-6d4de941b0b6",[],{"id":791,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":54,"impactIndex":314,"impactColor":315,"impactIcon":9,"impactText":54,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":792},"113ec8b8-79d0-47d3-9fec-59f17969c8b4",[793],{"id":794,"label":795,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"1cced602-fc49-483d-8006-1e8e757ae2ee","Prohibit further subcontracting",{"id":797,"slug":798,"label":799,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":800,"displayConditions":801,"answers":807,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"917a9bac-2109-4339-85c4-3bff8b3b9fbc","does-the-contract-stipulate-that-the-data-controller-must-approve-the-choice-of-subsequent-processors","Does the contract stipulate that the data controller must approve the choice of subsequent processors?",[],{"id":802,"separator":64,"field":9,"operator":65,"value":9,"rules":803},"fff76e8b-3af4-4a2a-8c86-ee9ecbab6035",[804],{"id":805,"separator":9,"field":782,"operator":65,"value":788,"rules":806},"34cc0b72-436e-4e6a-9e0b-c4298a2a5302",[],[808,811],{"id":809,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":810},"119086cf-333e-4ad9-bdc4-c14d230be764",[],{"id":812,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":54,"impactIndex":314,"impactColor":315,"impactIcon":9,"impactText":54,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":813},"c75dcfbc-6927-42fc-9dab-82772b00221a",[814],{"id":815,"label":816,"userId":9,"color":9,"description":817,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"1b22b32f-f5e0-42cf-89ce-390042f4aac9","Amend the contract","\u003Cp>Either the controller validates the sub-processors,\u003C/p>\u003Cp>Or the processor clearly identifies its subcontractors in the contract and informs/applies for permission to select new subcontractors\u003C/p>",{"id":819,"slug":820,"label":821,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":822,"displayConditions":9,"answers":823,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"89d2ab80-1423-4272-a4a5-b191a2bf822d","are-relations-with-subsequent-subcontractors-covered-by-a-contract-with-the-subcontractor","Are relations with subsequent subcontractors covered by a contract with the subcontractor?",[],[824,827,832],{"id":825,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":826},"6b04d39a-bbd9-4388-99d5-ccb8a6153be1",[],{"id":828,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":829},"df8c1a5c-d77e-4a4c-bc71-dfa15212c2e9",[830],{"id":831,"label":631,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"33c70b12-8b67-4a92-85de-dc96e73f0e87",{"id":833,"color":9,"rangeValue":9,"label":516,"slug":9,"description":9,"score":30,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":834},"3a5872e1-93cf-4f1c-8315-70afadf2be5a",[835],{"id":836,"label":837,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"b0b58001-6440-4f91-b4f4-1489d024f5e5","Get a commitment to a completion date",{"id":839,"slug":840,"label":841,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":842,"displayConditions":843,"answers":849,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"e9dba852-0b9e-46a3-9307-82cc18947ae9","do-these-contracts-take-gdpr-requirements-into-account","Do these contracts take GDPR requirements into account?",[],{"id":844,"separator":64,"field":9,"operator":65,"value":9,"rules":845},"5397ba84-ba6c-422a-9c17-ffb0ba40d08b",[846],{"id":847,"separator":9,"field":819,"operator":65,"value":825,"rules":848},"55721af2-798a-4ddd-baa7-cec6ac2f3ab3",[],[850,853],{"id":851,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":852},"2242b7ce-de16-4d22-b2f3-ef0a78018d25",[],{"id":854,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":39,"impactIndex":46,"impactColor":47,"impactIcon":9,"impactText":39,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":855},"0209b120-b8e6-43ec-8ae4-58b91d67b485",[856],{"id":857,"label":631,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"721b0e7c-f737-4a08-9fa9-48a8050fc116",{"id":859,"slug":860,"label":861,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":862,"displayConditions":9,"answers":863,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"2ed0f049-580b-4e66-9a35-e84763ae26a4","are-any-transfers-of-data-outside-the-eu-by-subsequent-processors-governed-by-standard-clauses-or-other-provisions-laid-down-by-the-supervisory-authority","Are any transfers of data outside the EU by subsequent processors governed by standard clauses or other provisions laid down by the supervisory authority?",[],[864,867],{"id":865,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":866},"320ec324-14df-4736-89d1-e3b9b2c0c6e0",[],{"id":868,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":54,"impactIndex":314,"impactColor":315,"impactIcon":9,"impactText":54,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":869},"c0fa6866-a122-41c8-8d71-07209d757e49",[870],{"id":871,"label":631,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"2d5f9639-908c-4954-ae23-45592a4eccdb",{"id":873,"slug":874,"label":875,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":876,"displayConditions":9,"answers":877,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":56,"native":22},"2f3d2f08-af13-4920-8d63-1b28dbf99d1c","has-the-processor-ensured-that-subsequent-processors-have-taken-the-organisational-and-technical-measures-necessary-to-provide-sufficient-guarantees-for-the-protection-of-personal-data","Has the processor ensured that subsequent processors have taken the organisational and technical measures necessary to provide sufficient guarantees for the protection of personal data?",[],[878,881],{"id":879,"color":9,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":29,"impactIndex":30,"impactColor":31,"impactIcon":9,"impactText":32,"probability":29,"probabilityIndex":30,"probabilityColor":31,"probabilityIcon":9,"probabilityText":33,"taskSuggestions":880},"9aa8d5a4-34e6-42f4-a5c0-00fbcc7796e7",[],{"id":882,"color":9,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":54,"impactIndex":314,"impactColor":315,"impactIcon":9,"impactText":54,"probability":39,"probabilityIndex":46,"probabilityColor":47,"probabilityIcon":9,"probabilityText":48,"taskSuggestions":883},"b8c5ed79-5511-4558-b184-37fac1928b3a",[884],{"id":885,"label":631,"userId":9,"color":9,"description":38,"priority":39,"priorityIndex":28,"priorityColor":40,"priorityIcon":9,"priorityText":39},"dbeb1d84-e423-4757-a773-42742cf82047",[],[],"d7d48aed-87e0-45ed-a7f0-e639243a1eff","1.0","Subcontractor GDPR assessment (advanced)","tJwqVGpdNAGK6FPxfEb1I5kK0X3ZmkUGgguw8EK8sjWoWLmFykABv5fPOL7N","https://static.dastra.eu/tenant-3/audit/086b91cf-548c-498e-a8b5-bcabc6517457/icon-audit500x-a08834515a-150.png","Advanced assessment of the measures implemented by a subcontractor to meet GDPR requirements.","2021-10-04T21:46:29.552278","2024-08-29T12:43:33.755491","Vendor","Third party assessment","Actor","ds-icon-actor","Stakeholders",[902],{"id":903,"displayName":904,"familyName":905,"givenName":906,"email":907,"active":56,"color":908,"avatarUrl":909,"tenantId":11},31,"Jérôme de Mercey","de Mercey","Jérôme","jerome.demercey@dastra.eu","#99C691","https://static.dastra.eu/tenant-10/avatar/31/Zuh7XFZe5EnnTo/design-sans-titre-2-150.png",[911],{"id":912,"label":913,"type":914,"typeIndex":915,"typeColor":916,"typeIcon":917,"typeText":918,"color":919},"0e3edde6-fe96-4b8e-8572-e8b4a7063dba","GDPR","AuditTemplate",9,"#83d162","ds-icon-audit","Questionnaire template","#F479D9",46,30]