The Flowz Approach
Flowz is a SaaS (Software as a Service) business, which provides a solution to record the information flowing around an organisation. The software provides a risk score against the information and flows within the organisation, assisting in the compliance of the new GDPR law.
Flowz allows you to meet the requirement of the new General Data Protection Regulation (GDPR – Article 30 records of processing activities) by providing a system for you to record all the information assets under your control, to record the internal ‘owners’ or ‘custodians’ of the data, the categories of data subjects and data collected, the purposes for processing, and the geographical location in which the data may be held.
These are the basic requirements. However, having a simple register of the data held just services the GDPR. Flowz can provide you with much more, as follows:
Flowz is configured with fields to record all of the attributes required by EU GDPR article 30 – Records of Processing, although is designed so that every part of the system can be closely tailored to an organisations particular needs. For example, recording attributes of compliance with EU GDPR article 32 – Security can be can be configured to record additional information such as the number of records in the asset, the back-up regime, etc. Flowz approach of user-configured modules and module collections is extremely flexible, allowing you to add further modules and module collections to make your information asset register more comprehensive and therefore more useful when you need to rely on it.
Allows users to record personal or team flows in and out of a department, or the whole organisation.
There is the ability to authorise new flows and assets and therefore to build an approval process around them (useful for Senior Risk Owner or Caldicott Guardian approvals of all new flows and assets).
Flowz utilises a secure UK Data Centre with easy browser access from any location.
Information Assets are created as private to their organisational unit by default but may be shared with specific organisational units or the entire organisation.
An administrator may grant or revoke system features for user roles or specific users for their organisation as a whole or for individual organisational units.
INTELLIGENT LINKING TO FLOWS OF DATA
ISO27005 (information risk management) describes assets as at rest and in motion. Where they are in motion (sent by post or electronically, for example) we consider them a subset of the main asset and record them as such, allowing you to record all the incoming and outgoing data from your databases.
The system allows for information to be calculated with a risk score on your flows and assets. This has a predefined calculation but can be configured manually for any organisation.
Flowz has a risk reporting dashboard for users to be able to create reports on specific flows and assets within the organisation. You can also report on individual users or departments.
Organisations in FLOWZ may now be structured using Organisational Units and Organisational Hierarchies to better model their real-world counterparts. Organisations may have nested units to accurately reflect their business (for example companies within a group) with each having hierarchies to map their departments, teams etc.
Three dashboards are now available in FLOWZ tailored by user role, offering asset-centric and flow-centric views across the organisation with the ability to drilldown to individual assets and flows.
Information, for example lists of users, assets etc. may now be imported directly from Microsoft Excel spreadsheets.