28 Op Der Haart L-9999 Wemperhardt Grand-Duché de Luxembourg

Semago® Products

The products offered by Semago® are the result of studies carried out with companies of all sizes but also the result of more than 25 years spent alongside various companies from the financial world (banks, insurance, trust companies), logistics, energy, private security or even industries, the public among others.

Semago® is proud that these products are 100% homemade and not subcontracted, which allows us to keep these products with a level of quality and to be able to adapt them to the different customers. Another aspect is the update management for these customers as well as for new versions in terms of continuous improvement functionality. And we are proud to do everything we can to maintain this level of quality.
Our in-house applications:

Is an application for the management of the processing register.
Our processing register of course takes into account the legislation but goes beyond it
and includes the following elements:
Management of the legal bases for each processing operation.
Integrating 22 categories of personal data and 67 sub-categories
 In total we already have more than 300 personal data defined in our ready-to-use
database and it is possible to add more depending on your processing. Based on
the classification made by the CPND.
Integration of subcontractors involved in the processing.
 Integration of processing security measures
 Integration of data locations allowing to have a direct view if the place is in adequacy according to the agreements made by the European Union.
Each treatment includes the list of processes that allow you to know who the
owner of the process is and to have.
Also includes information on the DPO, subcontractors, controller, and process

As its name suggests, it is our tool for the management of Impact Analyses on personal
This tool is based on international standards such as ISO 29134, ISO 29151, 27002,
27005, NIST SP 800… It is completely configurable and can be integrated into your ERM
(Enterprise Risk Management).
The approach of this Framework is very simple and pragmatic, as the business defines
the level of residual risk it is willing to accept.
Then we select in the processing the different defined scenarios (according to ISO) and
the IT defines the controls that are in place. The DPO and the Risk Manager indicate the

controls that are mandatory depending on the business risk. The product calculates the
difference and tells you which controls will need to be implemented.
 In addition, for each process involved in the processing operation, it is essential
to provide proof that the control is in place. If this proof is missing, the risk is
automatically readjusted according to the data processed.

The main functions:
BIA (Business Impact Analyst) in French a business impact analysis.
The treatment
The process
The data
The actors in internal and external
Residual risks
The controls according to international standards
Evidence management.

IncMan for Incident Manager (security incident management), it is a registry that
contains information about incidents, the product also informs you if an incident must
be reported at the private life level.
It allows all information to be collected for the investigation of incidents.
Our model includes the incident categories according to ISO29151 and eBIOS.

The first CMDB that contains application information based on the principle that what
data is stored in the application or can be stored. Where is the server, who are the users
with access to this application and what are their access rights, what classification is
given at the business level to the information contained and at the privacy level.
At a glance you have all the information about an application:
Who ?
What do you mean?
What business process ?
 To which treatment?

Semago® brings you its advices and know-how in the fields of Security, cybersecurity in data protection, and in private life.

Contact us

+352 xxx xxx xxx