# Applications & Systems Module | Secure Privacy Governance Solution

> Maintain a live GDPR system inventory, assign owners, track privacy controls, and monitor risk scores using the Applications & Systems module in Secure Privacy's Governance Solution.

- Canonical: https://support.secureprivacy.ai/article/managing-data-systems-owners-governance-platform
- Product: Privacy & AI Governance
- Category: Governance Solution
- Published: 2026-03-09T17:53:00+00:00
- Updated: 2026-03-22T11:57:57.332+00:00
- Reading time: 4 minutes

---

The **Applications & Systems module** in Secure Privacy's **Governance Solution** gives your organization clear, real-time visibility into every system, application, and infrastructure component that processes personal data. Maintain a live system inventory, assign ownership, track privacy controls, and monitor risk scores — supporting GDPR Article 30 ROPA requirements and ongoing privacy and security governance.

## Who Is This For?

-   **IT administrators** maintaining a complete inventory of all systems that process personal data across the organization
    
-   **Privacy officers** tracking which systems handle sensitive or special category information and their associated compliance status
    
-   **Security teams** monitoring system risk levels, privacy controls, and compliance review history
    

## Accessing the Systems Module

From the left sidebar in the Governance Solution, navigate to **Data Management > Systems**. The main view displays a filterable, searchable table of all registered systems.

## Building Your GDPR System Inventory

### Manual entry

Click **\+ Add System** and complete the system record with the following fields:

<table style="min-width: 75px;"><colgroup><col style="min-width: 25px;"> <col style="min-width: 25px;"> <col style="min-width: 25px;"></colgroup><tbody><tr><th colspan="1" rowspan="1"><p>Field</p></th><th colspan="1" rowspan="1"><p>Description</p></th><th colspan="1" rowspan="1"><p>Example</p></th></tr><tr><td colspan="1" rowspan="1"><p>Name</p></td><td colspan="1" rowspan="1"><p>System or application name</p></td><td colspan="1" rowspan="1"><p>"Salesforce CRM"</p></td></tr><tr><td colspan="1" rowspan="1"><p>Category</p></td><td colspan="1" rowspan="1"><p>Type of system</p></td><td colspan="1" rowspan="1"><p>CRM, Analytics, HR, Cloud Storage</p></td></tr><tr><td colspan="1" rowspan="1"><p>Type</p></td><td colspan="1" rowspan="1"><p>System deployment classification</p></td><td colspan="1" rowspan="1"><p>SaaS, On-Premise, Hybrid</p></td></tr><tr><td colspan="1" rowspan="1"><p>Status</p></td><td colspan="1" rowspan="1"><p>Current operational status of the system</p></td><td colspan="1" rowspan="1"><p>Active, Under Review, Decommissioned</p></td></tr><tr><td colspan="1" rowspan="1"><p>Launch Date</p></td><td colspan="1" rowspan="1"><p>Date the system was deployed or activated</p></td><td colspan="1" rowspan="1"><p>2024-01-15</p></td></tr><tr><td colspan="1" rowspan="1"><p>Impact</p></td><td colspan="1" rowspan="1"><p>Privacy impact level of the system</p></td><td colspan="1" rowspan="1"><p>High, Medium, Low</p></td></tr><tr><td colspan="1" rowspan="1"><p>Data Types</p></td><td colspan="1" rowspan="1"><p>Categories of personal data processed by the system</p></td><td colspan="1" rowspan="1"><p>Contact Info, Financial, Health</p></td></tr><tr><td colspan="1" rowspan="1"><p>Privacy Controls</p></td><td colspan="1" rowspan="1"><p>Technical controls currently in place for the system</p></td><td colspan="1" rowspan="1"><p>Encryption, Access Control, DLP</p></td></tr></tbody></table>

### Bulk import

Click **Import** to upload multiple systems at once from a structured file. This is the recommended approach when migrating an existing system inventory from spreadsheets or other compliance tools.

## System Owner Assignment

Every system should have a designated owner responsible for maintaining its compliance status and responding to privacy and security obligations. Assign owners from your organization's member list in the Members module. System owners automatically receive notifications about:

-   Upcoming review dates for their assigned systems
    
-   New risks linked to their systems in the Risk Management module
    
-   Tasks assigned to them in relation to their systems
    

## System Risk Scoring

The Governance Solution generates a system-specific risk score for each registered system, calculated based on:

-   Types and sensitivity of personal data processed by the system
    
-   Privacy and security controls currently in place
    
-   Number and severity of risks linked to the system in the Risk Management module
    
-   Compliance status and review history — including how recently the system was last assessed
    

## Filtering and Exporting the System Inventory

Use **Filters** to narrow the system inventory view by category, type, status, impact level, or data types. Click **Export** to download the full system inventory for audit submissions, regulatory reporting, or ROPA documentation purposes.

## System Inventory Best Practices

### Register all systems that process personal data — including third-party SaaS tools

Many GDPR compliance gaps originate from unregistered third-party applications. Ensure every SaaS tool, cloud service, and on-premise application that touches personal data is recorded in the inventory — including marketing platforms, HR systems, and analytics tools.

### Review the system inventory quarterly

Systems are regularly added, changed, or decommissioned. A quarterly inventory review identifies new systems that have not yet been registered and flags decommissioned systems whose records should be updated — keeping your ROPA accurate and current.

### Assign clear ownership for every system

Unowned systems create compliance blind spots. Every system in the inventory should have a named owner who is responsible for its review schedule, risk monitoring, and task completion — ensuring accountability is never ambiguous.

### Link systems to related processes in the Process Register

Connecting system records to their associated processing activities in the Process Register creates end-to-end data flow visibility — from the system processing personal data through to the documented processing activity in your ROPA, and any linked risk assessments or DPIAs.

## Next Steps

-   Link registered systems to processing activities in the **Process Register** for full ROPA traceability
    
-   Track system-specific privacy and security risks in the **Risk Management** module
    
-   Review system inventory status and risk distribution through **Reporting & Analytics**
    

## Frequently Asked Questions

### Does the system inventory support GDPR Article 30 ROPA requirements?

Yes. The Applications & Systems module captures the system-level detail that underpins an accurate Record of Processing Activities — including data categories processed, privacy controls in place, and system ownership. Linking system records to process entries in the Process Register creates the complete, structured ROPA documentation required under GDPR Article 30.

### What is the difference between the Systems module and the Process Register?

The Systems module inventories the technical systems and applications that process personal data — capturing what the system is, who owns it, what data it handles, and what controls are in place. The Process Register documents the processing activities themselves — the purpose, lawful basis, data categories, and retention periods. The two modules complement each other: systems feed into processes, and together they form a complete ROPA.

### Can the system risk score be used to prioritize DPIA pre-screening?

Yes. Systems with high impact ratings and elevated risk scores are strong candidates for DPIA pre-screening under GDPR Article 35. Your DPO can use the system risk score alongside the data categories and privacy controls recorded in the inventory to determine whether a full DPIA is required before or during a system's deployment or significant change.

## See Also

-   [How to Handle Data Subject Access Requests (DSARs)](https://support.secureprivacy.ai/article/managing-data-subject-access-requests-dsars-in-secure-privacy)
    
-   [Secure Privacy Pricing Plans Overview](https://support.secureprivacy.ai/article/secure-privacy-pricing-plans--consent-management-platform)
    
-   [Website Visits vs Page Views vs Consent Explained](https://support.secureprivacy.ai/article/website-visits-vs-page-views-vs-consent-explained)
