Recommendation Engine

Automate tailored cybersecurity and compliance with ITML’s Recommendation Engine — a rule-based system delivering actionable, risk-driven measures, tools, and trainings designed for your organization’s unique profile.
BUSINESS RULE MANAGEMENT SYSTEM (BRMS)
DATA PROTECTION TRAINING
DROOLS
POLICY AUTOMATION
RISK ASSESSMENT
SELF-ASSESSMENT INTEGRATION

Overview

The Recommendation Engine (RE) by ITML is a flexible, rule-based system designed to support enterprises in identifying and applying the most suitable Organizational and Technical Measures (OTMs), cybersecurity tools, and trainings. Developed within the SENTINEL project, the RE helps users respond to evolving risk levels and GDPR compliance requirements by delivering curated recommendations grounded in a formal logic layer. Its architecture is based on a Business Rule Management System (BRMS) that enables a clean separation between rules and code, ensuring adaptability and auditability.

Process

At the core of the RE lies a dynamic rule-based inference engine (powered by Drools) that evaluates an organization’s risk profile — including the risk levels associated with individual Processing Activities (PAs) and the results of self-assessment tools like DPIAs or GDPR checklists. Based on these inputs, the engine matches relevant OTMs stored in a Common Repository, and links them to appropriate cybersecurity plugins and training modules, filtered by categories, capabilities, and risk thresholds (High/Medium/Low). These recommendations are then consumed by the Policy Drafting Module, which transforms them into clear, actionable policy documents for the organization.

Recommendation engine

evaluates organization’s risk profile

  • PA activities
  • self assessment tools

matches relevant OTMs
stored in a repository

  • cybersecurity plugins
  • training modules

actionable policy
documents

Technology

The engine is implemented using:

  • Java 11
  • Spring WebFlux
  • Spring Cloud Stream,

and is fully containerized with Docker using OpenJDK 11.

Its interface is documented with OpenAPI v3, making it accessible and integrable in diverse application environments. For ease of rule management, Drools provides both a rich rule definition language and decision tables, allowing both technical and non-technical users to define and update rules effectively.

Key Benefits

Ultimately, ITML’s RE promotes transparency, scalability, and agility in cybersecurity policy generation. It reduces the manual burden of risk-based compliance and ensures organizations can adapt rapidly to regulatory changes or evolving threat landscapes. Its modular and maintainable design makes it ideal for integration in ecosystems where context-aware, risk-driven recommendations are essential for maintaining robust data protection and cybersecurity postures.

Back to our solutions