SlideShare uma empresa Scribd logo

Training Procurement

Transferir como PPTX, PDF
T
Tommy Vandepitte

This is an example training in the context of IS/DPP, information security, data protection and privacy. It is a training directed to procurement officers and outsourcing managers. The generic idea is that procurement officers and outsourcing managers support the inventory and overview of the company or group on third party relationships. By a well implemented governance through procurement officers and outsourcing managers it should be easier to upkeep the overview through the existing processes of managing (most) third party relationships, thus increasing ownership and awareness of information security and privacy.

Direito
1 de 29
- Classification: internal - COMPANY IS/DPP Level-up Training Sessions Procurement (date)
2- Classification: internal - Page “Level-up” In addition to the baseline training for all staff Applicable to specific staff, in this case: procurement officers Why? - Procurement officers (help) manage the relationship with external parties in the organisation. They are the center of competence and (single) point of contact on the matter. - Therefore project manager are well-placed champions for IS/DPP. - The business (as usual) should be able to attract, contract, and follow-up the external relationshiop, which should (a) working with untrustworthy counterparties, and (b) allow enforcement of compliance.
3- Classification: internal - Page YOUR MISSION, should you choose to accept it… Support in and as the Business-As-Usual the organisational aspect of IS/DPP by  acting as center of competence with regard to relationship management of external parties – selecting counterparties – contract negotiations – follow up  screening & vetting candidates  documenting commitment  guiding (and triggering) follow-up
Center of Competence
5- Classification: internal - Page Masters of the Process Select • RFI, RFP, BaFO • Questionnaires and Questions Contract • Negotiations (need-to-have v nice-to-have) • Risk Acceptance (as the case may be) • Execution (and retention) Follow-up • Informal: “wine and dine”, relationship management, … • Formal: questionnaires, audit, … • Special: rights of data subjects (e.g. rectification, block)
6- Classification: internal - Page External Parties 6 COMPANY proc. group Vendor SP Client Client Client Client Client Client Client Vendor Service Provider Sub- processor 1. Confidentiality 2. Personal Data: DP schedule Enforcement
7- Classification: internal - Page Personal Data Protection: Different Levels Internal Processor in a “safe country” Processor in an “unsafe country”
8- Classification: internal - Page Internal (FYI) Concentric circle controls 1 Perimeter control: controlled access to the buildings e.g. zoning on a risk basis, security alarms, locked doors, surveillance cameras, security guards (day/night), enterance controls (badge, biometrics,…), identified and guided visitors, 2 Network control: controlled access to the network e.g. firewalls, virus scans (incl. malware, spyware, …), 3 Server access control: zoning on a risk basis, monitoring (high-level permanent/sample or exception based periodic), 4 Secure data deletion: shredders, instructions, waste baskets, … 5 Data loss prevention DP training for legal and quality 24 November 2014 Slide 8 Summary Content Equipment access control deny unauthorised persons access to data-processing equipment used for processing personal data Data media control prevent the unauthorised reading, copying, modification or removal of data media Storage control prevent the unauthorised input of data and the unauthorised inspection, modification or deletion of stored personal data User control prevent the use of automated data-processing systems by unauthorised persons using data communication equipment Data access control ensure that persons authorised to use an automated data-processing system only have access to the data covered by their access authorisation Communication control ensure that it is possible to verify and establish to which bodies personal data have been or may be transmitted or made available using data communication equipment Input control ensure that it is subsequently possible to verify and establish which personal data have been input into automated data-processing systems and when and by whom the data were input Transport control prevent the unauthorised reading, copying, modification or deletion of personal data during transfers of personal data or during transportation of data media Recovery ensure that installed systems may, in case of interruption, be restored Reliability & Integrity ensure that the functions of the system perform, that the appearance of faults in the functions is reported and that stored data cannot be corrupted by means of a Insert policy overview / visualisation
9- Classification: internal - Page Gradations of topo-risk Argentina Australia Canada Faeroe Islands Guersney Isle of Man Israel Jersey Switzerland Uruguay (USA) Norway Lichtenstein Iceland No adequate level of protection - Contractual clauses - Other
10- Classification: internal - Page Processor in a “safe” country Part of the selection process Binding clauses Follow-up Sufficient guarantees on measures wrt the data processing operation - Processors only acts on instruction of the controller - Legal requirements of internal measures must bind the processor Ensure compliance with measures wrt the data processing operation OR NOT, if you have a template
11- Classification: internal - Page Processor in an “unsafe” country Reference is made to the legitimacy topic. Controller adduces adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights which are authorized under applicable (national) law. Same as other processors Binding clauses Specific basis for legitimacy Balance test Legal requirement Implied consent Explicit consentlimitedSCC
Screening & Vetting Internal staff = HR External staff = insert
13- Classification: internal - Page Environment Physical Human Device Application Repository Carrier Layers & Dimensions Changes • In the regulatory environment • In processes • In people (JLT) • In technology Network Data 3rd Parties We are going to give this person access to - our premises? - our network? - our devices? - our applications? - our data? - …
14- Classification: internal - Page Input: Risk Assessment (Privacy Impact Assessment)  Data set and data flow description  Risk mitigating / sharing measures (as foreseen) Technical measures (+ point of contact) Organisational measures  documented (a.o. who can/should have access?)  communication/training/awareness [plan]  Residual risk acceptance (if any, may come after negotiations)  Risk assessment (different versions) Before “outsourcing” (legacy = absent) After “outsourcing”
15- Classification: internal - Page Document: Data Sets (first 3 criteria) Source of the data Objective / Subjective Data Subject / Generated ourselves / 3rd party / … Purpose for the data Credit review, AML screening, profiling, contact in execution of agreement, marketing, segmentation, … Data subject Customer, cardholder, prospect, candidate, staff member, contact at supplier, contact at corporate customer,… Data fields Free fields: Name, address, free comment, meeting report, … Dropdown lists: Country, Title, Status,… Special categories of data Financial data, card data (PCI), … Relating to race, ethnic origin, (political, philosophical, religious) beliefs, trade union membership, sexual life Health data / Judicial data (related to litigation, criminal sanctions, presumptions of criminal facts,…) (Estimated) volume By number of data subjects, by number of data fields per data subject, …
16- Classification: internal - Page Document: Risks Data Classification Give the full data classification per data set. Risks identified What risks were identified in terms of the different layers of information security and data protection? Qualitative measure of the risk Likelihood x impact Quantitative measure of the risk (if possible) more detailed calculations based on statistical models (e.g. monte carlo) Validation by CISO The CISO has to validate all information risk assessments. Validation by DPO (for personal data) The DPO has to validate all personal data related risk assessments.
17- Classification: internal - Page Document: Risk Approach Risk Mitigating Measures For every risk identified, the mitigating measures: technically and/or organisationally (incl. first line controls). Risk Sharing Measures For every risk identified, if applied, the risk sharing measures: agreements, insurances, etc; Residual Risk For every risk identified, the residual risk (incl. assessment in terms of likelihood and impact). Comparison to 1st Risk Assessment Preferably visually (matrix) Validation by CISO The CISO has to validate all information risk approaches. Validation by DPO (for personal data) The DPO has to validate all personal data related risk approaches. Residual Risk Acceptance (if any) The decision by the ExCo or, as the case may be, a steering committee to which the project follow-up was delegated. New risk acceptance or measures, if and when the risk assessment has shown change in risk profile.  Escalate via CISO or DPO
18- Classification: internal - Page Document: Data Flows Data set transferred (see data set for further detail) Source of the data In principle the repository you are responsible for as Information Asset Owner Recipient of the data Within company / between GROUP companies / Third Party (processing on COMPANY’s behalf) / Third Party (processing on own behalf) Purpose for use by the recipient To allow alignment with the original purpose and fitness of the data set Operational description of transfer Automatic or manual intervention, format (xls, xml, CODA, …), channel, frequency of the transfer, … Security of the transfer Measures taken to ensure the secure transfer, both technical (e.g. encryption) and organisational (e.g. double channel for transfer of package and key) Assurance by recipient To keep the data secure and confidential, not to use the data for other purposes than described, not to further transfer the data, to update the data at request of IAO,… Validation Validation by CISO (always) and DPO (personal data)
19- Classification: internal - Page Getting started • Screen • RFI Recruit • Vet • RFP Select … Employees: HR + line External provider and/or staff: Procurement + sponsor http://kbopub.economie.fgov.be/ https://www.nbb.be/nl/balanscentrale myownwebsite.be …
Documenting
21- Classification: internal - Page People onboarding, leaving, changing functions • Documents • Onboard • Checklist • Assets / Access • Training Contract • Training • Evaluation Execute • Documents • Exit • Checklist • Retrieval Exit Employees: HR + line HR + sponsor Change / Transfer Join Leave External staff: Procurement -
22- Classification: internal - Page Data exporter Different capacities possible: controller or processor. Data importer Different capacities possible: controller or (sub-)processor. So: Controller Controller Processor Controller Processor Adde the geographic aspect Data Export – Data Import
Follow-up
24- Classification: internal - Page Principles of Follow-Up Period risk-based review of the relations. Risk Time Informal Audit Assurance Questionnaire Relationship management On Site Visit Approaches
Useful Additional Information
26- Classification: internal - Page Especially Relevant Policy Documents • Outsourcing Policy • Third Party Assessment Procedure • Third Party Contracting Procedure • Third Party Follow-up Procedure • Secure Information Exchange Procedure • Secure Development Policy • JLT Procedure • Joiner Checklist template • Leaver Checklist template • Transfer = Leaver + Joiner (Sharepoint) (Folder) x:HROnboarding Docs x:HROnboarding x:HRLeavers
27- Classification: internal - Page Especially Relevant Policy Documents • Outsourcing Documents • IS/DPP questionnaire • Bodyshopping template • IS/DPP Contract Schedule (basic) • EU Standard Contractual Clauses • Controller-to-Controller • Controller-to-Processor • Templates for specific situations (project “NDAs”, etc.) (Sharepoint) (Folder)
28- Classification: internal - Page Relevent Points of Contact Input for the assessment Project manager Information Asset Owner (see Inventory) Sounding board and support on contracting Legal  (name) Sparring partner for follow- up Information Asset Owner (see Inventory) Review of IS/DPP questionnaire answers CISO  (name) DPO (personal data)  (name)
29- Classification: internal - Page Processes (add processes of JLT procedure)

Recomendados

Sensitive Data Assesment
Sensitive Data AssesmentSensitive Data Assesment
Sensitive Data AssesmentAxis Technology, LLC
 
Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual William Tanenbaum
 
Wm Tanenbaum Data Business Cases
Wm Tanenbaum Data Business CasesWm Tanenbaum Data Business Cases
Wm Tanenbaum Data Business CasesWilliam Tanenbaum
 
Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All ContextualDate Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All ContextualWilliam Tanenbaum
 
Date Use Rules in Different Business Scenarios:It's All Contextual
Date Use Rules in Different Business Scenarios:It's All Contextual Date Use Rules in Different Business Scenarios:It's All Contextual
Date Use Rules in Different Business Scenarios:It's All Contextual William Tanenbaum
 
Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual William Tanenbaum
 
Date Use Rules in Different Business Scenarios: It's All Contectual it is all...
Date Use Rules in Different Business Scenarios: It's All Contectual it is all...Date Use Rules in Different Business Scenarios: It's All Contectual it is all...
Date Use Rules in Different Business Scenarios: It's All Contectual it is all...William Tanenbaum
 
Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual William Tanenbaum
 

Recomendados

Sensitive Data Assesment
Sensitive Data AssesmentSensitive Data Assesment
Sensitive Data AssesmentAxis Technology, LLC
 
Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual William Tanenbaum
 
Wm Tanenbaum Data Business Cases
Wm Tanenbaum Data Business CasesWm Tanenbaum Data Business Cases
Wm Tanenbaum Data Business CasesWilliam Tanenbaum
 
Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All ContextualDate Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All ContextualWilliam Tanenbaum
 
Date Use Rules in Different Business Scenarios:It's All Contextual
Date Use Rules in Different Business Scenarios:It's All Contextual Date Use Rules in Different Business Scenarios:It's All Contextual
Date Use Rules in Different Business Scenarios:It's All Contextual William Tanenbaum
 
Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual William Tanenbaum
 
Date Use Rules in Different Business Scenarios: It's All Contectual it is all...
Date Use Rules in Different Business Scenarios: It's All Contectual it is all...Date Use Rules in Different Business Scenarios: It's All Contectual it is all...
Date Use Rules in Different Business Scenarios: It's All Contectual it is all...William Tanenbaum
 
Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual William Tanenbaum
 
The Role of Artificial Intelligence in Finance
The Role of Artificial Intelligence in FinanceThe Role of Artificial Intelligence in Finance
The Role of Artificial Intelligence in FinanceJacob Parker-Bowles
 
3Com 3CGBIC92-OEM
3Com 3CGBIC92-OEM3Com 3CGBIC92-OEM
3Com 3CGBIC92-OEMsavomir
 
Follow Energy na Mídia
Follow Energy na MídiaFollow Energy na Mídia
Follow Energy na MídiaACS - Automação, Controles e Sistemas Industriais Ltda.
 
Programa de inspecciones de seguridad sgsst
Programa de inspecciones de seguridad sgsstPrograma de inspecciones de seguridad sgsst
Programa de inspecciones de seguridad sgsstjuan carlos niño sandoval
 
Le pouvoir d’achat : 10 leçons sur la manière d’augmenter l’approvisionnement...
Le pouvoir d’achat : 10 leçons sur la manière d’augmenter l’approvisionnement...Le pouvoir d’achat : 10 leçons sur la manière d’augmenter l’approvisionnement...
Le pouvoir d’achat : 10 leçons sur la manière d’augmenter l’approvisionnement...Rad Fsc
 
Perspectives on the role of interpreter diana
Perspectives on the role of interpreter dianaPerspectives on the role of interpreter diana
Perspectives on the role of interpreter dianadianacaballero03
 
Semana da Leitura: eTwinning coimbra alunos
Semana da Leitura: eTwinning coimbra alunosSemana da Leitura: eTwinning coimbra alunos
Semana da Leitura: eTwinning coimbra alunosAgrupamento de Escolas da Batalha
 
Actividad cocorico
Actividad cocoricoActividad cocorico
Actividad cocoricoMarian Riesgo
 
Ap2 aa3-mpe-informe
Ap2 aa3-mpe-informeAp2 aa3-mpe-informe
Ap2 aa3-mpe-informeOCTAVIOGUERREROLOPEZ
 
Apresentação biol celular
Apresentação biol celularApresentação biol celular
Apresentação biol celularProfDeboraCursinho
 
Trabajo de recuerdos la esperanza 20177
Trabajo de recuerdos la esperanza 20177Trabajo de recuerdos la esperanza 20177
Trabajo de recuerdos la esperanza 20177dayana2017
 
Developing high content image analysis software for biologists
Developing high content image analysis software for biologistsDeveloping high content image analysis software for biologists
Developing high content image analysis software for biologistsClaire McQuin
 
Climate and the Economy - Beauty and the Beast
Climate and the Economy - Beauty and the Beast Climate and the Economy - Beauty and the Beast
Climate and the Economy - Beauty and the Beast Guy Dauncey
 
Training Information Asset Owners
Training Information Asset OwnersTraining Information Asset Owners
Training Information Asset OwnersTommy Vandepitte
 
что читать детям в интернете
что читать детям в интернетечто читать детям в интернете
что читать детям в интернетеOlga Antropova
 
Virtualized Multi-Mission Operations Center (vMMOC) and its Cloud Services
Virtualized Multi-Mission Operations Center (vMMOC) and its Cloud ServicesVirtualized Multi-Mission Operations Center (vMMOC) and its Cloud Services
Virtualized Multi-Mission Operations Center (vMMOC) and its Cloud ServicesHaisam Ido
 
Ultrassom Point of Care - Aula da Residência S J Campos-SP
Ultrassom Point of Care - Aula da Residência S J Campos-SPUltrassom Point of Care - Aula da Residência S J Campos-SP
Ultrassom Point of Care - Aula da Residência S J Campos-SPAlexandre Francisco
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxDATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxSteveNgigi2
 
2009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-20092009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-2009asundaram1
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
 

Mais conteúdo relacionado

Destaque

The Role of Artificial Intelligence in Finance
The Role of Artificial Intelligence in FinanceThe Role of Artificial Intelligence in Finance
The Role of Artificial Intelligence in FinanceJacob Parker-Bowles
 
3Com 3CGBIC92-OEM
3Com 3CGBIC92-OEM3Com 3CGBIC92-OEM
3Com 3CGBIC92-OEMsavomir
 
Le pouvoir d’achat : 10 leçons sur la manière d’augmenter l’approvisionnement...
Le pouvoir d’achat : 10 leçons sur la manière d’augmenter l’approvisionnement...Le pouvoir d’achat : 10 leçons sur la manière d’augmenter l’approvisionnement...
Le pouvoir d’achat : 10 leçons sur la manière d’augmenter l’approvisionnement...Rad Fsc
 
Perspectives on the role of interpreter diana
Perspectives on the role of interpreter dianaPerspectives on the role of interpreter diana
Perspectives on the role of interpreter dianadianacaballero03
 
Trabajo de recuerdos la esperanza 20177
Trabajo de recuerdos la esperanza 20177Trabajo de recuerdos la esperanza 20177
Trabajo de recuerdos la esperanza 20177dayana2017
 
Developing high content image analysis software for biologists
Developing high content image analysis software for biologistsDeveloping high content image analysis software for biologists
Developing high content image analysis software for biologistsClaire McQuin
 
Climate and the Economy - Beauty and the Beast
Climate and the Economy - Beauty and the Beast Climate and the Economy - Beauty and the Beast
Climate and the Economy - Beauty and the Beast Guy Dauncey
 
Training Information Asset Owners
Training Information Asset OwnersTraining Information Asset Owners
Training Information Asset OwnersTommy Vandepitte
 
что читать детям в интернете
что читать детям в интернетечто читать детям в интернете
что читать детям в интернетеOlga Antropova
 
Virtualized Multi-Mission Operations Center (vMMOC) and its Cloud Services
Virtualized Multi-Mission Operations Center (vMMOC) and its Cloud ServicesVirtualized Multi-Mission Operations Center (vMMOC) and its Cloud Services
Virtualized Multi-Mission Operations Center (vMMOC) and its Cloud ServicesHaisam Ido
 
Ultrassom Point of Care - Aula da Residência S J Campos-SP
Ultrassom Point of Care - Aula da Residência S J Campos-SPUltrassom Point of Care - Aula da Residência S J Campos-SP
Ultrassom Point of Care - Aula da Residência S J Campos-SPAlexandre Francisco
 

Destaque (17)

The Role of Artificial Intelligence in Finance
The Role of Artificial Intelligence in FinanceThe Role of Artificial Intelligence in Finance
The Role of Artificial Intelligence in Finance
 
3Com 3CGBIC92-OEM
3Com 3CGBIC92-OEM3Com 3CGBIC92-OEM
3Com 3CGBIC92-OEM
 
Follow Energy na Mídia
Follow Energy na MídiaFollow Energy na Mídia
Follow Energy na Mídia
 
Programa de inspecciones de seguridad sgsst
Programa de inspecciones de seguridad sgsstPrograma de inspecciones de seguridad sgsst
Programa de inspecciones de seguridad sgsst
 
Le pouvoir d’achat : 10 leçons sur la manière d’augmenter l’approvisionnement...
Le pouvoir d’achat : 10 leçons sur la manière d’augmenter l’approvisionnement...Le pouvoir d’achat : 10 leçons sur la manière d’augmenter l’approvisionnement...
Le pouvoir d’achat : 10 leçons sur la manière d’augmenter l’approvisionnement...
 
Perspectives on the role of interpreter diana
Perspectives on the role of interpreter dianaPerspectives on the role of interpreter diana
Perspectives on the role of interpreter diana
 
Semana da Leitura: eTwinning coimbra alunos
Semana da Leitura: eTwinning coimbra alunosSemana da Leitura: eTwinning coimbra alunos
Semana da Leitura: eTwinning coimbra alunos
 
Actividad cocorico
Actividad cocoricoActividad cocorico
Actividad cocorico
 
Ap2 aa3-mpe-informe
Ap2 aa3-mpe-informeAp2 aa3-mpe-informe
Ap2 aa3-mpe-informe
 
Apresentação biol celular
Apresentação biol celularApresentação biol celular
Apresentação biol celular
 
Trabajo de recuerdos la esperanza 20177
Trabajo de recuerdos la esperanza 20177Trabajo de recuerdos la esperanza 20177
Trabajo de recuerdos la esperanza 20177
 
Developing high content image analysis software for biologists
Developing high content image analysis software for biologistsDeveloping high content image analysis software for biologists
Developing high content image analysis software for biologists
 
Climate and the Economy - Beauty and the Beast
Climate and the Economy - Beauty and the Beast Climate and the Economy - Beauty and the Beast
Climate and the Economy - Beauty and the Beast
 
Training Information Asset Owners
Training Information Asset OwnersTraining Information Asset Owners
Training Information Asset Owners
 
что читать детям в интернете
что читать детям в интернетечто читать детям в интернете
что читать детям в интернете
 
Virtualized Multi-Mission Operations Center (vMMOC) and its Cloud Services
Virtualized Multi-Mission Operations Center (vMMOC) and its Cloud ServicesVirtualized Multi-Mission Operations Center (vMMOC) and its Cloud Services
Virtualized Multi-Mission Operations Center (vMMOC) and its Cloud Services
 
Ultrassom Point of Care - Aula da Residência S J Campos-SP
Ultrassom Point of Care - Aula da Residência S J Campos-SPUltrassom Point of Care - Aula da Residência S J Campos-SP
Ultrassom Point of Care - Aula da Residência S J Campos-SP
 

Semelhante a Training Procurement

Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxDATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxSteveNgigi2
 
2009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-20092009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-2009asundaram1
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
ISMS End-User Training Presentation.pptx
ISMS End-User Training Presentation.pptxISMS End-User Training Presentation.pptx
ISMS End-User Training Presentation.pptxcomstarndt
 
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017Bart Van Den Brande
 
Module 3_Lesson 7.pptx
Module 3_Lesson 7.pptxModule 3_Lesson 7.pptx
Module 3_Lesson 7.pptxcejobelle
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
 
Data Protection: We\'re In This Together
Data Protection: We\'re In This TogetherData Protection: We\'re In This Together
Data Protection: We\'re In This Togethermyeaton
 
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...emermell
 
Privacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishPrivacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishRSIS International
 
Setting the right GDPR priorities
Setting the right GDPR prioritiesSetting the right GDPR priorities
Setting the right GDPR prioritiesAlberto Canadè
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
 
Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...IAB Bulgaria
 
Data protection process information
Data protection process informationData protection process information
Data protection process informationyourlegalconsultants
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)Patrick Garrett
 
Insider Breaches and Data Theft by Employees and Contractors
Insider Breaches and Data Theft by Employees and ContractorsInsider Breaches and Data Theft by Employees and Contractors
Insider Breaches and Data Theft by Employees and ContractorsButlerRubin
 

Semelhante a Training Procurement (20)

Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxDATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
 
2009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-20092009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-2009
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
ISMS End-User Training Presentation.pptx
ISMS End-User Training Presentation.pptxISMS End-User Training Presentation.pptx
ISMS End-User Training Presentation.pptx
 
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
 
Module 3_Lesson 7.pptx
Module 3_Lesson 7.pptxModule 3_Lesson 7.pptx
Module 3_Lesson 7.pptx
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
 
Data Protection: We\'re In This Together
Data Protection: We\'re In This TogetherData Protection: We\'re In This Together
Data Protection: We\'re In This Together
 
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
 
Privacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishPrivacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or Perish
 
Setting the right GDPR priorities
Setting the right GDPR prioritiesSetting the right GDPR priorities
Setting the right GDPR priorities
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
 
Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...
 
Data protection process information
Data protection process informationData protection process information
Data protection process information
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)
 
Insider Breaches and Data Theft by Employees and Contractors
Insider Breaches and Data Theft by Employees and ContractorsInsider Breaches and Data Theft by Employees and Contractors
Insider Breaches and Data Theft by Employees and Contractors
 

Mais de Tommy Vandepitte

Gegevensbescherming-clausule in (overheids)opdracht
Gegevensbescherming-clausule in (overheids)opdrachtGegevensbescherming-clausule in (overheids)opdracht
Gegevensbescherming-clausule in (overheids)opdrachtTommy Vandepitte
 
20190131 - Presentation Q&A on legislation's influence (on travel management)
20190131 - Presentation Q&A on legislation's influence (on travel management)20190131 - Presentation Q&A on legislation's influence (on travel management)
20190131 - Presentation Q&A on legislation's influence (on travel management)Tommy Vandepitte
 
GDPR toegepast op huur-verhuur (Dutch)
GDPR toegepast op huur-verhuur (Dutch)GDPR toegepast op huur-verhuur (Dutch)
GDPR toegepast op huur-verhuur (Dutch)Tommy Vandepitte
 
Controller-to-processor agreements
Controller-to-processor agreementsController-to-processor agreements
Controller-to-processor agreementsTommy Vandepitte
 
Gegevensbescherming makelaars
Gegevensbescherming makelaarsGegevensbescherming makelaars
Gegevensbescherming makelaarsTommy Vandepitte
 
EEAS - Cultivate your data protection
EEAS - Cultivate your data protectionEEAS - Cultivate your data protection
EEAS - Cultivate your data protectionTommy Vandepitte
 
Presentation for the LSEC GDPR event - 20171130
Presentation for the LSEC GDPR event - 20171130Presentation for the LSEC GDPR event - 20171130
Presentation for the LSEC GDPR event - 20171130Tommy Vandepitte
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by designTommy Vandepitte
 
GDPR voor steden en gemeenten (Dutch)
GDPR voor steden en gemeenten (Dutch)GDPR voor steden en gemeenten (Dutch)
GDPR voor steden en gemeenten (Dutch)Tommy Vandepitte
 
GDPR project board deck (example)
GDPR project board deck (example)GDPR project board deck (example)
GDPR project board deck (example)Tommy Vandepitte
 
IS/DPP for staff #8 - Monitoring
IS/DPP for staff #8 - MonitoringIS/DPP for staff #8 - Monitoring
IS/DPP for staff #8 - MonitoringTommy Vandepitte
 
IS/DPP for staff #7 - Incidents
IS/DPP for staff #7 - IncidentsIS/DPP for staff #7 - Incidents
IS/DPP for staff #7 - IncidentsTommy Vandepitte
 
IS/DPP for staff #6 - Acceptable use
IS/DPP for staff #6 - Acceptable useIS/DPP for staff #6 - Acceptable use
IS/DPP for staff #6 - Acceptable useTommy Vandepitte
 
IS/DPP for staff #5b - Passwords
IS/DPP for staff #5b - PasswordsIS/DPP for staff #5b - Passwords
IS/DPP for staff #5b - PasswordsTommy Vandepitte
 
IS/DPP for staff #5a - Access
IS/DPP for staff #5a - AccessIS/DPP for staff #5a - Access
IS/DPP for staff #5a - AccessTommy Vandepitte
 
IS/DPP for staff #3b - Data Classification
IS/DPP for staff #3b - Data ClassificationIS/DPP for staff #3b - Data Classification
IS/DPP for staff #3b - Data ClassificationTommy Vandepitte
 
IS/DPP for staff #3a - Data
IS/DPP for staff #3a - DataIS/DPP for staff #3a - Data
IS/DPP for staff #3a - DataTommy Vandepitte
 
IS/DPP for staff #2 - Why?
IS/DPP for staff #2 - Why?IS/DPP for staff #2 - Why?
IS/DPP for staff #2 - Why?Tommy Vandepitte
 
IS/DPP for staff #1 - intro
IS/DPP for staff #1 - introIS/DPP for staff #1 - intro
IS/DPP for staff #1 - introTommy Vandepitte
 

Mais de Tommy Vandepitte (20)

DPIA template
DPIA templateDPIA template
DPIA template
 
Gegevensbescherming-clausule in (overheids)opdracht
Gegevensbescherming-clausule in (overheids)opdrachtGegevensbescherming-clausule in (overheids)opdracht
Gegevensbescherming-clausule in (overheids)opdracht
 
20190131 - Presentation Q&A on legislation's influence (on travel management)
20190131 - Presentation Q&A on legislation's influence (on travel management)20190131 - Presentation Q&A on legislation's influence (on travel management)
20190131 - Presentation Q&A on legislation's influence (on travel management)
 
GDPR toegepast op huur-verhuur (Dutch)
GDPR toegepast op huur-verhuur (Dutch)GDPR toegepast op huur-verhuur (Dutch)
GDPR toegepast op huur-verhuur (Dutch)
 
Controller-to-processor agreements
Controller-to-processor agreementsController-to-processor agreements
Controller-to-processor agreements
 
Gegevensbescherming makelaars
Gegevensbescherming makelaarsGegevensbescherming makelaars
Gegevensbescherming makelaars
 
EEAS - Cultivate your data protection
EEAS - Cultivate your data protectionEEAS - Cultivate your data protection
EEAS - Cultivate your data protection
 
Presentation for the LSEC GDPR event - 20171130
Presentation for the LSEC GDPR event - 20171130Presentation for the LSEC GDPR event - 20171130
Presentation for the LSEC GDPR event - 20171130
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by design
 
GDPR voor steden en gemeenten (Dutch)
GDPR voor steden en gemeenten (Dutch)GDPR voor steden en gemeenten (Dutch)
GDPR voor steden en gemeenten (Dutch)
 
GDPR project board deck (example)
GDPR project board deck (example)GDPR project board deck (example)
GDPR project board deck (example)
 
IS/DPP for staff #8 - Monitoring
IS/DPP for staff #8 - MonitoringIS/DPP for staff #8 - Monitoring
IS/DPP for staff #8 - Monitoring
 
IS/DPP for staff #7 - Incidents
IS/DPP for staff #7 - IncidentsIS/DPP for staff #7 - Incidents
IS/DPP for staff #7 - Incidents
 
IS/DPP for staff #6 - Acceptable use
IS/DPP for staff #6 - Acceptable useIS/DPP for staff #6 - Acceptable use
IS/DPP for staff #6 - Acceptable use
 
IS/DPP for staff #5b - Passwords
IS/DPP for staff #5b - PasswordsIS/DPP for staff #5b - Passwords
IS/DPP for staff #5b - Passwords
 
IS/DPP for staff #5a - Access
IS/DPP for staff #5a - AccessIS/DPP for staff #5a - Access
IS/DPP for staff #5a - Access
 
IS/DPP for staff #3b - Data Classification
IS/DPP for staff #3b - Data ClassificationIS/DPP for staff #3b - Data Classification
IS/DPP for staff #3b - Data Classification
 
IS/DPP for staff #3a - Data
IS/DPP for staff #3a - DataIS/DPP for staff #3a - Data
IS/DPP for staff #3a - Data
 
IS/DPP for staff #2 - Why?
IS/DPP for staff #2 - Why?IS/DPP for staff #2 - Why?
IS/DPP for staff #2 - Why?
 
IS/DPP for staff #1 - intro
IS/DPP for staff #1 - introIS/DPP for staff #1 - intro
IS/DPP for staff #1 - intro
 

Último

一比一原版(Warwick毕业证书)华威大学毕业证如何办理
一比一原版(Warwick毕业证书)华威大学毕业证如何办理一比一原版(Warwick毕业证书)华威大学毕业证如何办理
一比一原版(Warwick毕业证书)华威大学毕业证如何办理Fir La
 
ASMA JILANI EXPLAINED CASE PLD 1972 FOR CSS
ASMA JILANI EXPLAINED CASE PLD 1972 FOR CSSASMA JILANI EXPLAINED CASE PLD 1972 FOR CSS
ASMA JILANI EXPLAINED CASE PLD 1972 FOR CSSCssSpamx
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理Airst S
 
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理bd2c5966a56d
 
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理e9733fc35af6
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理bd2c5966a56d
 
Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?Abdul-Hakim Shabazz
 
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理bd2c5966a56d
 
Navigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxNavigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxelysemiller87
 
589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdfSUSHMITAPOTHAL
 
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理F La
 
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理Airst S
 
Interpretation of statute topics for project
Interpretation of statute topics for projectInterpretation of statute topics for project
Interpretation of statute topics for projectVarshRR
 
Hely-Hutchinson v. Brayhead Ltd .pdf
Hely-Hutchinson v. Brayhead Ltd .pdfHely-Hutchinson v. Brayhead Ltd .pdf
Hely-Hutchinson v. Brayhead Ltd .pdfBritto Valan
 
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...Finlaw Associates
 
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理e9733fc35af6
 
ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.tanughoshal0
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersJillianAsdala
 
一比一原版(Waterloo毕业证书)加拿大滑铁卢大学毕业证如何办理
一比一原版(Waterloo毕业证书)加拿大滑铁卢大学毕业证如何办理一比一原版(Waterloo毕业证书)加拿大滑铁卢大学毕业证如何办理
一比一原版(Waterloo毕业证书)加拿大滑铁卢大学毕业证如何办理e9733fc35af6
 

Último (20)

一比一原版(Warwick毕业证书)华威大学毕业证如何办理
一比一原版(Warwick毕业证书)华威大学毕业证如何办理一比一原版(Warwick毕业证书)华威大学毕业证如何办理
一比一原版(Warwick毕业证书)华威大学毕业证如何办理
 
ASMA JILANI EXPLAINED CASE PLD 1972 FOR CSS
ASMA JILANI EXPLAINED CASE PLD 1972 FOR CSSASMA JILANI EXPLAINED CASE PLD 1972 FOR CSS
ASMA JILANI EXPLAINED CASE PLD 1972 FOR CSS
 
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy NovicesIt’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
 
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
 
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
 
Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?
 
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
 
Navigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxNavigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptx
 
589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf
 
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
 
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
 
Interpretation of statute topics for project
Interpretation of statute topics for projectInterpretation of statute topics for project
Interpretation of statute topics for project
 
Hely-Hutchinson v. Brayhead Ltd .pdf
Hely-Hutchinson v. Brayhead Ltd .pdfHely-Hutchinson v. Brayhead Ltd .pdf
Hely-Hutchinson v. Brayhead Ltd .pdf
 
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
 
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
 
ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 
一比一原版(Waterloo毕业证书)加拿大滑铁卢大学毕业证如何办理
一比一原版(Waterloo毕业证书)加拿大滑铁卢大学毕业证如何办理一比一原版(Waterloo毕业证书)加拿大滑铁卢大学毕业证如何办理
一比一原版(Waterloo毕业证书)加拿大滑铁卢大学毕业证如何办理
 

Training Procurement

  • 1. - Classification: internal - COMPANY IS/DPP Level-up Training Sessions Procurement (date)
  • 2. 2- Classification: internal - Page “Level-up” In addition to the baseline training for all staff Applicable to specific staff, in this case: procurement officers Why? - Procurement officers (help) manage the relationship with external parties in the organisation. They are the center of competence and (single) point of contact on the matter. - Therefore project manager are well-placed champions for IS/DPP. - The business (as usual) should be able to attract, contract, and follow-up the external relationshiop, which should (a) working with untrustworthy counterparties, and (b) allow enforcement of compliance.
  • 3. 3- Classification: internal - Page YOUR MISSION, should you choose to accept it… Support in and as the Business-As-Usual the organisational aspect of IS/DPP by  acting as center of competence with regard to relationship management of external parties – selecting counterparties – contract negotiations – follow up  screening & vetting candidates  documenting commitment  guiding (and triggering) follow-up
  • 5. 5- Classification: internal - Page Masters of the Process Select • RFI, RFP, BaFO • Questionnaires and Questions Contract • Negotiations (need-to-have v nice-to-have) • Risk Acceptance (as the case may be) • Execution (and retention) Follow-up • Informal: “wine and dine”, relationship management, … • Formal: questionnaires, audit, … • Special: rights of data subjects (e.g. rectification, block)
  • 6. 6- Classification: internal - Page External Parties 6 COMPANY proc. group Vendor SP Client Client Client Client Client Client Client Vendor Service Provider Sub- processor 1. Confidentiality 2. Personal Data: DP schedule Enforcement
  • 7. 7- Classification: internal - Page Personal Data Protection: Different Levels Internal Processor in a “safe country” Processor in an “unsafe country”
  • 8. 8- Classification: internal - Page Internal (FYI) Concentric circle controls 1 Perimeter control: controlled access to the buildings e.g. zoning on a risk basis, security alarms, locked doors, surveillance cameras, security guards (day/night), enterance controls (badge, biometrics,…), identified and guided visitors, 2 Network control: controlled access to the network e.g. firewalls, virus scans (incl. malware, spyware, …), 3 Server access control: zoning on a risk basis, monitoring (high-level permanent/sample or exception based periodic), 4 Secure data deletion: shredders, instructions, waste baskets, … 5 Data loss prevention DP training for legal and quality 24 November 2014 Slide 8 Summary Content Equipment access control deny unauthorised persons access to data-processing equipment used for processing personal data Data media control prevent the unauthorised reading, copying, modification or removal of data media Storage control prevent the unauthorised input of data and the unauthorised inspection, modification or deletion of stored personal data User control prevent the use of automated data-processing systems by unauthorised persons using data communication equipment Data access control ensure that persons authorised to use an automated data-processing system only have access to the data covered by their access authorisation Communication control ensure that it is possible to verify and establish to which bodies personal data have been or may be transmitted or made available using data communication equipment Input control ensure that it is subsequently possible to verify and establish which personal data have been input into automated data-processing systems and when and by whom the data were input Transport control prevent the unauthorised reading, copying, modification or deletion of personal data during transfers of personal data or during transportation of data media Recovery ensure that installed systems may, in case of interruption, be restored Reliability & Integrity ensure that the functions of the system perform, that the appearance of faults in the functions is reported and that stored data cannot be corrupted by means of a Insert policy overview / visualisation
  • 9. 9- Classification: internal - Page Gradations of topo-risk Argentina Australia Canada Faeroe Islands Guersney Isle of Man Israel Jersey Switzerland Uruguay (USA) Norway Lichtenstein Iceland No adequate level of protection - Contractual clauses - Other
  • 10. 10- Classification: internal - Page Processor in a “safe” country Part of the selection process Binding clauses Follow-up Sufficient guarantees on measures wrt the data processing operation - Processors only acts on instruction of the controller - Legal requirements of internal measures must bind the processor Ensure compliance with measures wrt the data processing operation OR NOT, if you have a template
  • 11. 11- Classification: internal - Page Processor in an “unsafe” country Reference is made to the legitimacy topic. Controller adduces adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights which are authorized under applicable (national) law. Same as other processors Binding clauses Specific basis for legitimacy Balance test Legal requirement Implied consent Explicit consentlimitedSCC
  • 12. Screening & Vetting Internal staff = HR External staff = insert
  • 13. 13- Classification: internal - Page Environment Physical Human Device Application Repository Carrier Layers & Dimensions Changes • In the regulatory environment • In processes • In people (JLT) • In technology Network Data 3rd Parties We are going to give this person access to - our premises? - our network? - our devices? - our applications? - our data? - …
  • 14. 14- Classification: internal - Page Input: Risk Assessment (Privacy Impact Assessment)  Data set and data flow description  Risk mitigating / sharing measures (as foreseen) Technical measures (+ point of contact) Organisational measures  documented (a.o. who can/should have access?)  communication/training/awareness [plan]  Residual risk acceptance (if any, may come after negotiations)  Risk assessment (different versions) Before “outsourcing” (legacy = absent) After “outsourcing”
  • 15. 15- Classification: internal - Page Document: Data Sets (first 3 criteria) Source of the data Objective / Subjective Data Subject / Generated ourselves / 3rd party / … Purpose for the data Credit review, AML screening, profiling, contact in execution of agreement, marketing, segmentation, … Data subject Customer, cardholder, prospect, candidate, staff member, contact at supplier, contact at corporate customer,… Data fields Free fields: Name, address, free comment, meeting report, … Dropdown lists: Country, Title, Status,… Special categories of data Financial data, card data (PCI), … Relating to race, ethnic origin, (political, philosophical, religious) beliefs, trade union membership, sexual life Health data / Judicial data (related to litigation, criminal sanctions, presumptions of criminal facts,…) (Estimated) volume By number of data subjects, by number of data fields per data subject, …
  • 16. 16- Classification: internal - Page Document: Risks Data Classification Give the full data classification per data set. Risks identified What risks were identified in terms of the different layers of information security and data protection? Qualitative measure of the risk Likelihood x impact Quantitative measure of the risk (if possible) more detailed calculations based on statistical models (e.g. monte carlo) Validation by CISO The CISO has to validate all information risk assessments. Validation by DPO (for personal data) The DPO has to validate all personal data related risk assessments.
  • 17. 17- Classification: internal - Page Document: Risk Approach Risk Mitigating Measures For every risk identified, the mitigating measures: technically and/or organisationally (incl. first line controls). Risk Sharing Measures For every risk identified, if applied, the risk sharing measures: agreements, insurances, etc; Residual Risk For every risk identified, the residual risk (incl. assessment in terms of likelihood and impact). Comparison to 1st Risk Assessment Preferably visually (matrix) Validation by CISO The CISO has to validate all information risk approaches. Validation by DPO (for personal data) The DPO has to validate all personal data related risk approaches. Residual Risk Acceptance (if any) The decision by the ExCo or, as the case may be, a steering committee to which the project follow-up was delegated. New risk acceptance or measures, if and when the risk assessment has shown change in risk profile.  Escalate via CISO or DPO
  • 18. 18- Classification: internal - Page Document: Data Flows Data set transferred (see data set for further detail) Source of the data In principle the repository you are responsible for as Information Asset Owner Recipient of the data Within company / between GROUP companies / Third Party (processing on COMPANY’s behalf) / Third Party (processing on own behalf) Purpose for use by the recipient To allow alignment with the original purpose and fitness of the data set Operational description of transfer Automatic or manual intervention, format (xls, xml, CODA, …), channel, frequency of the transfer, … Security of the transfer Measures taken to ensure the secure transfer, both technical (e.g. encryption) and organisational (e.g. double channel for transfer of package and key) Assurance by recipient To keep the data secure and confidential, not to use the data for other purposes than described, not to further transfer the data, to update the data at request of IAO,… Validation Validation by CISO (always) and DPO (personal data)
  • 19. 19- Classification: internal - Page Getting started • Screen • RFI Recruit • Vet • RFP Select … Employees: HR + line External provider and/or staff: Procurement + sponsor http://kbopub.economie.fgov.be/ https://www.nbb.be/nl/balanscentrale myownwebsite.be …
  • 21. 21- Classification: internal - Page People onboarding, leaving, changing functions • Documents • Onboard • Checklist • Assets / Access • Training Contract • Training • Evaluation Execute • Documents • Exit • Checklist • Retrieval Exit Employees: HR + line HR + sponsor Change / Transfer Join Leave External staff: Procurement -
  • 22. 22- Classification: internal - Page Data exporter Different capacities possible: controller or processor. Data importer Different capacities possible: controller or (sub-)processor. So: Controller Controller Processor Controller Processor Adde the geographic aspect Data Export – Data Import
  • 24. 24- Classification: internal - Page Principles of Follow-Up Period risk-based review of the relations. Risk Time Informal Audit Assurance Questionnaire Relationship management On Site Visit Approaches
  • 26. 26- Classification: internal - Page Especially Relevant Policy Documents • Outsourcing Policy • Third Party Assessment Procedure • Third Party Contracting Procedure • Third Party Follow-up Procedure • Secure Information Exchange Procedure • Secure Development Policy • JLT Procedure • Joiner Checklist template • Leaver Checklist template • Transfer = Leaver + Joiner (Sharepoint) (Folder) x:HROnboarding Docs x:HROnboarding x:HRLeavers
  • 27. 27- Classification: internal - Page Especially Relevant Policy Documents • Outsourcing Documents • IS/DPP questionnaire • Bodyshopping template • IS/DPP Contract Schedule (basic) • EU Standard Contractual Clauses • Controller-to-Controller • Controller-to-Processor • Templates for specific situations (project “NDAs”, etc.) (Sharepoint) (Folder)
  • 28. 28- Classification: internal - Page Relevent Points of Contact Input for the assessment Project manager Information Asset Owner (see Inventory) Sounding board and support on contracting Legal  (name) Sparring partner for follow- up Information Asset Owner (see Inventory) Review of IS/DPP questionnaire answers CISO  (name) DPO (personal data)  (name)
  • 29. 29- Classification: internal - Page Processes (add processes of JLT procedure)

Notas do Editor

  1. Source: Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters http://eur-lex.europa.eu/Notice.do?val=485881:cs&lang=en&list=485860:cs,485859:cs,485881:cs,485858:cs,485857:cs,485856:cs,485855:cs,485880:cs,485879:cs,&pos=3&page=1&nbl=9&pgs=10&hwords=&checktexte=checkbox&visu=#texte (a) deny unauthorised persons access to data-processing equipment used for processing personal data (equipment access control); (b) prevent the unauthorised reading, copying, modification or removal of data media (data media control); (c) prevent the unauthorised input of data and the unauthorised inspection, modification or deletion of stored personal data (storage control); (d) prevent the use of automated data-processing systems by unauthorised persons using data communication equipment (user control); (e) ensure that persons authorised to use an automated data-processing system only have access to the data covered by their access authorisation (data access control); (f) ensure that it is possible to verify and establish to which bodies personal data have been or may be transmitted or made available using data communication equipment (communication control); (g) ensure that it is subsequently possible to verify and establish which personal data have been input into automated data-processing systems and when and by whom the data were input (input control); (h) prevent the unauthorised reading, copying, modification or deletion of personal data during transfers of personal data or during transportation of data media (transport control); (i) ensure that installed systems may, in case of interruption, be restored (recovery); (j) ensure that the functions of the system perform, that the appearance of faults in the functions is reported (reliability) and that stored data cannot be corrupted by means of a malfunctioning of the system (integrity).
  2. When personal data is transferred to another country, the controller must ensure an adequate level of protection for personal data or take appropriate compensating measures. An adequate level of protection is considered to be ensured when: - the recipient country is an EU member State, Norway, Liechtenstein or Iceland - the recipient country is a country on which the EU Commission has decided that it provides an adequate level of protection in the context of the Personal Data Protection Directive the agreement with the recipient contains standard contractual clauses on which the EU Commission has decided that they offer sufficient safeguards (More information hereon can be found on the website of the Article 29 Working Party : http://ec.europa.eu/justice_home/fsj/privacy/thridcountries/index_en.htm) - the agreement with the recipient contains contractual clauses where the controller adduces adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights which are authorized under applicable (national) law Only when it is not reasonably possible to ensure an adequate level of protection, the controller has to take reasonable measures to inform the data subject and ensure that the data subject has given his consent unambiguously to the proposed transfer; or the transfer is necessary for the performance of a contract between the data subject and the controller; or the transfer is necessary for the implementation of pre-contractual measures taken in response to the data subject's request; or the transfer is necessary for the conclusion of a contract concluded in the interest of the data subject between the controller and a third party; or the transfer is necessary for the performance of a contract concluded in the interest of the data subject between the controller and a third party; or the transfer is necessary or legally required on important public interest grounds, or for the establishment, exercise or defence of legal claims; or the transfer is necessary in order to protect the vital interests of the data subject; or the transfer is made from a register which according to laws or regulations is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate legitimate interest, to the extent that the conditions laid down in law for consultation are fulfilled in the particular case.
  3. Article 17, 2-4 EU Directive 1995/46 The controller(s) must, where processing is carried out on his behalf, choose a processor providing sufficient guarantees in respect of the technical security measures and organizational measures governing the processing to be carried out, and must ensure compliance with those measures. The carrying out of processing by way of a processor must be governed by a contract or legal act binding the processor to the controller and stipulating in particular that: - the processor shall act only on instructions from the controller, - the obligations set out in paragraph 1 of Article 17, as defined by the law of the Member State in which the processor is established, shall also be incumbent on the processor. For the purposes of keeping proof, the parts of the contract or the legal act relating to data protection and the requirements relating to the measures referred to in rule 5.2 shall be in writing or in another equivalent form.
  4. Only when it is not reasonably possible to ensure an adequate level of protection, the controller has to take reasonable measures to inform the data subject and ensure that the data subject has given his consent unambiguously to the proposed transfer; or the transfer is necessary for the performance of a contract between the data subject and the controller; or the transfer is necessary for the implementation of pre-contractual measures taken in response to the data subject's request; or the transfer is necessary for the conclusion of a contract concluded in the interest of the data subject between the controller and a third party; or the transfer is necessary for the performance of a contract concluded in the interest of the data subject between the controller and a third party; or the transfer is necessary or legally required on important public interest grounds, or for the establishment, exercise or defence of legal claims; or the transfer is necessary in order to protect the vital interests of the data subject; or the transfer is made from a register which according to laws or regulations is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate legitimate interest, to the extent that the conditions laid down in law for consultation are fulfilled in the particular case.