Professional Documents
Culture Documents
Guia Compliance Officer Quickly
Guia Compliance Officer Quickly
I. 3. ISO 19600
• High level structure: (i) Context of the organization (ii) Leadership (iii) Planning (iv) Support (v)
Operation (vi) Performance evaluation (vii) Improvement
curity roles and responsibilities. The Office 365 security policies address purpose, scope, roles,
responsibilities, compliance requirements, and required coordination among the various Microsoft
organizations providing some level of support for the security of Office 365. Office 365 security policies
contain rules and requirements that must be met in the delivery and operation of Office 365. Office 365
employees and contingent staff are accountable and responsible for complying with these guiding principles
in their designated roles.
ISO 37001
coordination among the various Microsoft organizations providing some level of support for the security of
Office 365. Office 365 security policies contain rules and requirements that must be met in the delivery and
operation of Office 365. Office 365 employees and contingent staff are accountable and responsible for
complying with these guiding principles in their designated roles.
Office 365 segregates duties and areas of responsibility to reduce opportunities for unauthorized use,
unintentional modification, or misuse of the organization’s assets. Office 365 teams have defined roles as
part of a comprehensive role-based access control mechanism. Additionally, each Office 365 team has
identified role pairs that, if assigned to a single person, would
However, Annex A to '27001 outlines a suite of information security controls that the management
system would typically be used to manage, provided they are in fact applicable to the organization (which
depends on its information security risks). The security controls in Annex A are explained in much more
detail in ISO/IEC 27002, and in various other standards, laws, regulations etc.
• have identified role pairs that would allow for malicious activity without collusion if assigned to a
single person Computer Emergency Readiness Team (US-CERT) to ensure appropriate action can be quickly
taken and advice obtained when necessary. Office 365 relies on Microsoft's global criminal compliance and
Corporate, External, and Legal Affairs (CELA) teams for contacts with law enforcement. Roles and
responsibilities for managing and maintaining these relationships are defined.
• Ease to synchronize with different standards
• Possibility of integrating management systems, eliminating duplicities
II.4. UNE 19601
• Certifiable standard
• Practical standard: commitment to the structure of the cycle DEMING P-D-C-A, it is not a project with
an end date
• Security in the legal traffic within the supply chain
• Assessment in a judicial procedure of the need for a culture of compliance
Leadership
to. Leadership
•Chapter 5
•Art. 5.1.1 Governing Body
•Art. 5.1.2 Criminal Compliance Body
•Art. 5.1.3 Senior management
• 5.2 Compliance policy
• 5.3 Roles, responsibilities and authorities in the organization
to. Leadership
5.1.1: GOVERNMENT ORGAN: 20 REQUIREMENTS - LEADERSHIP and COMMITMENT (executive decisions
that ensure the approval, application and effectiveness of the SGCP) - MUST:
• VALUES OF THE ORGANIZATION: Promote a culture of Criminal Compliance and act according to the
Legal Order
• PENAL COMPLIANCE MANAGEMENT SYSTEM: ADOPT, IMPLEMENT, MAINTAIN, IMPROVE
• GIVE OF FINANCIAL, material and human RESOURCES
• APPROVE COMPLIANCE POLICY
• ENSURE SGCP EFFICACY: periodically review and modify as necessary
• PENAL COMPLIANCE ORGAN: Establish and endow it with autonomous powers of initiative and control
- WILL OF THE ORGANIZATION: Ensure procedures for:
• Specify the formation of the will
•Take decisions
• Execute decisions to. Leadership
16-abr-19
Compliance policy
• Compensation systems for compliance achievements
• Evaluations to employees before hiring
•Continuous training
• Communication continues, open and adequate
• Visible recognition of the achievements of compliance management
• Ethical leadership. "Tone at the top"
• As the hierarchical responsibility of a person in an organization increases, it increases their visibility and
ability to influence the behavior of others.
b. Compliance Culture
• The way of acting (behavior) of the members of Senior Management moves the way of acting of the
rest of the individuals that make up the organization: visible, consistent and sustained commitment over
time with a standard of common behavior
b. Compliance Culture
• The business culture must be an element that positively influences the behavior and attitude of all
those who make up the organization: culture of compliance
b. Compliance Culture
b. Compliance Culture
Change perception detection and punishment
16-abr-19
behaviors could entail the criminal responsibility of the juridical person, taken care of the concrete
circumstances of the organization. Analysis: It consists in analyzing what probability exists that they are
materialized and what its consequences would be, in such case. This analysis is what finally allows us to
assess criminal risks. Valuation: Consists in the prioritization of criminal risks and, therefore, of the resources
destined to their prevention, detection and management, emphasizing those that suppose a greater than
low risk.
c. The SGCP - Planning
The SGCP: Planning and operational control
cc: fensterbme –
Saved
Community