Summary

Automated monitoring (GRC-POS-14) relies heavily on access to the many sources of application data required for providing the feeds.  It requires a rules based approach that can be applied at the source of the processing and this introduces significant complexities that interface technology can provide incrementally through this service.

Interface Technology Allows Granular Control of Data (Setting Up Rules Frameworks)

Having worked with large multinational companies in the past two decades, the issue of having a granular level of control of applications where personal information is being processed within an IT infrastructure that covers not only their own in-house operations, but those of third parties and those of their subsidiaries, has only recently been possible to tackle through harnessing advances in interface technology.

Control of Data Processing Risks

The need to protect personal information that is being processed within this environment due to legislation that has increased penalties and expectations of good business practices being in place means there is a need to understand where such processing represents a risk and control it accordingly.

Preparation Required

Our TP-RMS system provides the capability of linking to any application within the IT infrastructure described above where personal information is being processed. For this solution to be meaningfully applied, however, there is a need to categorise and classify personal information and to then apply a risk rating to pinpoint the applications and methods where rules need to be applied to manage this risk. This will prevent over-engineering of the solution.

Major Risks Requiring Rules

We have the expertise to assist clients in analysing their data and setting up the rules for achieving control of processing records at application level. The kind of major risks faced by clients that we focus on to develop these rules include the following:

  • Control of portable data leaving the secure it environment;
  • Applying rules to control records and fields at the application level anywhere that personal information (pi) is being processed where a significant risk exists due to the nature of the processing; and
  • Controlling records and fields at the application level where PI is being processed by third parties and where a significant risk exists.

Application of Rules

Where these rules are applied to our TP-RMS system, it provides search engine capabilities that are able to harness the power of having interfaces to all applications both in-house and at third parties that are processing PI. This allows for consolidated outputs and reporting on any combination of records that are linked and is invaluable for business or regulator reporting.

Building Reports from In-house and Third Party Data (Developing Consolidated Reporting for Business & Regulators)

We are able to offer clients the ability to build reports of any combination of records, or fields within records, wherever this data is located in your own company’s systems, or the systems of third parties processing your records, where we have the interface technology in place through our Records Management Solution TP-RMS.

Legislation Creates the Need to Deliver a Solution

With the advent of legislation to control the processing of personal information, and serious penalties and reputational damage from being named and shamed by regulators, there has been a need to find solutions for companies needing to control data.

The Challenge to Solve

This challenge in its most complex form for a company responsible for processing PI in-house and by its third parties is about control of transactional level processing across different platforms owned by different parties using different applications resulting in a widespread landscape of numerous repositories holding personal information.

Advanced Integration Technology

Using the most advanced integration technology, we have made it possible for companies to access these repositories and control them using best practices in information security and governance.

A New Era of Business Intelligence

This has opened the door to previously inaccessible data and introduced a whole new era of reporting through the ability to view repositories and generate powerful intelligence. We can develop reports for business or to meet regulatory requirements that are only limited in content by the extent to which authority is granted to access these repositories through our integration technology and the ability of the client to design the content required for our development team.

Building Reports Within TP-RMS

Our report building service is directly linked to the FINDER module in our Records Management Solution TP-RMS. Further details on this solution can be found on our website under this menu selection.

Request for Information

Should you wish to find out more about this or any of our other Portfolio of GRC Services or Solutions, please don’t hesitate to give us a call or email us.  Our details can be found at the bottom of this screen or under Contact on the main menu.