Setting Up Rules Frameworks

Interface Technology Allows Granular Control of Data

Having worked with large multinational companies in the past two decades, the issue of having a granular level of control of applications where personal information is being processed within an IT infrastructure that covers not only their own in-house operations, but those of third parties and those of their subsidiaries, has only recently been possible to tackle through harnessing advances in interface technology.

Control of Data Processing Risks

The need to protect personal information that is being processed within this environment due to legislation that has increased penalties and expectations of good business practices being in place means there is a need to understand where such processing represents a risk and control it accordingly.

Preparation Required

Our TP-RMS system provides the capability of linking to any application within the IT infrastructure described above where personal information is being processed. For this solution to be meaningfully applied, however, there is a need to categorise and classify personal information and to then apply a risk rating to pinpoint the applications and methods where rules need to be applied to manage this risk. This will prevent over-engineering of the solution.

Major Risks Requiring Rules

We have the expertise to assist clients in analysing their data and setting up the rules for achieving control of processing records at application level. The kind of major risks faced by clients that we focus on to develop these rules include the following:

  • Control of portable data leaving the secure it environment;
  • Applying rules to control records and fields at the application level anywhere that personal information (pi) is being processed where a significant risk exists due to the nature of the processing; and
  • Controlling records and fields at the application level where PI is being processed by third parties and where a significant risk exists.

Application of Rules

Where these rules are applied to our TP-RMS system, it provides search engine capabilities that are able to harness the power of having interfaces to all applications both in-house and at third parties that are processing PI. This allows for consolidated outputs and reporting on any combination of records that are linked and is invaluable for business or regulator reporting.

Request a call back

Should you wish to find out more about this or any of our other Regulatory Risk Services or Solutions, request a call back from one of our team by completing the Request form.