Achieving a Sustainable Level of Proficiency for Legislation, Standards and Policies
For the past two decades we have worked with large companies to implement new legislation and seen how they struggle when changes to this legislation are introduced much later and the records, people, process and system changes that were introduced originally cannot be traced and the change efforts have to start all over again with mapping and development of core information for resolving the gaps in compliance that were surfaced.
Change control framework
As a result, we developed an approach to regulatory change that incorporates a golden thread for change control throughout the process of introducing any new legislation, standards or policies that a company has to comply with. This golden thread is a framework of workstreams and requirements that are analysed and extracted by a change expert from the legislation, standard or policy being dealt with. Workstreams are logical groupings of work that provide the key for making sure a company can trace any requirement back to the organisational changes that were made.
Unique workstreams / requirements approach
So with this approach as the basis for our regulatory change work over the past decade, it means that all our training uses the same framework. The beauty of this is that, for example where new legislation is concerned, staff are not given a regurgitation of what is written in the act – typically what law firms provide – but a far more practical, user-friendly and function-based breakdown into its individual requirements and how they fit together into logical groupings of work.
Protection of personal information training
We have had our experts unpack the Protection of Personal Information (POPI) Act into a set of workstreams with 22 summary level and 86 detail level requirements that can be traced back to each applicable clause in the Act. We have developed this content for carrying out assessments on POPI (see our T-GRCS solution where the ASSESS module is covered) and for developing a set of training modules on our T-RTS training platform that include The Complete Guide to the Protection of Personal Information Act and various advanced modules that incorporate customised details per client. Further details on these modules are provided below.
The Complete Guide to the Protection Of Personal Information Act
A comprehensive training programme targeting all staff dealing with the processing of personal information in a company. It provides insights into the full content of the Act at a basic level. It also provides learners with the ability to reference further details on any aspect of the Act covered during the training via the workstream/requirements framework used.
The main features of the course are as follows:
It costs R1250.00 (excl. VAT) per person to register on our website and gain access to the training material.
The course is two hours in duration and is made up of 10 modules covering:
- Course Introduction & POPI Challenges
- The Four Main Focus Areas
- Workstreams and Requirements
- Data Subject Servicing
- Records Management
- Third Party Processing
The course is accompanied by a 69-page POPI Reference Handbook that follows the content of the 10 modules and provides detailed extracts from the legislation.
The fee also gives you access to this material to use as often as you like for a 12-month period – we believe POPI is too vast to absorb in one session!
Where companies require more than one person to do the course, our training platform generates emails with login details per staff member through our bulk registration process. Further details about this can be obtained by requesting a call back using the Request Form in the sidebar or making contact with us via the details provided on the Contact page.
To register for this course, or to see a video that provides an overview of the content, click on the E-Learning button below.
Governance and training requirements for dealing with the Protection Of Personal Information Act
An advanced training module targeting management who are responsible for the processing of personal information in a company. The course provides detail on every aspect of the Act that relates directly or indirectly to governance, along with a framework and best practices for dealing with sustainable compliance with the legislation.
Records management requirements for dealing with the Protection Of Personal Information Act
An advanced training module targeting IT and business owners of records containing personal information who are responsible for controlling what happens to these records in the company. The course provides detail on every aspect of the Act that relates directly or indirectly to records management, along with insights for designing approaches for solving the key records management challenges arising from the Act.
Data subject disclosures and servicing requirements for dealing with the Protection Of Personal Information Act
An advanced training module targeting IT and business owners of records containing personal information who are responsible for servicing the three categories of data subject in any organisation, namely staff, suppliers and clients or any categories of individuals within these groupings. The course provides detail on every aspect of the Act that relates directly or indirectly to disclosures to, and servicing requests from, data subjects, along with insights for designing approaches for solving the key challenges with data subjects arising from the Act.
Security and third party processing requirements for dealing with the Protection Of Personal Information Act
An advanced training module targeting IT and managers of third parties who are responsible for contracting suppliers that process personal information on behalf of the company. The course provides detail on every aspect of the Act that relates directly or indirectly to security of records containing PI, and to third parties processing such records on behalf of the company, along with insights for designing approaches for solving the key challenges with these areas arising from the Act.
Sustainable compliance with T-RTS
The longer term problem
Having the right training material to give to your staff is not going to solve the longer term problem of sustainable compliance. If you look at the input from regulators it is clear that a lot of emphasis is placed on job specific training where staff need to know what to do with regards to regulatory compliance on an ongoing basis.
What the training strategy must include
This means companies must have a sound strategy regarding their training and this has to deal with challenges that include:
- An ongoing and demonstrable level of proficiency by staff with subject matter that covers a broad spectrum of regulatory requirements;
- The need to ensure new staff are competent to perform their duties taking into consideration their regulatory compliance obligations at the outset;
- Keeping staff up to date and providing appropriate refresher training to maintain an acceptable level of proficiency in the workplace;
- Keeping the training material up to date and ensuring its effectiveness; and
- Being able to attest for each legislation, standard and policy, to the level of proficiency being achieved for all identified key job roles against set proficiency levels.
T-RTS provides a regulatory training solution that addresses these issues. In a nutshell it is a platform that contains all the training material that can be accessed readily by individuals at their workstations. It comprises a learning, testing and reporting set of modules that ensures a hassle free system for managing the delivery of a set level of proficiency on any legislation, standard or policy that a company decides to incorporate in the system.
The system will generate reports on the tests conducted by attendees of any course on the system and will allow, through a controlled process, the repeat of any course and/or test to ensure a minimum proficiency level is achieved by each learner.
Providing training material
TOSMS provides the service of developing the training content for any piece of legislation, standard or policy that a company decides is important to manage via T-RTS (see GRC Services). It will provide this material using the workstream/requirements framework as a standard to dovetail with the T-GRCS approach to organisational change that relies on this framework.
Providing training and E-learning
Not only does TOSMS develop training content on behalf of clients, they also have their own specific regulatory training programs that are available in online and workshop formats.
Integration with T-GRCS
The regulatory compliance and regulatory training solutions, T-GRCS and T-RTS respectively, that are provided by TOSMS are intended to work together as it is not possible for the one to achieve a sustainable outcome without the other. However clients may use either solution independently of the other as they are able to operate without any form of integration being provided.
Request a call back
Should you wish to find out more about this or any of our other Regulatory Risk Services or Solutions, request a call back from one of our team by completing the Request form.