SGCMF©10002:2018
SGCMF©10002:2013 LEVEL 1 | AUDITOR DATABASE & PRIVACY MANAGEMENT
8-hour course + learning test
THE TRAINING COURSE
Internal Auditing has acquired a major role in the proper management of corporate governance and compliance rules, including mandatory ones. Monitoring of business processes ensures their proper functioning and stimulates their improvement.
The course, which considers all aspects related to the proper management of processes governing the establishment, management and compliance of medical records, provides the necessary tools to carry out the internal Audit activity ensuring an efficient control system .The Standard SGCMF©10002:2013 provides the requirements for the management of compliance of personal data of persons qualified to prescribe drugs, collected during the activity of Advertising, as indicated by the combined provisions of Legislative Decree 219/06 Title VIII (DIR 2001/83/EC) and Legislative Decree 196/03 Part I (DIR 1995/46/EC).; the objective of the specification is the safeguard, availability and evaluation of accuracy of the information collected and managed. The new features introduced by the new European Data Protection
Regulation will also be analyzed.
OBJECTIVES
The purpose of the course is to provide the knowledge necessary to conduct Internal Audits of the Database Management Systems of the health care facilities visited in a proper view of data protection regulations. Skills necessary for proper risk assessment related to information processing, analysis of recurring nonconformities, and applicable security controls will be acquired.
TO WHOM IT IS ADDRESSED
- Compliance/Legal manager
- Data Protection officer
- Personal Data Processors
- CRM manager/SFE manager
MINIMUM REQUIREMENT
- Basic knowledge of d.lgs. 196/03 and d.lgs. 219/06
REFERENCE STANDARDS
- SGCMF 10002:2013
- D.Lgs.196/03
- Legislative Decree 219/06
- UNI CEI EN ISO/IEC 17065
- UNI EN ISO 19011_2012
- UNI EN ISO 9001_2008
LECTURE
The course is taught by faculty with specific experience in managing systems, processes and procedures related to the handling of data contained in corporate databases in accordance with current Data Protection regulatory requirements.
TEACHING MATERIALS
Educational notebook containing:
- Guarantor measures with impact area (pharma)
- Slides projected during the course
PROGRAM
9:00-13:00 | MODULE 1
• Course objectives
• SGCMF©10002:2013 certification scheme - PRD UNI EN ISO/IEC 17065:2012
• Data processing::
• Fundamental principles of the treatment ex art. 11 .lgs. 196/03
• Mishandling of personal data: the damage ex art. 15 and the reversal of the burden of proof
• The treatment of data in the activity of scientific medical information
• The 'activity of Internal Auditor: purposes and functions
• The conduct of an audit
13:00: Light Lunch
14:00-17:30 | MODULO 2
• Practical application of principles and case histories
1. Measures of the Supervisory Authority
2. Sanctions
3. Findings of system audits at companies
4. Case studies for individual areas
• Compliance/Legal
• Sales Force effectiveness/CRM
• IT
• Training
• Conferences/Experimentation
17:30 Final Test
18:00 End of work
TO WHOM IS IT ADDRESSED?
- Consulenti Privacy
- Internal auditor
- DPO
- Legal
- HR Manager
BASIC KNOWLEDGE
- Basic knowledge of Legislative Decree 196/03
- Basic knowledge EU Reg. 2016/679
TEACHING MATERIAL
- EU-GDPR Regulation 2016/679
- >ISDP Guidelines
- Scheme ISDP©10003:2015
- >Subscribing to the private Linkedin group 'Privacy Observatory EU GDPR'
- Slides projected during the course
TEACHERS
The teachers are qualified professionals inVeo Ltd.
LEARNING TESTS
Multiple-choice written test*
* Should the test not be passed, it will be possible to take it after 30 days in online mode
SGCMF©10002:2013 LEVELS 2-3 | AUDITOR DATABASE & PRIVACY MANAGEMENT
16-hour course + learning test
THE TRAINING COURSE
The SGCMF©10002:2013 Standard aims to safeguard, make available, and assess the accuracy of personal information of prescribers collected and managed for corporate uses related to drug advertising. Conducting proper and comprehensive internal auditing enables organizations to set up effective monitoring of business processes to maintain the oversight of privacy compliance related to the management of physician records. The delicate transitional period related to the approval of the European regulations (EU GDPR 2016/679) requires appropriate assessments about the implementation of internal processes that can enable companies to present themselves to May 25, 2018 in full compliance and efficient control systems.
OBJECTIVES
The aim of the course is to deepen the techniques and logic for the condition Internal Audits on the Database Management Systems of the visited healthcare facilities in a correct view of the data protection regulations, making acquire the necessary skills for a correct assessment of the risk related to the processing of information. II level of the Auditor database & privacy management course aims to analyze the most specific critical issues in the sector starting from the in-depth study of the most significant and real cases and the most recurrent nonconformities and allow a complete learning of internal auditing techniques. It will also allow practitioners to acquire the skills useful for the management of the transition between current norm and the application of the EU Regulation GDPR 2016/679 with a particular focus on the Accountability principle of the Data controller called to demonstrate that he/she performs his/her tasks through serious, tangible, solid, transparent methodologies that respect the dignity and respect of the individual.
TO WHOM IT IS ADDRESSED
- Compliance/Legal manager
- Data Protection officer
- Personal Data Processors
- CRM manager/SFE manager
MINIMUM REQUIREMENT
- Participation in database auditor & privacy management course - Level I
- Basic knowledge of d.lgs. 196/03 and d.lgs. 219/06
REFERENCE STANDARDS
- SGCMF 10002:2013
- D.Lgs.196/03
- Legislative Decree 219/06
- UNI CEI EN ISO/IEC 17065
- UNI EN ISO 19011_2012
- UNI EN ISO 9001_2008
LECTURE
The course is taught by faculty with specific experience in managing systems, processes and procedures related to the handling of data contained in corporate databases in accordance with current Data Protection regulatory requirements.
TEACHING MATERIALS
Educational notebook containing:
- Guarantor measures with impact area (pharma)
- Slides projected during the course
MODULE 2
THE PROGRAM.
9:00-9:30 a.m. - Registration and Coffee
9:30-13:00
The work of the internal auditor: where we left off and objectives of Module II
- Entry into force of the new European Regulation
- Transition of legislation code D.LGS 196/03 -Reg Eu 2016/679
SGCMF©10002:2013 Certification Scheme
- Process audits on the database: operational audits
- Accuracy and updating of data
- Univocity
- Relevance and non-excessiveness
- Minimization
13:00: Light Lunch
14:00-18:00
- System audit on plant policies and business procedures
- Appendix A scheme SGCMF©10002:2013
- Owner's responsibility and treatment design
- Management of medical records for scientific medical information activities
- Treatment security measures
- Access requests, corrections, and deletions
- Training
Guidelines for Conducting Management System Audits (UNI EN ISO 19011)
18:00 End of work
MODULE 3
THE PROGRAM
9:00-9:30 a.m. - Registration and Coffee
9:30-13:00
The certification process in companies
Audit findings: degree of Nonconformity
- Data non-compliance
- Minimization of collection
- Privacy by default and by design
- Management Awareness
- Education and training of appointees
- Intellectual Property and Ownership
- Relationships with third parties
- Risk assessment of data processing
- Impact assessment for profiling
- Information Release and Consent Collection Procedures
- Right to know - Need for feedback
- Notification and data transfer abroad
- Treatment security measures
13:00: Light Lunch
14:00-16:30
Corrective actions and practical applications
Case studies
16:30-17:30
Final Test (multiple-choice and practical cases)
18:00 End of work