SGCMF©10002:2013 LEVEL 1 | AUDITOR DATABASE & PRIVACY MANAGEMENT

8 hour course + progress test

THE TRAINING COURSE
Internal Auditing has assumed a role of primary importance in the proper management of Corporate Governance and Compliance rules, including binding ones.
Monitoring corporate processes guarantees their proper operation and stimulates their improvement.
The course, which takes into consideration the set of issues tied to the proper management of those process that regulate the creation, management and compliance of medical archives, provides the tools necessary to carry out the internal audit activity, guaranteeing an efficient control system.
The SGCMF©10002:2013 standard provides the requirements of a system to manage compliance of personal data of subjects authorised to prescribe drugs and which is collected during advertising activities, as indicated in the combined provisions of Italian Legislative Decree 219/2006, Title VIII (DIRECTIVE 2001/83/EC) and Italian Legislative Decree 196/2003, Part I (DIRECTIVE 1995/46/EC); the objective of the policy is the protection, the availability and the precision of the information collected and managed.
New aspects introduced by the European Regulation on Data Protection will also be analysed.

OBJECTIVES
The course aims to provide the knowledge needed to carry out an internal audit – using the correct view of the regulations on data protection – of Database Management Systems that contain information on medical and hospital appointments.
The skills needed for a correct assessment of risk relative to processing information, to analysing recurrent non-conformities and to the applicable security controls, will be taught.

TARGET AUDIENCE

  • Compliance/Legal Managers
  • Data Protection Officers
  • Data Processors of personal data
  • CRM Managers/SFE Managers

MINIMUM REQUIREMENTS
Basic knowledge of Italian Legislative Decree 196/2003 and Italian Legislative Decree 219/2006

REGULATIONS OF REFERENCE

  • SGCMF 10002:2013
  • Italian Legislative Decree 196/2003
  • Italian Legislative Decree 219/2006
  • UNI CEI EN ISO/IEC 17065
  • UNI EN ISO 19011_2012
  • UNI EN ISO 9001_2008

TEACHING
The course is given by teachers with specific experience in management systems, processes and procedures related to processing data held in corporate databases in compliance with the statutory requirements of existing Data Protection regulations

TEACHING MATERIAL
Teaching notebook containing:

  • The Authority's provisions affecting the area of reference (pharma)
  • Slides shown during the course

THE PROGRAMME
9:00-13:00 | MODULE 1

• Course objectives
• SGCMF©10002:2013 – PRD UNI EN ISO/IEC 17065:2012 certification scheme
• Processing data:
• Fundamental principles of processing data as per article 11 of Italian Legislative Decree 196/2003
• Improper processing of personal data: damage as per article 15 and the inversion of the burden of proof
• Processing data as part of the detailing activity
• The Internal Auditor's task: aims and functions
• Conducting an audit

13:00: Light Lunch

14:00-17:30 | MODULE 2
• Practical application of the principles and case histories
1. The Authority's provisions
2. Penalties
3. Assessment of system audits in companies
4. Case studies by individual area
     • Compliance/Legal
     • Sales Force effectiveness/CRM
     • IT
     • Training
     • Conferences/Trials

17:30 Final test
18:00 Close

TARGET AUDIENCE

  • Privacy Consultants
  • Internal Auditors
  • DPOs
  • Legal teams
  • HR Managers

REQUIREMENTS

  • Basic knowledge of Italian Legislative Decree 196/2003
  • Basic knowledge of EU Regulation 2016/679

TEACHING MATERIAL

  • EU Regulation GDPR 2016/679
  • ISDP guidelines
  • ISDP©10003:2015 scheme
  • Membership to the private LinkedIn group, 'Osservatorio Privacy EU GDPR'
  • Slides shown during the course

TEACHERS

Teachers are all professionals who have been qualified by InVeo srl

PROGRESS TEST

Written, multiple choice test*

* If the candidate fails to pass the test, it can be retaken after 30 days, online.