Data and Information Governance
Several subjects and regulatory authorities as the European Parliament, FDA, EMA, AIFA have issued regulations or highlighted current guidelines which are focused on data treatment or on data integrity.
Further to data management and treatment, please refer to new Privacy Regulation (EU Regulation 2016/679), further to data integrity, please refer to tools and procedures, for example the 21CfrPart11, Annex11, the Sarbanes-Oxley Act, law 262/05, Best Practice of Segregation of Duties (Sod), and similar regulations to Best Practice which could guarantee a proper governance and compliance.
Some Companies are currently treating these applications with verticalized actions (Privacy, GMP, ecc) which will be implemented shortly and which will obtain an IT point of contact.
We can find regulations in every sector, determining “Rules and regulations regarding critical data treatment”.
Please note that some rules and regulations have a specific data referral instead of the sector referral. For this reason the impact will be a transversal one.
Some rules and regulations are highlighting the real need of an overall view for “CRITICAL DATA” management.
In such a contest, consisting in several IT systems, organizational companies and resources involved, Mazars should give a feedback in order to optimize and uniform the incoming actions.
The suggested approach is to face the problem with an organic method based on specific settings or on methodologic expertise (es: ISO, COBIT, ITIL).
Mazars has defined his own procedure, the “Compliance Maturity Model” in order to improve performance, support compliance system implementing practical solutions with respect to the nature of challenges.
Our specific capabilities, our methodologic expertise and our deep knowledge gives us the possibility to become the perfect partner for our clients.
The result of verification activities allows the client operation areas to be arranged on the Compliance Matrix.
This kind of positioning is able to identify which are the client weak points, which are the areas and the actions where a renovation and improvement is required.
The permanent support from Mazars during this phase is essential to evaluate and plan which remediation actions should be taken considering the background.
Deep experience in ICT Governance
Mazars Italia is able to support its clients in company test procedures like IT security, privacy, data management in IT systems (financial, business, GMP, personal data). Mazars Italia integrates the test procedure activities of the organization, of processes, of IT tools and of reporting in order to check the current status of the actions with respect to the national and international regulation requirements, and the Best Practice and sector standards.
Evaluation of Compliance level in order to define the improvement activities
- Efficiency/efficacy procedural test with respect to the regulations.
- Data localization/features with respect to the regulations.
- Efficiency/efficacy procedures test with respect to the regulations.
- Features/governance of IT systems test with respect to the regulations.
Support to complexity governance
- Definition of a governance strategy (the strategy does not only refer to a specific problem, but also to a centralized governance view of the problem).
- Definition of clear policies and procedures addressed to the governance of the problem (policy and procedure, further to ISO-27001) on a Quality level.
- Clear definition of governance processes for a correct management on ICT side (ITILv3).
- Definition of an inventory process and asset qualification in order to introduce a management methodology secured and monitored.
Supporting Tools: Data Integrity Assessment Tool
Mazars Italia has implemented several IT or methodologic tools in order to interact with clients for the provision of results and reports to share and use to support any decisions.
Deliverables and operation areas
- Definition of a data governance strategy (from inventory to management)
- Definition of a service list for a proper IT governance
- Safe management of data and information (policy and procedures)
- Definition of a Security Policy, based on a risk analysis and definition of actions/tools for the management of data and compliance information
- Definition of Change Management processes (roles, responsibilities, training,etc..further guideline ITILv3)
- Definition of processes and procedures for a proper IT system management (ITSM, ISMS)
- Certification of infrastructures for regulated environments (Implementation of a Change Management Process for Infrastructures)
- Remediation Plan (short-middle term actions) shared with the client in order to increase the compliance level and to obtain sustainable efforts and resources.
Want to know more?
GDPR: il nuovo regolamento europeo sulla privacy
Il 24 maggio 2016 è entrato in vigore il nuovo Regolamento UE 2016/679 (“il Regolamento”) in materia di protezione dei dati personali, denominato anche GDPR “General Data Privacy Regulation“ a cui le imprese dovranno adeguarsi entro il 25 maggio 2018.