Often, when it comes to a Privacy Program, compliance with the General Data Protection Law (LGPD) or Information Security Governance (IS), “packages” of normative documents (such as Policies, Standards, Procedures, Instructions and others) are offered, sold or desired.
The fact is that standardization through
These documents supports compliance with regulations, programs and laws from both the public and private perspectives. And support subsidizes the execution and continued execution, not as an db to data in itself, but to achieve the same objectives proposed by such regulations, programs and laws. However, I am by the frequency of the argument. To protect ourselves” that usually accompanies the indication of the need for these documents.
From the heyday of ISO 9001 to
Today’s integrity programs, appearing honest is important and reflects positively on one’s image 3 reasons why interactive content is a great resource for brand positioning in the finance sector credibility. But appearing honest is not enough when it comes to compliance, whether voluntary or mandatory. And, once again, I come back to people.
A privacy and data protection
Policy will only be relevant if it reflects the reality of the fair treatment of personal data and not a generic model. An information security management system will only be valid when it records the modus operandi of the chine directory to which it refers and not what it aspires to be. And also regarding people, if their work activities are not directly. To these guidelines, they need to about the parameters. That guide and regulated points that directly or indirectly involve their activities.