An organization's policies, procedures and manuals make up the set of internal regulations which tries to comply with and respect both current legislation and the values and principles that have been voluntarily assumed by Senior Management.
Objective of policies, procedures and manuals
They are considered as a preventive internal control mechanism, so its objective is nothing more than the prevention of a possible materialization of compliance risks. In this way, within organizations, we find policies, procedures and manuals that refer to different compliance domains: Confidentiality Policy, Personal Data Processing Policy, Money Laundering and Terrorist Financing Prevention Policy, etc.
These documents, in order to be effective, must be known, understood and respected by all members of the organization.
Differences between policies, procedures and manuals
An important aspect is the distinction between policies, procedures and manuals. While the former are more general in nature and contain broadly developed guidelines for action; The procedures contain a greater degree of detail. Finally, the manuals reach the maximum level of detail within this set of documents.
The Compliance function will be responsible for developing, publishing, monitoring and raising awareness about the need to know and comply with these policies, procedures and manuals. It is an essential requirement that these documents be approved by Senior Management of the organization.
As responsible for the set of policies, procedures and manuals, the Compliance function must adapt it to the characteristics of the organization, taking into account its activity, culture, objectives and corporate values and principles, in addition to, of course, being in harmony with current legislation.
Finally, another relevant element in relation to policies, procedures and manuals will be their review, updating and registration. It is generally accepted that these documents must be reviewed at least once a year, and updated if considered so. Obviously, a review and update of the documents will also be carried out unexpectedly. in the event that certain circumstances occur such as a regulatory or organizational change or the detection of non-compliance in the organization, among others. Regarding the record, as in all documents of the Compliance function, A complete and updated record and document management must be maintained. of all policies, procedures and manuals of the organization.
Training in this area will give you a lot of knowledge about data protection and compliance within an organization. With the Master in Compliance and Data Protection Management You will obtain the necessary skills.