Were you unable to attend our webinar Practical Workshop: Documenting Compliance policies and procedures? Don't worry, in this post we summarize the keys to this webinar and the aspects we address.
Maria Torres Robles, Compliance Team Leader at Management Solutions and member of the Senate Master in Compliance and Data Protection Management has accompanied us during this interesting event, in which we highlight the following conclusions:
• Compliance policies and procedures are a essential element of the QMS.
• He ultimate goal of this internal regulation is to inform all people in the organization of their risk activities, risk processes and what they should do or not do to minimize the materialization of risks.
• Between the normative documents We find standards of different levels, such as the code of ethics, policies, procedures and guidelines.
• To prepare a internal regulations must be attended to, first of all. to the principle of proportionality, which implies that it is manageable, does not lose its effectiveness, can be complied with by the entire organization and meets its characteristics.
• In the design phase, the legislation applicable to the company must be identified, define which Compliance obligations apply, identify compliance risks and establish the regulations to be designed, preparing a draft and defining the approval circuit to follow.
• He policy content It should include, among other points: the title, objectives, scope of application, a definitions section, the development of the policy, compliance monitoring, the consequences of non-compliance, contact for questions and change control. The language It must be simple, clear and practical and written in all the languages of the countries in which the organization operates.
• For the policy approval, a good practice is to define and record the approval circuit for the internal regulations to follow. The approval of Senior Management extends to high-level policies, and approval may rest with the Management of the area responsible for compliance for the rest of the policies and procedures.
• In dissemination and communication matters, a good practice is to demand the commitment to know and comply with the content of the internal regulations through ratification by signature of all people employed in the organization.
• The dissemination of internal regulations It must be promoted by Senior Management, through training courses, awareness-raising and specific communications that must be recorded and kept safe.
• Internal regulations must have easy access and quick location for all people employed in the organization.
• The review of the regulations must be periodic, at least once a year and, in any case, if necessary due to legislative changes, changes in the organizational structure, etc.
If you liked this webinar, follow us on Linkedin and stay informed of all our events. In addition, we recommend that you subscribe to our newsletter, so as not to miss any of our interesting posts.
