Self-assessment for Reliable Cash Register Quality Mark
|
|
- Milo Higgins
- 8 years ago
- Views:
Transcription
1 Secretariaat: ECP Postbus AG Leidschendam Self-assessment for Reliable Cash Register Quality Mark Version 0.3, 10 May 2012 The self-assessment is a questionnaire for producers and suppliers of cash registers on compliance with the standards. These standards are described in the document Norm voor een Betrouwbaar Afrekensysteem (Standard for a Reliable Cash Register). They have been set by the Provisional Participants' Council (Voorlopige Raad van Deelnemers) of the Reliable Cash Registers Foundation (Stichting Betrouwbare Afrekensystemen). The self-assessment provides the Reliable Cash Registers Foundation with information about the extent to which the cash register meets the standard for a reliable cash register. It also shows the possible risks involved. A score model is used to provide producers and suppliers of cash registers with insight into possible points of improvement. Quality demands continuous attention Producers of cash registers are aware of the fact that a growth strategy is required in order to continually improve the quality of the control measures and to obtain a higher score on the selfassessment. This is also necessary due to the strong increase in the number of (technical) features to influence the quality of the data. This threat must be dealt with at all times. The document 'Self-assessment for a Reliable Cash Register Quality Mark' is divided on the basis of the four control objectives stated in the document Standard for a Reliable Cash Register ( Norm voor een Betrouwbaar Afrekensysteem. The division into - chapters - paragraphs - key questions (in boxes) is in line with the document Standard for a Reliable Cash Register, as determined by the Provisional Participants' Council. The definitions used in this document have been laid down in a Standard for a Reliable Cash Register Each objective describes the following: - control objective. - description, the rationale (the why) - classification. - conformity requirements, the success criteria required in order to successfully complete the self-assessment. - explanatory questions. - score, which gives - for each standard - an overview of the scores obtained for each main question. - statement, which summarises the conclusion and confirms the applicant's opinion. The same format is used for all explanatory questions. This format has a number of fixed elements: - no.: the numbering of the questions for cash registers. The questions and numbering follow the division of Standard for a Reliable Cash Register. - questions: these must be answered in a concise and clear manner. - standard: criterion that a cash register must meet. 'Objective' explains the purpose of a Keurmerk Het Betrouwbare Afrekensysteem Page 1 of 40
2 standard that has been set. - description: explanation of the objective. - classification: describes the degree of effectiveness of the objectives within the selfassessment. This could be low, medium or high. The classification can be adjusted in a specific situation as a result of a risk analysis. Score You determine the degree of conformity on the basis of a score. This score is expressed in a percentage between 0 and 100. As an indication, we state the significance you can attach to five percentages. 100% excellent The measures are highly effective. Users are unable to circumvent the measures taken in the cash register. Nor outside the cash register. The measures have undergone extensive testing. 80% good The measures are effective. Users are unable to circumvent the measures taken in the cash register or are only able to do so with special efforts. The system contains sufficient measures in order to detect and identify a violation. 60% sufficient The measures taken are sufficiently effective. The cash register is, however, insufficiently able to prevent a conscious violation. 40% mediocre The measures taken are insufficiently effective. 20% poor The measures taken are incomplete and ineffective. N/A Not applicable. Each section contains guidelines on the basis of which a score is given. These guidelines are still being developed. If the measures taken meet all conformity requirements, this will result in a 100% score, or 'excellent'. This is the aspiration level. Keurmerk Het Betrouwbare Afrekensysteem Page 2 of 40
3 1. Record all events Control objective The cash register must record all events entered by the user as early as during the formalisation phase. The formalisation phase is the phase of the sale before it is formally concluded by means of a payment. Special events, such as discounts, returns, terminated transactions, withdrawals and training mode are characterised as such. This allows for an assessment of whether the transactions actually conducted have also been registered and paid in a correct, complete and timely manner. Explanation The cash register records the data of and on the sales transactions in detail. The data of and on incomplete sales transactions remain stored as well. NB: for the concept of 'event', this document uses the broad definition of actions and activities resulting in input or output in the cash register. A transaction falls under the concept of 'event'. Description, the rationale (the why) The cash register must record all relevant events. As a result, it will create an audit trail, which makes it possible to reconstruct reality afterwards. The presence of a relevant audit trail supports the correctness, completeness and timeliness of the transactions recorded. A cash register records both the data of a sales transaction and the data of an action or activity in the framework of the registration process. If the user records all actions in a cash register, including the data of the person conducting them, the cash register will record information that can be used by the user to control the business. This also offers the opportunity to assess the correctness and completeness of the recording of the actual activities afterwards. It also has a preventive effect. Data are recorded (and stored) before and independently from the fact whether the transactions are formally completed. Classification The classification shows the extent to which a cash register meets the objective to meet the standard which has been set for each question and detailed question. You state the score for each standard. Conformity requirements The cash register registers the data elements of the actions performed during the various processes (events also including transactions). These continue to be archived during the retention period. The cash register must not only record data. It must also offer the possibility to assess them. The cash register contains measures to protect critical data against unauthorised and undocumented changes. You must document the system of measures to protect the data against unauthorised changes. Explanatory questions By conducting the self-assessment, you form a picture of the extent to which the cash register meets the system of standards. The questions will help you with this. Keurmerk Het Betrouwbare Afrekensysteem Page 3 of 40
4 1.1. The cash register records events from the very beginning in a timely, complete and correct manner. This record continues to be available. No. Questions Objectives Classification Are all events recorded? Prevention of incomplete recording of transactions and revenue manipulation. High Which measures does the cash register contain in order to guarantee that all events are recorded? Which measures are taken in order to determine that all recordings have been fully processed? Examples are cross-checks, totals in daily reports and suchlike Which entry fields must be completed at least automatically or by the user? Does the cash register force the user to complete them? Keurmerk Het Betrouwbare Afrekensysteem Page 4 of 40
5 Of each event, does the cash register record the person who conducted it and the time when it was conducted? Does the cash register support the segregation of duties used within the user's organisation? Which possibilities does the cash register offer for showing at any desired moment the authorisations that are used? Does the cash register store the history? Which measures are taken in the cash register to record events in case of a power failure, computer breakdown, broken connection and suchlike? Keurmerk Het Betrouwbare Afrekensysteem Page 5 of 40
6 Keurmerk Het Betrouwbare Afrekensysteem Page 6 of 40
7 No. Questions Objectives Classification Which measures does the cash register contain in order to guarantee that the correct sales price is charged for all articles or services sold? Measures to improve a correct recording of transactions. Medium Which measures does the cash register contain in order to guarantee that the correct sales price is charged for all articles or services sold? Which measures guarantee that the cash register uses the correct calculation rules for each recording? No. Questions Objectives Classification Suppose the cash register consolidates transactions. Will the primary data remain stored in that case and will there be an audit trail? Primary data of transactions remain stored in detail. High Suppose the cash register consolidates transactions. Will the primary data remain stored in that case? And will there be an audit trail? Keurmerk Het Betrouwbare Afrekensysteem Page 7 of 40
8 Keurmerk Het Betrouwbare Afrekensysteem Page 8 of 40
9 Which functionalities does the cash register contain in order to remove transaction lines? And how does the cash register ensure that the changes can be assessed afterwards (audit trail)? Score Question Classification Conformity expressed in a percentage N/A High Medium High If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that the cash register records events from the very beginning in a timely, complete and correct manner. I also state that the data continue to be available. Keurmerk Het Betrouwbare Afrekensysteem Page 9 of 40
10 1.2. The cash register records transaction data right from the moment of selling of an article. No. Questions Objectives Classification Does the cash register record transaction data from the moment when the formalisation phase has been passed? Prevention of pilfering of values during the sales process. High Does the cash register record transaction data right from the moment of selling of any article of service? That is before the completion of the ticket by entering total, subtotal or void Suppose that during the process (before the subtotal button is pressed), it is decided not to purchase a product that has already been registered. What is recorded of this? Prevention of pilfering of values during the execution of the sales process. High Suppose that during the process (before the subtotal button is pressed), it is decided not to purchase a product that has already been registered. What is recorded of this? Keurmerk Het Betrouwbare Afrekensysteem Page 10 of 40
11 1.2.3 How are special events (such as discounts, returns, terminated transactions, withdrawals, personal use, free provisions, opening the till, training mode and suchlike) provided with a specific reference that cannot be changed? References of special transactions allow for checking the business process. High How are special events (such as discounts, returns, terminated transactions, withdrawals, personal use, free provisions, opening the till, training mode and suchlike) provided with a specific reference that cannot be changed? Score Quest ion Classificatio n High High High Conformity expressed in a percentage N/A If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that the cash register records transaction data from the moment when the formalisation phase has been passed. Keurmerk Het Betrouwbare Afrekensysteem Page 11 of 40
12 1.3. The cash register processes corrections without changing the original transaction. Incorrect transactions are not deleted. Changes are recorded by means of an audit trail to the original transaction. No. Questions Objectives Classification Does the cash register process corrections without changing the original transaction? Are incorrect transactions fully or partly processed as a reversal? Are additional changes recorded by means of an audit trail to the original transaction? The correctness of corrections can be audited. High How does the cash register record corrections? What can the user see of this in the recording? Suppose that corrections were made after a transaction has been concluded. Are these corrections processed without changing the original transaction lines and/or the total transaction? How can the corrections be traced back to the original transaction? Keurmerk Het Betrouwbare Afrekensysteem Page 12 of 40
13 Keurmerk Het Betrouwbare Afrekensysteem Page 13 of 40
14 Score Quest Classificatio ion n High Conformity expressed in a percentage N/A If relevant, you briefly state the improvements you will implement and the period within which you will do so. Statement I state that the cash register processes corrections without changing the original transaction. Incorrect transactions are not deleted. Changes are recorded by means of an audit trail to the original transaction. Keurmerk Het Betrouwbare Afrekensysteem Page 14 of 40
15 2. Integrity of recordings Control objective The cash register may not contain any functionality that affects the integrity of the recording. It processes all the data entered and records them in files, counters and reports. This is done in a way that shows the correct, on time and complete processing. The cash register does not support any functions that affect this objective. Explanation of this control objective: the cash register supports the processing of provable reliable information that allows the user to keep accounts that meet the statutory requirements. The cash register does not contain any functionality that can be used to change or delete recorded data without showing who is responsible for this, what was changed or deleted and when this was done. Are any changes made to the software of the cash register? In that case, you record who did this, what was changed and why and when this was done. If the user of the cash register has the possibility to change the cash register, the cash register will record the changes. These data must be archived for seven years. You adequately record the documentation of the functionalities of the cash register and of the changes thereto (version management). Description, the rationale (the why) The cash register may not contain any functionality that changes or deletes recorded data. Changes to the cash register by the producer or supplier must be recorded. Moreover, the various versions of cash registers must be stored. This makes it possible to reconstruct reality afterwards. The essence of this control objective is to determine the correctness and completeness of the recorded events. This prevents the unauthorised mutation of recorded data. Here, a distinction can be made between, on the one hand, using functionality within the cash register itself and, on the other hand, access the database outside the cash register. The architecture of the cash register partly determines the extent to which the measures are more or less aimed at data protection. Payment systems with architecture with embedded software and closed files require a different set of measures than cash registers whereby software and data are managed by on-line solution providers. Payment systems in an accessible PC automation environment require appropriate techniques in order to secure the data. Classification The classification shows the extent to which a cash register meets the objective to meet the standard which has been set for each question and detailed question. You state the score for each standard. Conformity requirements The functionalities and the changes thereto are documented. Keurmerk Het Betrouwbare Afrekensysteem Page 15 of 40
16 The software is protected against unauthorised changes. The recorded events must be correct and complete. It should be possible to audit the recorded events. Changes to recorded events are provably filed. The audit trail of changes is filed provable. Any (attempt) of access of the database from outside the cash register is detected and recorded. The cash register records changes to recorded events. It protects the data against unauthorised changes. Explanatory questions During the self-assessment, you answer questions with reference to the standards. The following questions can help you with this The cash register does not contain any functionality that can be used to change or delete recorded data without showing who is responsible for this, what was changed or deleted and when this was done. No. Questions Objectives Classification Does the cash register contain any functionality that can be used to change or delete recorded data without showing who is responsible for this, what was changed or deleted and when this was done? Recorded data cannot be changed or deleted. High Is it possible to change or delete data already recorded within the cash register? How is this managed? Is it possible to access the database outside the cash register? If so, is an external access (changes and/or deletions) of the database detected, recorded and reported by the cash register? How is this managed? Keurmerk Het Betrouwbare Afrekensysteem Page 16 of 40
17 Score Quest Classificatio ion n High Conformity expressed in a percentage N/A If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that the cash register does not contain any functionality that can be used to change or delete recorded data without showing who is responsible for this, what was changed or deleted and when this was done Changes to the software of the cash register are recorded. These changes (who made the change, what was changed, why and when) are stored during the retention period. No. Questions Objectives Classification Do you record changes to the software of the cash register? Do you store the documentation of these changes (who made the change, what was changed, why and when) for at least seven years? The cash register is maintained by officers authorised for this purpose. Changes are documented. High Keurmerk Het Betrouwbare Afrekensysteem Page 17 of 40
18 How is the history of the development of the cash register recorded? How is the software protected against unauthorised changes? Score Quest Classificatio ion n High Conformity expressed in a percentage N/A If relevant, you briefly state the improvements you will make and the period within which you will do so. Keurmerk Het Betrouwbare Afrekensysteem Page 18 of 40
19 Statement I state that changes to the software of the cash register are recorded. These changes (who made the change, what was changed, why and when) are archived during the retention period The documentation of the cash register is also part of the cash register. You use this to record data on the functionalities of the cash register. Moreover, you record data on changes to these functionalities (version management). No. Questions Objectives Classification Do you adequately record the documentation of the functionalities of the cash register and of the changes thereto (version management)? The documentation partly allows for assessing the reliability of the functioning of the cash register. High Are the functionalities of the cash register fully documented? Where is this documentation stored? How do you make sure that the documentation of the development of the cash register remains up-to-date and in accordance with the current version? How do you determine the product name and the version of the cash register? Keurmerk Het Betrouwbare Afrekensysteem Page 19 of 40
20 Keurmerk Het Betrouwbare Afrekensysteem Page 20 of Which possibilities does the cash register offer for showing at any time the modules it uses and used in the past? Which possibilities does the cash register offer for showing at any time the parameter settings it uses and used in the past?
21 Score Quest Classificatio ion n High Conformity expressed in a percentage N/A If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that the cash register contains an adequate documentation of the functionalities and the changes thereto (version management). Keurmerk Het Betrouwbare Afrekensysteem Page 21 of 40
22 3. Storing recordings Control objective Recordings are permanently stored. This applies to the data of trans actions, events, permanent and semi-permanent data. The information can be provided quickly and properly. Explanation of this control objective The cash register provides provable reliable information that allows the user to keep accounts that meet the requirement of auditability within a reasonable period. Recordings are archived during the retention period. The authenticity, auditability and integrity of the recordings are demonstrably guaranteed. Any violations of the authenticity and integrity of the recordings are prevented and actively detected. Description, the rationale (the why) Recordings are permanently stored and the information can be provided quickly and properly. The archiving of the data must be organised such that it is possible to establish afterwards that the data are a correct and sufficiently complete representation of reality. A reliable cash register gives a permanently reliable picture of the sales concluded in reality. It does so on the basis of the data on the sales transactions and the events, and on the basis of the related reports. For a proper operational management, these data must be recorded correctly in a cash register. First of all in order to be able to quickly and properly implement and, where possible, improve the business process of direct sales to consumers. But also in order to account for the operational management. The quality of the data must be sufficient so that they can have and continue to have evidential value. Data derive their evidential value from the degree to which they are indisputably correct, complete and timely. The degree of integrity, authenticity and auditability determines the indisputability and evidential value. The cash register contains measures in order to guarantee the evidential value. The functioning of the cash register is supervised during the execution of the process, but also after some time. For instance, an external accountant or the Tax and Customs Administration carries out the supervision after the end of the period in which the sales transactions have been recorded by means of the cash register. This control objective aims to have the quality of the recordings in the cash register keep its evidential value throughout the retention period. This way, the recording forms the basi s of a quick and proper audit. A cash register takes measures in order to give the data sufficient evidential value and to have these data keep this value throughout the retention period. An audit trail ensures that information in a report or file can be traced back to the data recorded in the cash register. The audit trail can also establish a link with related processes and events. For example, with accounts, payments, stock movements and management information systems that each have their own audit tra il. In the cash register, functions are included in the software in order to secure data and record changes. Appropriate techniques are used to protect the digital data against changes that cannot be audited properly and quickly. The definition of auditability is: the possibility to establish how information provision and its components are structured. The aim is to have a picture of reality that is as reliable as possible at the moment when the data are assessed. This is necessary in order to make the ri ght decision on the basis of the information presented. Keurmerk Het Betrouwbare Afrekensysteem Page 22 of 40
23 Information must be provided properly and quickly. The aim of the requirement of auditability within a reasonable period is to keep the completion time of an audit as short as possible. A usable def inition of a reasonable period is: following the period of time a cash register needs in order to provide reports and files on the basis of the recorded data. In view of the current state of the art, most reports and files can be supplied almost immediately. In special circumstances, it is acceptable if the information is provided within a few weeks. All recordings in the cash register are archived throughout the retention period. This is done in such a way that the data can be provided to the supervisory authority within a reasonable period from the moment when this authority asks for it. Throughout the retention period, the correctness and completeness of the recorded data are guaranteed. Classification The classification shows the extent to which a cash register meets the objective to meet the standard which has been set for each question and detailed question. You state the score for each standard. The recorded data must be stored. It should be possible to audit the recorded data. The recorded data must be provided within a reasonable period. Critical data must be protected against unauthorised and undocumented changes. The system of measures to store the data throughout the retention period and protect them against unauthorised changes is documented. The data are protected against unauthorised changes. The cash register ensures that a regular backup is made. All data are stored, so that the audit trail continues to exist. Explanatory questions During the self-assessment, you answer questions with reference to the system of standards. The following questions can help you with this The cash register demonstrably provides reliable information that allows the user to keep records that meet the requirement of auditability within a reasonable period. No. Questions Objectives Classification Which measures are taken in order to demonstrably guarantee the authenticity and integrity? The data may not be changed. This must be demonstrably guaranteed. High Which measures does the cash register contain in order to guarantee the evidential value of the recordings throughout the retention period? Keurmerk Het Betrouwbare Afrekensysteem Page 23 of 40
24 How is the database secured? Have the measures taken been checked against attempts to tamper information by deliberately changing data without an audit trail? What were the findings? How is the permanent audit trail of the information made clear? Score Quest Classificatio ion n High Conformity expressed in a percentage N/A Keurmerk Het Betrouwbare Afrekensysteem Page 24 of 40
25 If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that the cash register demonstrably provides reliable information that allows the user to keep accounts that meet the requirement of auditability within a reasonable period Recordings are archived during the retention period No. Questions Objectives Classification How do data continue to be archived throughout the retention period? The statutory requirements with respect to the retention period are met. High Which method does the cash register use in order to keep the data available throughout the retention period in a correct and complete manner? Does the archiving facility of the cash register form part of the standard configuration? Keurmerk Het Betrouwbare Afrekensysteem Page 25 of 40
26 Keurmerk Het Betrouwbare Afrekensysteem Page 26 of 40
27 No. Questions Objectives Classification Where and how are the detailed data from the cash register archived throughout the retention period? It is clear to the user of the cash register where the data are stored and how they can be provided. Medium How are the data from the internal memory (such as RAM, EPROM or the memory of the cash register) stored in the external memory? Do any consolidations take place without a trail to the original data? Opmerking [BZ1]: De som van gegevens bewaren en details weggooien? Summarise, aggregation eerdere dan consolidation. (gebruik je voor financiële informatie) What happens in case of a data overflow of the cash registers internal memory? Which facilities does the cash register offer in order to make a backup? Keurmerk Het Betrouwbare Afrekensysteem Page 27 of 40
28 Is the user's attention actively drawn to making a backup in time and periodically testing a recovery? Can only experts and authorised officers perform a recovery that may affect the storing of data (such as data recovery, system recovery, replacing hardware)? No. Questions Objectives Classification How and within what period can the cash register supply all detailed data recorded? NB: it does not concern 'totals' here. Data are supplied within a reasonable period. Medium Can requested reports be produced by the system immediately and at all times? Keurmerk Het Betrouwbare Afrekensysteem Page 28 of 40
29 Keurmerk Het Betrouwbare Afrekensysteem Page 29 of 40
30 No. Questions Objectives Classification Does the data set supplied meet the guidelines for the audit file for cash register systems? The data set is supplied in a standard format. Medium Does the cash register contain an export feature to the format of the ML Audit File Cash Register (ML Auditfile Afrekensysteem or AA)? No. Questions Objectives Classification How can data be converted to another cash register? This question applies to both a new version and to a cash register of another supplier. The original information also continues to be available in case of system changes. Medium How is the cash register able to convert data to a new version or to a new cash register? How is the cash register able to copy data from a previous version or from a previous cash register? Keurmerk Het Betrouwbare Afrekensysteem Page 30 of 40
31 Score Quest ion Classificatio n High Medium Medium Medium Medium Conformity expressed in a percentage N/A If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that the recordings are archived during the retention period. 3.3 Any violations of the authenticity and integrity of the recordings are prevented and actively detected. No. Questions Objectives Classification Which actions are performed if the integrity of the database is corrupted? For example, as a result of a direct mutation in the database. Guaranteeing the continuous integrity of the database. High Which measures does the cash register contain in order to prevent, detect and report any direct changes to the database? Keurmerk Het Betrouwbare Afrekensysteem Page 31 of 40
32 Keurmerk Het Betrouwbare Afrekensysteem Page 32 of 40
33 Does the cash register report any changes to the database (with an audit trail)? Score Quest Classificatio ion n High Conformity expressed in a percentage N/A If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that any violations of the authenticity and integrity of the recordings are prevented and actively detected. Keurmerk Het Betrouwbare Afrekensysteem Page 33 of 40
34 4. The report is clear and reliable Control objective The reports provide a reliable and clear picture of the recordings in the cash register. Explanation of this control objective: the authenticity and integrity of the recordings and the reports are guaranteed. The reports clarify the connection with the recordings in the cash register. Recordings are stored during the retention period. Any changes to the configuration of the report can only be made by the manufacturer, the supplier or the installer of the cash register. Description, the rationale (the why) The reports of a cash register offer a clear and reliable picture of reality for a certain period. Any report can be traced back to reality using the recording of data and the audit trail in particular. The reports must be complete and the cash register must guarantee this completeness. Opmerking [BZ2]: Jargon: A correct, timely and complete report of the recorded information is necessary in order to use the information from the cash register in the organisation. This information is necessary in order to manage the organisation, but also in order to account for the operational management. The value of reports and selections from data files, text reports or information provided in another manner increases if it is clear that they form part of the total. But also how they form part of this. An example is revenue that is recorded for training purposes. This revenue does not form part of the revenue that is recorded in the financial accounts. This revenue does, however, form part of the total revenue recorded and is described as such. Moreover, this revenue is visibly eliminated as revenue that cannot be recorded in the financial accounts. The aim of this control objective is to have the cash register produce correct, timely and complete reports. The reports must also contain an audit trail to the data originally recorded. As a result, the reports will correspond with the data actually entered. Vice versa, the cash register ensures that the data correspond with the reports. Classification The classification shows the extent to which a cash register meets the objective to meet the standard which has been set for each question and detailed question. You state the score for each standard. Conformity requirements The reports are correct, timely and complete. The reports have an audit trail. The role of the reports in the daily closing is clear. The set of measures taken in order to have correct, timely and complete reports is documented. All data are reported, so that the audit trail continues to exist. The cash register supports the export of data to common formats, preferably ML Auditfile Afrekensystemen. The data set to be supplied meets the guidelines for the ML Auditfile Afrekensystemen. Keurmerk Het Betrouwbare Afrekensysteem Page 34 of 40
35 Explanatory questions During the self-assessment, you answer questions with reference to the system of standards. The following questions can help you with this Are the authenticity and integrity of the recordings and the reports guaranteed? No. Questions Objectives Classification How does the daily closing proceed? Please explain using print screens. How are discrepancies presented? The daily closing is performed in a transparent manner. High Which standard reports can the system produce? Who can have the reports drawn up? In which format and in which form can the reports be drawn up? Score Quest ion Classificatio n Conformity expressed in a percentage Keurmerk Het Betrouwbare Afrekensysteem Page 35 of 40 N/A
36 4.1.1 High If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that the system is able to guarantee the authenticity and integrity of the recordings and the reports Do reports clearly show the connection with the recordings in the cash register? No. Questions Objectives Classification How do reports show the connection with the recordings in the cash register? The reports provide a correct, complete and timely picture of the data in the cash register. High Do standard reports provide a balanced overview of recorded data, showing a correct, complete and timely picture of the recordings? Which measures are taken in order to show the consistency between the report and the totals of the recording? Keurmerk Het Betrouwbare Afrekensysteem Page 36 of 40
37 No. Questions Objectives Classification Which possibilities are there in order to produce client-specific reports? The cash register offers the possibility to tailor reports to the information requirements of the user. Medium Can any client-specific reports be produced? If so, do client-specific reports provide a balanced overview of recorded data, showing a correct, complete and timely picture of the recordings? Which measures are taken in order to show the consistency between the reports and the totals of the recordings? Who can draw up client-specific reports? Do reports clearly show the variables on the basis of which data are requested? Score Quest ion Classificatio n High Medium Conformity expressed in a percentage Keurmerk Het Betrouwbare Afrekensysteem Page 37 of 40 N/A
38 If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that the reports clearly show the connection with the recordings in the cash register Can any changes to the configuration of reports only be made by the manufacturer, the supplier or the installer of the cash register? No. Questions Objectives Classification Who can make changes to the programming and the creation of standard reports that consist of the prime recordings of the cash register? How can they do that? Changes to the composition of the reports can be audited. High Which measures are taken in order to provide a correct, complete and timely picture of changes to the composition of standard reports? Who can change the composition of standard reports? Keurmerk Het Betrouwbare Afrekensysteem Page 38 of 40
39 Keurmerk Het Betrouwbare Afrekensysteem Page 39 of 40
40 Score Quest Classificatio ion n High Conformity expressed in a percentage N/A If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that any changes to the configuration of the report can only be made by the manufacturer, the supplier or the installer of the cash register. Keurmerk Het Betrouwbare Afrekensysteem Page 40 of 40
Information Security Policies. Version 6.1
Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationTERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL
TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL INTRODUCTION WHAT IS A RECORD? AS ISO 15489-2002 Records Management defines a record as information created,
More informationExplanatory notes VAT invoicing rules
Explanatory notes VAT invoicing rules (Council Directive 2010/45/EU) Why explanatory notes? Explanatory notes aim at providing a better understanding of legislation adopted at EU level and in this case
More informationManagement of Official Records in a Business System
GPO Box 2343 ADELAIDE SA 5001 Tel (08) 8204 8773 Fax (08) 8204 8777 DX:467 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Management of Official Records in a Business System October 2011 Version
More informationThird Party Security Requirements Policy
Overview This policy sets out the requirements expected of third parties to effectively protect BBC information. Audience Owner Contacts This policy applies to all third parties and staff, including contractors,
More informationThe Sector Skills Council for the Financial Services Industry. National Occupational Standards for the Financial Services Sector.
The Sector Skills Council for the Financial Services Industry National Occupational Standards for the Financial Services Sector Bank Accounts Contents Unit BA1 Unit BA2 Unit BA3 Unit BA4 Unit BA5 Unit
More informationINFORMATION TECHNOLOGY CONTROLS
CHAPTER 14 INFORMATION TECHNOLOGY CONTROLS SCOPE This chapter addresses requirements common to all financial accounting systems and is not limited to the statewide financial accounting system, ENCOMPASS,
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationAEO SELF-ASSESSMENT Section 1 Economic operator Information
AEO SELF-ASSESSMENT Section 1 Economic operator Information Sub-section 1.01 Organisational characteristics 1.01 Question Standard Response 1. Depending on your legal status, provide the names and addresses
More informationAudit Manual PART TWO SYSTEM BASED AUDIT
Audit Manual PART TWO SYSTEM BASED AUDIT Table of content 1. Introduction...3 2. Systems based audit...4 2.1. Preparing for & planning the audit assignment...5 2.2. Ascertaining and recording the system...7
More informationPart A OVERVIEW...1. 1. Introduction...1. 2. Applicability...2. 3. Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...
Part A OVERVIEW...1 1. Introduction...1 2. Applicability...2 3. Legal Provision...2 Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...3 4. Guiding Principles...3 Part C IMPLEMENTATION...13 5. Implementation
More informationCHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS
11-1 CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS INTRODUCTION The State Board of Accounts, in accordance with State statutes and the Statements on Auditing Standards Numbers 78
More informationLife Cycle of Records
Discard Create Inactive Life Cycle of Records Current Retain Use Semi-current Records Management Policy April 2014 Document title Records Management Policy April 2014 Document author and department Responsible
More informationDecision on adequate information system management. (Official Gazette 37/2010)
Decision on adequate information system management (Official Gazette 37/2010) Pursuant to Article 161, paragraph (1), item (3) of the Credit Institutions Act (Official Gazette 117/2008, 74/2009 and 153/2009)
More informationSupplement to Gaming Machine Technical Standards Consultation
Supplement to Gaming Machine Technical Standards Consultation Downloadable, Wireless and Cashless Gaming Machine Systems Consultation paper, September 2006 Introduction 1. This paper is a supplement to
More informationIT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results
Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.
More informationInternal Control Deliverables. For. System Development Projects
DIVISION OF AUDIT SERVICES Internal Control Deliverables For System Development Projects Table of Contents Introduction... 3 Process Flow... 3 Controls Objectives... 4 Environmental and General IT Controls...
More informationInformation Security Team
Title Document number Add document Document status number Draft Owner Approver(s) CISO Information Security Team Version Version history Version date 0.01-0.05 Initial drafts of handbook 26 Oct 2015 Preface
More informationFINANCIAL ADMINISTRATION MANUAL
Issue Date: September 2009 Effective Date: Immediate Chapter: Accounting for Expenditures Responsible Agency: Office of the Comptroller General Directive No: 706-3 Directive Title: ACCOUNTING CONTROLS
More informationFSPBA1 Set up bank accounts for customers
FSPBA1 Set up bank accounts for customers Overview This unit is about the process of setting up bank accounts for both new and existing customers. You will need to complete the process of setting up individual
More informationFORUM ON TAX ADMINISTRATION
ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT FORUM ON TAX ADMINISTRATION Guidance Note: Guidance and Specifications for Tax Compliance of Business and Accounting Software April 2010 CENTRE FOR
More informationScotland s Commissioner for Children and Young People Records Management Policy
Scotland s Commissioner for Children and Young People Records Management Policy 1 RECORDS MANAGEMENT POLICY OVERVIEW 2 Policy Statement 2 Scope 2 Relevant Legislation and Regulations 2 Policy Objectives
More informationState Records Office Guideline. Management of Digital Records
State Records Office Guideline Management of Digital Records An Information Management Guideline for State Organizations Version 2 January 2015 www.sro.wa.gov.au Contents GLOSSARY... 2 PURPOSE... 5 BACKGROUND...
More informationAdlib Hosting - Service Level Agreement
Adlib Hosting - Service Level Agreement June 2014 This service level agreement (SLA) applies to the Adlib Hosting services provided by Axiell ALM Netherlands BV, and includes the activities and facilities
More informationINFORMATION TECHNOLOGY MANAGEMENT CONTENTS. CHAPTER C RISKS 357-7 8. Risk Assessment 357-7
Information Technology Management Page 357-1 INFORMATION TECHNOLOGY MANAGEMENT CONTENTS CHAPTER A GENERAL 357-3 1. Introduction 357-3 2. Applicability 357-3 CHAPTER B SUPERVISION AND MANAGEMENT 357-4 3.
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationMinistry of Labour and Social Policy LAW ON VOLUNTARY FULLY FUNDED PENSION INSURANCE (189347.11)
Ministry of Labour and Social Policy LAW ON VOLUNTARY FULLY FUNDED PENSION INSURANCE 1 Table of Contents CHAPTER 1 GENERAL PROVISIONS... 3 CHAPTER 2 VOLUNTARY PENSION FUNDS... 7 CHAPTER 3 PENSION COMPANIES
More informationEUROPEAN COMMISSION HEALTH AND CONSUMERS DIRECTORATE-GENERAL. EudraLex The Rules Governing Medicinal Products in the European Union
EUROPEAN COMMISSION HEALTH AND CONSUMERS DIRECTORATE-GENERAL Public Health and Risk Assessment Pharmaceuticals Brussels, SANCO/C8/AM/sl/ares(2010)1064599 EudraLex The Rules Governing Medicinal Products
More informationSpace Project Management
EUROPEAN COOPERATION FOR SPACE STANDARDIZATION Space Project Management Configuration Management Secretariat ESA ESTEC Requirements & Standards Division Noordwijk, The Netherlands Published by: Price:
More informationIS INFORMATION SECURITY POLICY
IS INFORMATION SECURITY POLICY Version: Version 1.0 Ratified by: Trust Executive Committee Approved by responsible committee(s) IS Business Continuity and Security Group Name/title of originator/policy
More informationProtecting Official Records as Evidence in the Cloud Environment. Anne Thurston
Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after
More informationISO27001 Controls and Objectives
Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationRecords Management Plan. April 2015
Records Management Plan April 2015 Prepared in accordance with the Public Records (Scotland) Act 2011 and submitted to the Keeper of the Records of Scotland for their agreement on 28 April 2015 (Revised
More informationCryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik
Common Criteria Protection Profile Cryptographic Modules, Security Level Enhanced BSI-CC-PP-0045 Endorsed by the Foreword This Protection Profile - Cryptographic Modules, Security Level Enhanced - is issued
More informationINFORMATION AND DOCUMENTATION RECORDS MANAGEMENT PART 1: GENERAL IRISH STANDARD I.S. ISO 15489-1:2004. Price Code
IRISH STANDARD I.S. ISO 15489-1:2004 ICS 01.140.20 INFORMATION AND DOCUMENTATION RECORDS MANAGEMENT PART 1: GENERAL National Standards Authority of Ireland Glasnevin, Dublin 9 Ireland Tel: +353 1 807 3800
More informationyour cash register and the fiscal accounting obligations
2007 your cash register and the fiscal accounting obligations 12345 1 your cash register and the fiscal accounting obligations 1. Why this leaflet? If you use a cashregister or point of sale system, you
More informationCorporate Social Responsibility Policy
Corporate Social Responsibility Policy 2 Content 1 Motivation 3 1.1 What do we want to achieve? 3 2 Definition and policy 4 2.1 What is our ambition 4 2.2 Stakeholders 4 3 Delineation and scope 5 4 Ambitions
More informationData Governance Policy. Staff Only Students Only Staff and Students. Vice-Chancellor
Name of Policy Description of Policy Policy applies to Data Governance Policy To establish proper standards to assure the quality and integrity of University data. This policy also defines the roles and
More informationOfficial Journal of RS, No. 86/2006 of 11. 08. 2006 REGULATION
Official Journal of RS, No. 86/2006 of 11. 08. 2006 Pursuant to Articles 10, 23, 36, 40, 43, 47, 53, 54, 63, 71, 72, 73, 74, 88 and 91 of the Protection of Documents and Archives and Archival Institutions
More informationCORPORATE RECORDS MANAGEMENT POLICY
1.1 Introduction Derbyshire County Council is dependent on its records to operate efficiently and to account for its actions. This policy defines a structure for Derbyshire County Council to ensure that
More informationAR Part 1: An Introduction to Accounts Receivable
AR Part 1: An Introduction to Accounts Receivable Table of Contents 1. Overview... 3 2. Searching for a Customer... 4 3. Transactions... 6 4. Raising a sales invoice... 7 5. Completing a Transaction...
More informationOECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING NUMBER 10 GLP CONSENSUS DOCUMENT
GENERAL DISTRIBUTION OCDE/GD(95)115 OECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING NUMBER 10 GLP CONSENSUS DOCUMENT THE APPLICATION OF THE PRINCIPLES OF GLP TO COMPUTERISED
More informationUNOFFICIAL CONSOLIDATION AND TRANSLATION OF LAWS 128(I) OF 2009 AND 52(I) OF 2010 THE PAYMENT SERVICES LAWS OF 2009 TO 2010
UNOFFICIAL CONSOLIDATION AND TRANSLATION OF LAWS 128(I) OF 2009 AND 52(I) OF 2010 THE PAYMENT SERVICES LAWS OF 2009 TO 2010 This translation and consolidation of laws is not official. It has been prepared
More informationWorkshop agenda. Data Quality Metrics and IT Governance. Today s purpose. Icebreaker. Audience Contract. Today s Purpose
Workshop agenda Strategic Data Quality Management Data Quality Metrics and IT Governance Today s purpose data quality metrics Conclusion Presenter: Micheal Axelsen Director Information Systems Consulting
More informationTest Module4. Controls and Security Test Cases
Test Module4 Controls and Security Test Cases Author(s): imbus AG MoReq2 test development team Date: 15/04/2008 Version: 1.0 Status: Approved Customer: Serco Consulting imbus AG v1.0 April 2008 Page 1
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationREGULATIONS FOR THE USE OF CORPORATE ELECTRONIC MAIL SYSTEM BY STAFF OF THE STATE UNIVERSITY HIGHER SCHOOL OF ECONOMICS. 1. General Provisions
T r a n s l a t e d i n H S E E x p e r t T r a n s l a t i o n C e n t r e 1 APPROVED by Directive No. 31.1-04/771 of the State University Higher School of Economics dated October 22, 2010 REGULATIONS
More informationPractical Overview on responsibilities of Data Protection Officers. Security measures
Practical Overview on responsibilities of Data Protection Officers Security measures Manuel Villaseca Spanish Data Protection Agency mvl@agpd.es Security measures Agenda: The rol of DPO on security measures
More informationOperational Risk Publication Date: May 2015. 1. Operational Risk... 3
OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...
More informationAppendix 11 - Swiss Data Protection Act
GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the
More informationPrinciples of data access and auditing of digital documents (GDPdU) (BMF notice of 16 th July IV D 2 S 0316 136/01 -)
Principles of data access and auditing of digital documents (GDPdU) (BMF notice of 16 th July IV D 2 S 0316 136/01 -) With reference to the results of discussions with the senior financial authorities
More informationESKIDMS3 Database management software
Overview This is the ability to use a software application designed to store and retrieve data needed for a variety of business functions. It also includes an understanding of the features and facilities
More informationGETIN NOBLE BANK S.A. LONG-FORM AUDITORS REPORT ON THE FINANCIAL STATEMENTS FOR THE YEAR ENDED 31 DECEMBER 2010
LONG-FORM AUDITORS REPORT ON THE FINANCIAL STATEMENTS FOR THE YEAR ENDED 31 DECEMBER 2010 I. GENERAL NOTES 1. Background Getin Noble Bank S.A. (hereinafter the Bank ), until 4 January 2010 operating under
More informationPrivacy and Data Protection Impact Assessment Framework for RFID Applications. 12 January 2011
Privacy and Data Protection Impact Assessment Framework for RFID Applications 12 January 2011 1 INDEX 1. Introduction...3 1.1. Key Concepts...4 1.2. Internal Procedures...5 2. The PIA Process...6 2.1.
More informationComhairle nan Eilean Siar Internal Audit Review DISASTER RECOVERY ARRANGEMENTS Information Technology. Final Report 2014/15-06
Comhairle nan Eilean Siar Internal Audit Review Information Technology Final Report 2014/15-06 3 rd November 2014 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1-6 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS
More informationRECORDS MANAGEMENT POLICY
Reference number RM001 Approved by Information Management and Technology Board Date approved 23 rd November 2012 Version 1.1 Last revised July 2013 Review date May 2015 Category Records Management Owner
More informationSage 200 Business Intelligence Cubes and Reports
Sage 200 Business Intelligence Cubes and Reports Sage (UK) Limited Copyright Statement Sage (UK) Limited, 2014. All rights reserved If this documentation includes advice or information relating to any
More informationOffice of the State Controller. Self-Assessment of Internal Controls. Computer Security Cycle. Objectives and Risks
Office of the State Controller Self-Assessment of Internal Controls Computer Security Cycle Objectives and Risks Agency Year-End Objectives Risks Definition and communication of organizational structure,
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More informationSOLUTION: AUDIT AND INTERNAL REVIEW, MAY 2014
SOLUTION 1(a) (a) The Auditing guideline points out that the amount or quantity of audit evidence required for the auditor to achieve the level of assurance is a matter of professional judgment. The factors
More informationUSER-MANAGED FILE SERVER BACKUP:
USER-MANAGED FILE SERVER BACKUP: An ineffective solution to Business Data Protection WHITE PAPER www.cibecs.com 2 EXECUTIVE SUMMARY In their latest report on endpoint user data backup (ID #: G00211731),
More informationInternal Audit FINAL INTERNAL AUDIT REPORT. Management Initiated Review of Child Support Master Program Payments
Australian Government Department of Human Services Internal Audit FINAL INTERNAL AUDIT REPORT Management Initiated Review of Child Support Master Program Payments Report Number Conducted May - June 2012
More informationRESERVE BANK OF MALAWI GUIDELINES FOR MOBILE PAYMENT SYSTEMS
RESERVE BANK OF MALAWI GUIDELINES FOR MOBILE PAYMENT SYSTEMS March 2011 2 Table of Contents ACRONYMS... 4 DEFINITIONS... 5 1.0 Introduction... 6 2.0 Mandate... 6 3.0 Objective... 6 4.0 Scope... 6 5.0 Application
More informationDocument Number: SOP/RAD/SEHSCT/007 Page 1 of 17 Version 2.0
Standard Operating Procedures (SOPs) Research and Development Office Title of SOP: Computerised Systems for Clinical Trials SOP Number: 7 Version Number: 2.0 Supercedes: 1.0 Effective date: August 2013
More informationAny business activity, be it manufacturing, servicing or trading, involves
chp-12.qxd 10/18/05 12:45 PM Page 119 CHAPTER 12 Bookkeeping and Accounting and Financial Statements Any business activity, be it manufacturing, servicing or trading, involves monetary transactions. At
More informationACCOUNTING POLICIES AND PROCEDURES
Unit: Subject: Sarbanes-Oxley Act Review - Financial Reporting Title: Risk & Control Identification Year end: ACCOUNTING POLICIES AND PROCEDURES Management should define and communicate accounting principles.
More informationPolish Financial Supervision Authority. Guidelines
Polish Financial Supervision Authority Guidelines on the Management of Information Technology and ICT Environment Security for Insurance and Reinsurance Undertakings Warsaw, 16 December 2014 Table of Contents
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationAuditing Standard ASA 600 Special Considerations Audits of a Group Financial Report (Including the Work of Component Auditors)
ASA 600 (October 2009) Auditing Standard ASA 600 Special Considerations Audits of a Group Financial Report (Including the Work of Component Auditors) Issued by the Auditing and Assurance Standards Board
More informationSage 200 v5.10 What s New At a Glance
Introducing Sage 200 v5.10 Sage 200 v5.10 What s New At a Glance Sage 200 v5.10 sees the release of a number of new features including support for Microsoft Vista (Business and Ultimate Edition) and Microsoft
More informationEnterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions.
Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH White Paper February 2010 www.alvandsolutions.com Overview Today s increasing security threats and regulatory
More informationHead of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2
Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications
More informationSTATEMENT OF AUDITING STANDARDS 300 AUDIT RISK ASSESSMENTS AND ACCOUNTING AND INTERNAL CONTROL SYSTEMS
STATEMENT OF AUDITING STANDARDS 300 AUDIT RISK ASSESSMENTS AND ACCOUNTING AND INTERNAL CONTROL SYSTEMS (Issued January 1997; revised January 2004) SAS 300 (revised January 04) Contents Paragraphs Introduction
More informationCMVM Regulation No. 4/2013 Corporate Governance
CMVM Regulation No. 4/2013 Corporate Governance The Portuguese corporate governance framework is at present predominantly structured according to a model based on the CMVM regulation imposing on issuers
More informationMHRA GMP Data Integrity Definitions and Guidance for Industry January 2015
MHRA GMP Data Integrity Definitions and Guidance for Industry Introduction: Data integrity is fundamental in a pharmaceutical quality system which ensures that medicines are of the required quality. This
More informationInformation and records management. Purpose. Scope. Policy
Information and records management NZQA Quality Management System Policy Purpose The purpose of this policy is to establish a framework for the management of corporate information and records within NZQA.
More informationTransition Guidelines: Managing legacy data and information. November 2013 v.1.0
Transition Guidelines: Managing legacy data and information November 2013 v.1.0 Document Control Document history Date Version No. Description Author October 2013 November 2013 0.1 Draft Department of
More informationStrengthening the MIS in Social Protection Programs: A Toolkit. Maria Arribas, LCR Cesar Baldeon, ISG May 17, 2007
Strengthening the MIS in Social Protection Programs: A Toolkit Maria Arribas, LCR Cesar Baldeon, ISG May 17, 2007 Purpose, Audience, Methodology A Mitigation tool for Control and Accountability Risks &
More informationRequirements for Clearing & Settlement Systems
Requirements for Clearing & Settlement Systems Jan Woltjer De Nederlandsche Bank Why is the infrastructure for Clearing, settlement and custody so important? Europe ==> Key to integration of the financial
More informationIMPLEMENTATION FRAMEWORK
IMPLEMENTATION FRAMEWORK Credit unions not members of a federation, trust companies and savings companies wishing to adopt a standardized approach for calculating operational risk capital charges January
More informationIMAP Independent Review Guidelines
IMAP Independent Review Guidelines Version 1: August 2011 Introduction Under the Solvency Assessment and Management (SAM) regime, insurers may calculate their Solvency Capital Requirement (SCR) using a
More informationMHRA GMP Data Integrity Definitions and Guidance for Industry March 2015
MHRA GMP Data Integrity Definitions and Guidance for Industry Introduction: Data integrity is fundamental in a pharmaceutical quality system which ensures that medicines are of the required quality. This
More informationBrainloop Cloud Security
Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating
More informationDraft Copy. Change Management. Release Date: March 18, 2012. Prepared by: Thomas Bronack
Draft Copy Change Management Release Date: March 18, 2012 Prepared by: Thomas Bronack Section Table of Contents 10. CHANGE MANAGEMENT... 5 10.1. INTRODUCTION TO CHANGE MANAGEMENT... 5 10.1.1. PURPOSE OF
More informationUniversity of Aberdeen Information Security Policy
University of Aberdeen Information Security Policy Contents Introduction to Information Security... 1 How can information be protected?... 1 1. Information Security Policy... 3 Subsidiary Policy details:...
More informationitg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.
Web Filtering Email Filtering Mail Archiving Cloud Backup Disaster Recovery Virtual Machines Private Cloud itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your
More informationInformation security controls. Briefing for clients on Experian information security controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
More informationDelivering e-procurement Local e-gov National e-procurement Project Overarching Guide to e-procurement for Schools
1. Introduction Background The National e-procurement Project (NePP) and Centre for Procurement Performance (CPP) are working to support and enable schools to meet their e- Government targets and to gain
More informationERMS Solution BUILT ON SHAREPOINT 2013
ERMS Solution BUILT ON SHAREPOINT 2013 Purpose of the Presentation Present a comprehensive proprietary Electronic Records Management System (ERMS) Communication Progress is developing on SharePoint 2013,
More informationRecords Management Policy.doc
INDEX Pages 1. DESCRIPTORS... 1 2. KEY ROLE PLAYERS... 1 3. CORE FUNCTIONS OF THE RECORDS MANAGER... 1 4. CORE FUNCTIONS OF THE HEAD OF REGISTRIES... 1 5. PURPOSE... 2 6. OBJECTIVES... 2 7. POLICY... 2
More informationCorporate Records Management Policy
Corporate Records Management Policy Introduction Part 1 Records Management Policy Statement. February 2011 Part 2 Records Management Strategy. February 2011 Norfolk County Council Information Management
More informationData Security Policy
Policy Number: Revision Number: 0 QP1.44 Date of issue: March 2009 Status: Approved Date of approval: April 2009 Responsibility for policy: Responsibility for implementation: Responsibility for review:
More informationInvitation to Quote (ITQ) for STREET WORKS IT SOLUTION
Easthampstead House, Town Square, Bracknell, Berkshire RG12 1AQ Tel: (01344) 352000 Invitation to Quote (ITQ) for STREET WORKS IT SOLUTION xxx COMPLETED BY ORGANISATION [Supplier to complete] NAME DATE
More informationSpillemyndigheden s Certification Programme Information Security Management System
SCP.03.00.EN.1.0 Table of contents Table of contents... 2 1 Introduction... 3 1.1 Spillemyndigheden s certification programme... 3 1.2 Objectives of the... 3 1.3 Scope of this document... 4 1.4 Definitions...
More informationUnderstanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
Understanding the Entity and Its Environment 1667 AU Section 314 Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Supersedes SAS No. 55.) Source: SAS No. 109.
More informationICAEW Accredited Products Scheme. [Fixed Asset Evaluation] [Company Name] [Product Name Version number] [Company /Product logo]
ICAEW Accredited Products Scheme [Fixed Asset Evaluation] [Company Name] [Product Name Version number] [Company /Product logo] Evaluation carried out by: [Name of Evaluator] Date completed: Signed: FA_
More informationWHITE PAPER HOW TO REDUCE RISK, ERROR, COMPLEXITY AND DRIVE COSTS IN THE ACCOUNTS PAYABLE PROCESS
WHITE PAPER HOW TO REDUCE RISK, ERROR, COMPLEXITY AND DRIVE COSTS IN THE ACCOUNTS PAYABLE PROCESS Based on a benchmark study of 250 companies with a total of more than 900 billion euro in Accounts Payable
More information