Suche aufrufen
Menü aufrufen
47
1.3K
10
34.8K
HITGuard User Guide
Toggle preferences menu
Persönliches Menü aufrufen
Nicht angemeldet
Ihre IP-Adresse wird öffentlich sichtbar sein, wenn Sie Änderungen vornehmen.

OrgEh - Organisationseinheiten/en: Unterschied zwischen den Versionen

Aus HITGuard User Guide
Weitere Optionen
← Zum vorherigen Versionsunterschied
VisuellWikitext
Sala (Diskussion | Beiträge)
Administratoren, translater, tsuser
2.579 Bearbeitungen
Die Seite wurde neu angelegt: „<span id="org_unit"></span>. A company consists of organizational units that participate in the individual processing procedures. These in turn take place in o…“
Isan (Diskussion | Beiträge)
Administratoren, translater, tsuser
10.680 Bearbeitungen
Keine Bearbeitungszusammenfassung
 
(143 dazwischenliegende Versionen von 4 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:


<span id="org_unit"></span>.
<span id="org_unit"></span>
A company consists of organizational units that participate in the individual processing procedures. These in turn take place in one to several organizational units. The creation and processing of data takes place in these organizational units during the individual process steps predominantly IT-supported and with the use of IT systems.<br>
A company consists of organizational units that participate in the individual processing procedures. These, in turn, take place in one or several organizational units. The creation and processing of data taking place in these organizational units during the individual process steps is predominantly IT-supported and with the use of IT systems. The more vital the organizational unit, the greater the potential damage, and the greater the requirements for availability, confidentiality and integrity of the data or systems.
The more critical the organizational unit, the greater the potential damage, and the greater the requirements for availability, confidentiality and integrity of the data or systems.


Der Aufbau einer OrgEh sollte hierarchisch sein.
The structure of the organizational units should be hierarchical.


[[Datei:Organisationsstruktur.PNG|left|thumb|900px|Darstellung aus der Strukturanalyse vom Risikomanagement]]<br clear=all>
<b>Important:</b> To be able to use OrgUnits in a management system, they need to be activated for the active analysis period! When a new OrgUnit is created, it is automatically assigned to all active (current) analysis periods and thereby activated, if the OrgUnit has been subordinated to another one and this superordinate OrgUnit is already activated in the respective management system. If there is no parent OrgUnit, the newly created OrgUnit will not be automatically activated in all management systems. This needs to then be done manually. For more information, see [[Special:MyLanguage/Managementsysteme#analyses_historie|"Administration → Management System → Analysis Periods"]].


== <span id="orgcre"></span>Organisationseinheit erstellen / bearbeiten / löschen==
[[Datei:Organisationsstruktur.PNG|left|thumb|900px|Display from structural analysis from risk management]]<br clear=all>


Organisationseinheiten können von Administratoren und Experten über "Administration -> OrgEhs" angelegt oder bearbeitet werden.
<span id="Organisationseinheit_erstellen/bearbeiten/löschen"></span>
== <span id="orgcre"></span>Create/edit/delete organizational unit==


[[Datei:Organisationsstruktur Maske.png|left|thumb|900px|Maske der Organisationsstrukturen]]<br clear=all>
OrgUnits can be created or edited by administrators and experts via "Administration → OrgUnits".


Um eine neue Organisationseinheit anzulegen, klicken Sie auf den Button "Plus".
[[Datei:Organisationsstruktur Maske.png|left|thumb|901px|Organizational structures mask]]<br clear=all>


Um eine bestehende Organisationseinheit zu bearbeiten, klicken Sie doppelt auf die entsprechende Organisationseinheit.
To create a new OrgUnit, click the "Plus" button.


[[Datei:OrgEH bearbeiten.PNG|left|thumb|900px|Maske zum Bearbeiten / Erstellen einer Organisationseinheit]]<br clear=all>
To edit an existing OrgUnit, double-click into the corresponding OrgUnit's row.


<b>Abkürzung und Bezeichnung:</b><br>
[[Datei:OrgEH bearbeiten.PNG|left|thumb|901px|Create/edit organizational unit]]<br clear=all>
* Bei der Abkürzung tragen Sie ein wie die OrgEh abgekürzt werden soll.
* Bei der Bezeichnung tragen Sie die Bezeichnung der OrgEh ein.


<b>Sortierreihenfolge:</b><br>
<b>Code and name:</b><br>
* Diese legt fest wie die OrgEh in linearen Listen (z.B. in einem Bericht) aufgelistet werden.
* For the code, enter how the OrgUnit should be abbreviated.
* For the name, enter the name of the OrgUnit.


<b>Typ:</b><br>
<b>Sort order:</b> This defines how the OrgUnits are listed in linear lists (e.g. in a report).
* Hier legen Sie fest, um welche Art von Organisationseinheit es sich handelt.
:- Konzern
:- Gesellschaft
:- Abteilung
:- Entity


<b>Übergeordnete OrgEh:</b><br>
<b>Superordinate OrgUn:</b> Here, you state how the OrgUnit fits into the hierarchy. For example, which company a department belongs to.
* Hier tragen Sie ein zu welcher GmbH eine Abteilung gehört.


<b>Verantwortlich:</b><br>
<b>Type:</b> Here, you specify what type of organizational unit it is: Group, Company, Department, Entity, Branch
* Die hier eingetragene Personen ist für die OrgEh verantwortlich. Es ist beispielsweise der Leiter einer Abteilung.


<b>Beschreibung:</b><br>
<b>Division:</b> Here, you define in which divisions the OrgUnit is active.
* Hier sollten Sie die OrgEh beschreiben.


<b>Aktiv von / bis</b><br>
<b>Responsible:</b> The person entered here is responsible for the OrgUnit. For example, a department head.
* Hier können Sie eintragen wie lange eine OrgEh in HITGuard aktiv sein soll.


<b>Anschrift:</b><br>
<b>Description:</b> Here, you describe the OrgUnit.
* Hier können Sie die Anschrift der OrgEh eintragen.


'''Gefährdungslagen:'''
<b>Closed:</b> If an OrgUnit is closed, it will only be displayed on this page. It can no longer be selected for new audits, reviews, processing activities and so on. Deactivating it has no effect on current assignments. Merely for reports, the OrgUnit can still be selected.
: Hier werden alle Gefährdungslagen der Organisationseinheit gelistet. Es ist nicht möglich hier Gefährdungslagen zuzuweisen. Mehr zu Gefährdungslagen finden Sie [[Special:MyLanguage/Risikobewertung|hier]].  


'''OrgEh löschen:'''
<b>Active from/to</b> Here you define the time period in which the OrgUnit should be active in HITGuard. If the OrgUnit is no longer active, but not closed, it can still be selected anywhere, but is displayed in italics to signal that it is inactive.
* Zum Löschen klicken Sie in der Bearbeitungs-Maske auf den roten Mülleimer.
* Um eine OrgEh löschen zu können, müssen zuvor alle zugeordneten Maßnahmen, Kontrolldefinitionen und Verarbeitungs-Meldungen gelöscht werden


==== Datenschutzmanagementsystem ====
<b>ID in third-party systems:</b> This field is used to synchronize an OrgUnit with a third-party system. Synchronization requires a data import, in which the same ID is set.


Handelt es sich beim aktiven Managementsystem um das Datenschutzmanagementsystem, besteht zusätzlich die Möglichkeit die Kontaktdaten des Datenschutzbeauftragten der Organisationseinheit zu erfassen. Diese werden für die Auswertung im Datenschutzmanagement benötigt.  
'''Risks:''' All risks of the OrgUnit are listed here. It is not possible to assign risks here. More about risks can be found [[Special:MyLanguage/Risk Assessment|here]].  


Wird bei Auswertungen für eine Organisationseinheit kein Datenschutzbeauftragter gefunden, so wird der Beauftragte der übergeordneten Organisationseinheit herangezogen. Das heißt: Gibt es nur einen Beauftragten in der Organisationsstruktur, so muss dieser nur in der obersten Organisationseinheit eingetragen werden.
<b>Address:</b> Here, you enter the address of the OrgUnit and tick whether the organizational unit is outside of the EU.


[[Datei:Datenschutzbeauftragter.PNG|thumb|left|900px|Datenschutzbeauftragter]]<br clear=all>
'''Delete OrgUnit:''' To delete an OrgUnit, click on the red trash can in the edit screen. In order for an OrgUnit to be deletable, nothing can be linked to it. This means that, for example, all assigned measures, control definitions and processing messages have to be linked to a different OrgUnit or be themselves deleted. The OrgUnit must also not be linked to any active or closed analysis period.


=== Abweichungen / Maßnahmen / Kontrollen ===
<span id="Datenschutzmanagementsystem"></span>
==== Data protection management system ====


Das Verhalten ist gleich wie bei den Ressourcen. Mehr dazu [[Special:MyLanguage/Ressourcen#entity_mc|hier]].
If the active management system is the data protection management system, it is possible to record appropriate safeguards (underneath the address) as well as the contact data of the data protection officer of the OrgUnit. These are required for evaluation in data protection management.
 
If no data protection officer is found during evaluations for an OrgUnit, the officer of the higher-level OrgUnit is used. This means that if there is only one officer in the organizational structure, this officer's information only needs to be entered in the top-level OrgUnit.
 
[[Datei:Datenschutzbeauftragter.PNG|thumb|left|900px|Data Protection Officer]]<br clear=all>
 
<span id="Abweichungen/Maßnahmen/Kontrollen"></span>
=== Deviations/measures/controls ===
 
The behavior is the same as for resources. More about this [[Special:MyLanguage/Resources#entity_mc|here]].
 
<span id="Auditinformation"></span>
=== Audit information ===
 
In the tab "Audit information", you record additional information relevant in the context of audits.
 
* Number of employees: The number of employees can be recorded here.
* Local Management Representative: This is the audit coordinator and contact person that should be defined for every OrgUnit of the type company.
* "Proposal to audit this OrgUnit in each audit program": These OrgUnits are proposed when the corresponding filtering checkmark is set when planning in the audit calendar or in the audit creation form.
* Certifications: Here, any standards (from standards and norms) in which the organizational unit is certified can be selected and assigned. A reg. no. and a location number can then be entered for each of these standards.
 
[[Datei:OrgEh Auditinformationen.png|left|thumb|901px| Audit information ]]
<br clear=all>
 
<span id="Sparten"></span>
== Divisions ==
 
OrgUnits can be assigned several divisions, depending on their field of activity.
 
Under "Administration → Edit organizational units | <u>Divisions</u>", these divisions can be managed.
 
[[Datei:OrgEh Sparten.png|left|thumb|900px| Divisions]]
<br clear=all>
 
<span id="Sparte_erstellen/bearbeiten"></span>
=== Create/edit division ===
 
A new division can be created by clicking the "Plus" button.
 
By double-clicking on a division, it can be edited.
 
[[Datei:OrgEh Sparte bearbeiten.png|left|thumb|900px| Edit division]]
<br clear=all>
 
<span id="Themenverantwortung"></span>
== Topic responsibility<span class="anchor" id="ThemVer"></span> ==
 
Topic responsibilities are used for the bulk creation of measures in the context of dossiers in the case management. In them, you can designate responsibilities for certain topics by organizational units.
 
<span id="Themenverantwortungen_aktivieren"></span>
===Activate topic responsibilities===
 
To be able to use topic responsibilities, the checkbox "Topic responsibilities" must first be selected under "Measures → Settings → General". This displays the tab under "Administration → OrgUnits".
 
[[Datei:TV_Breadcrumb.png|left|thumb|900px|Topic responsibility]]
<br clear=all>
 
<span id="Themenverantwortung_erstellen/bearbeiten"></span>
===Create/edit topic responsibility===
 
A new topic responsibility can be created by clicking the "Plus" button.
 
By double-clicking on a topic responsibility, it can be edited.
 
[[Datei:TV_ITIncident.png|left|thumb|900px|Edit topic responsibility]]
<br clear=all>
 
For the topic responsibility, select the desired organizational units for the respective topic.
 
::<u>Note</u>: OrgUnits that are activated in the current analysis period are available for selection; the others are not selectable.
 
A responsible person or a responsible team must be entered for every selected organizational unit. They will received the measures for implementation when those are created in bulk.
 
For each selected organizational unit, the responsible person (from Administration → OrgUnits → Organizational units) is pre-filled. If no responsible person is defined there, this field is empty. If no OU-responsible is available, a topic responsible <b>must</b> be entered so the organizational unit can be selected.
 
If an OU-responsible is pre-filled, the responsible person for the specific topic can be replaced manually by another user or a team (manually set topic responsibles are displayed as bold).
 
::<u>Note</u>: This does not change the responsible in the organizational unit itself. A change within "Administration → OrgUnits → Organizational units" also does not overwrite the topic responsibles set manually here.
 
<span id="Themenverantwortung_verwenden"></span>
===Use topic responsibility===
 
Topic responsibilities are used for the [[Special:MyLanguage/Akten#Mehrfachanlage_von_Maßnahmen|bulk creation of measures]] in dossiers.

Aktuelle Version vom 5. August 2024, 11:54 Uhr

A company consists of organizational units that participate in the individual processing procedures. These, in turn, take place in one or several organizational units. The creation and processing of data taking place in these organizational units during the individual process steps is predominantly IT-supported and with the use of IT systems. The more vital the organizational unit, the greater the potential damage, and the greater the requirements for availability, confidentiality and integrity of the data or systems.

The structure of the organizational units should be hierarchical.

Important: To be able to use OrgUnits in a management system, they need to be activated for the active analysis period! When a new OrgUnit is created, it is automatically assigned to all active (current) analysis periods and thereby activated, if the OrgUnit has been subordinated to another one and this superordinate OrgUnit is already activated in the respective management system. If there is no parent OrgUnit, the newly created OrgUnit will not be automatically activated in all management systems. This needs to then be done manually. For more information, see "Administration → Management System → Analysis Periods".

Display from structural analysis from risk management


Create/edit/delete organizational unit

OrgUnits can be created or edited by administrators and experts via "Administration → OrgUnits".

Organizational structures mask


To create a new OrgUnit, click the "Plus" button.

To edit an existing OrgUnit, double-click into the corresponding OrgUnit's row.

Create/edit organizational unit


Code and name:

  • For the code, enter how the OrgUnit should be abbreviated.
  • For the name, enter the name of the OrgUnit.

Sort order: This defines how the OrgUnits are listed in linear lists (e.g. in a report).

Superordinate OrgUn: Here, you state how the OrgUnit fits into the hierarchy. For example, which company a department belongs to.

Type: Here, you specify what type of organizational unit it is: Group, Company, Department, Entity, Branch

Division: Here, you define in which divisions the OrgUnit is active.

Responsible: The person entered here is responsible for the OrgUnit. For example, a department head.

Description: Here, you describe the OrgUnit.

Closed: If an OrgUnit is closed, it will only be displayed on this page. It can no longer be selected for new audits, reviews, processing activities and so on. Deactivating it has no effect on current assignments. Merely for reports, the OrgUnit can still be selected.

Active from/to Here you define the time period in which the OrgUnit should be active in HITGuard. If the OrgUnit is no longer active, but not closed, it can still be selected anywhere, but is displayed in italics to signal that it is inactive.

ID in third-party systems: This field is used to synchronize an OrgUnit with a third-party system. Synchronization requires a data import, in which the same ID is set.

Risks: All risks of the OrgUnit are listed here. It is not possible to assign risks here. More about risks can be found here.

Address: Here, you enter the address of the OrgUnit and tick whether the organizational unit is outside of the EU.

Delete OrgUnit: To delete an OrgUnit, click on the red trash can in the edit screen. In order for an OrgUnit to be deletable, nothing can be linked to it. This means that, for example, all assigned measures, control definitions and processing messages have to be linked to a different OrgUnit or be themselves deleted. The OrgUnit must also not be linked to any active or closed analysis period.

Data protection management system

If the active management system is the data protection management system, it is possible to record appropriate safeguards (underneath the address) as well as the contact data of the data protection officer of the OrgUnit. These are required for evaluation in data protection management.

If no data protection officer is found during evaluations for an OrgUnit, the officer of the higher-level OrgUnit is used. This means that if there is only one officer in the organizational structure, this officer's information only needs to be entered in the top-level OrgUnit.

Data Protection Officer


Deviations/measures/controls

The behavior is the same as for resources. More about this here.

Audit information

In the tab "Audit information", you record additional information relevant in the context of audits.

  • Number of employees: The number of employees can be recorded here.
  • Local Management Representative: This is the audit coordinator and contact person that should be defined for every OrgUnit of the type company.
  • "Proposal to audit this OrgUnit in each audit program": These OrgUnits are proposed when the corresponding filtering checkmark is set when planning in the audit calendar or in the audit creation form.
  • Certifications: Here, any standards (from standards and norms) in which the organizational unit is certified can be selected and assigned. A reg. no. and a location number can then be entered for each of these standards.
Audit information


Divisions

OrgUnits can be assigned several divisions, depending on their field of activity.

Under "Administration → Edit organizational units | Divisions", these divisions can be managed.

Divisions


Create/edit division

A new division can be created by clicking the "Plus" button.

By double-clicking on a division, it can be edited.

Edit division


Topic responsibility

Topic responsibilities are used for the bulk creation of measures in the context of dossiers in the case management. In them, you can designate responsibilities for certain topics by organizational units.

Activate topic responsibilities

To be able to use topic responsibilities, the checkbox "Topic responsibilities" must first be selected under "Measures → Settings → General". This displays the tab under "Administration → OrgUnits".

Topic responsibility


Create/edit topic responsibility

A new topic responsibility can be created by clicking the "Plus" button.

By double-clicking on a topic responsibility, it can be edited.

Edit topic responsibility


For the topic responsibility, select the desired organizational units for the respective topic.

Note: OrgUnits that are activated in the current analysis period are available for selection; the others are not selectable.

A responsible person or a responsible team must be entered for every selected organizational unit. They will received the measures for implementation when those are created in bulk.

For each selected organizational unit, the responsible person (from Administration → OrgUnits → Organizational units) is pre-filled. If no responsible person is defined there, this field is empty. If no OU-responsible is available, a topic responsible must be entered so the organizational unit can be selected.

If an OU-responsible is pre-filled, the responsible person for the specific topic can be replaced manually by another user or a team (manually set topic responsibles are displayed as bold).

Note: This does not change the responsible in the organizational unit itself. A change within "Administration → OrgUnits → Organizational units" also does not overwrite the topic responsibles set manually here.

Use topic responsibility

Topic responsibilities are used for the bulk creation of measures in dossiers.

Abgerufen von „https://userguide.hitguard.de/index.php?title=OrgEh_-_Organisationseinheiten/en&oldid=31808
Zuletzt geändert
Diese Seite wurde zuletzt am 5. August 2024 um 11:54 Uhr bearbeitet.