Glossar/en: Unterschied zwischen den Versionen
Weitere Optionen
Isan (Diskussion | Beiträge) Die Seite wurde neu angelegt: „====Compliance manager==== The compliance manager is a user role in HITGuard. For more on user roles, see "Administration → Users / User Roles".“ Markierungen: mobile web edit mobile edit |
Isan (Diskussion | Beiträge) Die Seite wurde neu angelegt: „====Clarification needed==== In the course of a review, there can be an uncertainty regarding the answer to a review question. Sometimes further queries arise for them that can’t be answered right away. These review questions can be marked with “Clarification needed”. They are then listed in the overview under Risk management → Vulnerabilities → Clarification needed and can be worked through uncomplicatedly.<p>More on the Clarificatio needed tag…“ Markierungen: mobile web edit mobile edit |
||
Zeile 22: | Zeile 22: | ||
==== Observer ==== | ==== Observer ==== | ||
Observers are a user role in HITGuard.<p>For more on user roles, see [[Special:MyLanguage/Benutzer_und_Benutzerrollen#Benutzerrollen_in_HITGuard|Administration → Users/User | Observers are a user role in HITGuard.<p>For more on user roles, see [[Special:MyLanguage/Benutzer_und_Benutzerrollen#Benutzerrollen_in_HITGuard|Administration → Users/User roles]]. | ||
====Compliance manager==== | ====Compliance manager==== | ||
Compliance managers are a user role in HITGuard.<p>For more on user roles, see [[Special:MyLanguage/Benutzer_und_Benutzerrollen#Benutzerrollen_in_HITGuard| Administration → Users/User | Compliance managers are a user role in HITGuard.<p>For more on user roles, see [[Special:MyLanguage/Benutzer_und_Benutzerrollen#Benutzerrollen_in_HITGuard| Administration → Users/User roles]]. | ||
==== DPIA ==== | ==== DPIA ==== | ||
DPIA stands for data protection impact assessment (DSFA in German). According to the GDPR, a documented decision must be made for each processing activity (PA) as to whether a data protection impact assessment (DPIA) is to be carried out. This is done in the course of a so-called DPIA requirement assessment. This DPIA and DPIA requirement check can be performed in HITGuard under [[Special:MyLanguage/Datenschutz-Folgenabschätzung| Data | DPIA stands for data protection impact assessment (DSFA in German). According to the GDPR, a documented decision must be made for each processing activity (PA) as to whether a data protection impact assessment (DPIA) is to be carried out. This is done in the course of a so-called DPIA requirement assessment. This DPIA and DPIA requirement check can be performed in HITGuard under [[Special:MyLanguage/Datenschutz-Folgenabschätzung| Data protection → DPIA]]. | ||
==== Experts ==== | ==== Experts ==== | ||
Experts are a user role in HITGuard.<p>For more on user roles, see [[Special:MyLanguage/Benutzer_und_Benutzerrollen#Benutzerrollen_in_HITGuard| Administration → Users/User | Experts are a user role in HITGuard.<p>For more on user roles, see [[Special:MyLanguage/Benutzer_und_Benutzerrollen#Benutzerrollen_in_HITGuard| Administration → Users/User roles]]. | ||
==== ID in third party system ==== | ==== ID in third party system ==== | ||
In HITGuard, it is possible to import existing data, e.g. hazard situations or organizational units, from other sources (e.g. SAP). The ID makes it possible to keep data consistent across applications. If an import is performed and the ID of the import data set matches an existing ID, then a new data set is not imported, but the existing data set is updated with the import data set. | In HITGuard, it is possible to import existing data, e.g. hazard situations or organizational units, from other sources (e.g. SAP). The ID makes it possible to keep data consistent across applications. If an import is performed and the ID of the import data set matches an existing ID, then a new data set is not imported, but the existing data set is updated with the import data set. | ||
Example: You use SAP to manage organizational units and import them monthly to HITGuard to bring all changes from SAP into HITGuard.<p>For more information, see [[Special:MyLanguage/Datenimport| Data import]]. | <u>Example</u>: You use SAP to manage organizational units and import them monthly to HITGuard to bring all changes from SAP into HITGuard.<p>For more information, see [[Special:MyLanguage/Datenimport| Data import]]. | ||
==== KPI ==== | ==== KPI ==== | ||
Zeile 43: | Zeile 43: | ||
</div> | </div> | ||
==== LDAP ==== | ==== LDAP ==== | ||
LDAP or Lightweight Directory Access Protocol is a network protocol standard that can be used in HITGuard to authenticate users. This allows users to log in using the credentials from your Authentication Provider. For more information about this, see [[Special:MyLanguage/Login_Möglichkeiten|Login | LDAP or Lightweight Directory Access Protocol is a network protocol standard that can be used in HITGuard to authenticate users. This allows users to log in using the credentials from your Authentication Provider.<p>For more information about this, see [[Special:MyLanguage/Login_Möglichkeiten|Login options]] and [[Special:MyLanguage/Globale_Einstellungen#Lightweight_Directory_Access_Protocol_.28LDAP.29| Global settings]]. | ||
==== OrgUnit ==== | ==== OrgUnit ==== | ||
OrgUnit or organizational units map the structure of a company. A company usually consists of several organizational units that participate in the individual processing steps, which in turn take place in one or more organizational units. The creation and processing of data in these organizational units during the individual process steps is predominantly IT-supported using IT systems. In HITGuard, the process steps occurring in the OrgUnit as well as the data and resources used in the process can be mapped with the [[Special:MyLanguage/Strukturanalyse| | OrgUnit or organizational units map the structure of a company. A company usually consists of several organizational units that participate in the individual processing steps, which in turn take place in one or more organizational units. The creation and processing of data in these organizational units during the individual process steps is predominantly IT-supported using IT systems. In HITGuard, the process steps occurring in the OrgUnit as well as the data and resources used in the process can be mapped with the [[Special:MyLanguage/Strukturanalyse| Structural analysis]]. | ||
==== Practitioners==== | ==== Practitioners==== | ||
Practitioner is a user role in HITGuard. For more on user roles, see [[Special:MyLanguage/Benutzer_und_Benutzerrollen#Benutzerrollen_in_HITGuard| | Practitioner is a user role in HITGuard.<p>For more on user roles, see [[Special:MyLanguage/Benutzer_und_Benutzerrollen#Benutzerrollen_in_HITGuard| Administration → Users/User roles]]. | ||
==== Professionals ==== | ==== Professionals ==== | ||
Professionals is a user role in HITGuard. For more on user roles, see [[Special:MyLanguage/Benutzer_und_Benutzerrollen#Benutzerrollen_in_HITGuard| | Professionals is a user role in HITGuard. For more on user roles, see [[Special:MyLanguage/Benutzer_und_Benutzerrollen#Benutzerrollen_in_HITGuard| Administration → Users/User roles]]. | ||
====Prüfergebnis (PE)==== | ====Prüfergebnis (PE)==== | ||
Zeile 79: | Zeile 73: | ||
If a review, protection needs analysis or processing activity in HITGuard is of the Self Assessment type, then this means that this activity is to be carried out by the officer or interviewee, for example. The responsible party can then request a response to the activity from the case worker or interview partner. The clerk or interview partner answers this and returns it to the responsible person. The latter can then check and accept the response or request a new response. | If a review, protection needs analysis or processing activity in HITGuard is of the Self Assessment type, then this means that this activity is to be carried out by the officer or interviewee, for example. The responsible party can then request a response to the activity from the case worker or interview partner. The clerk or interview partner answers this and returns it to the responsible person. The latter can then check and accept the response or request a new response. | ||
==== TOMs ==== | ==== TOMs ==== | ||
TOMs are technical and organizational measures or controls used for handling personal data. | TOMs are technical and organizational measures or controls used for handling personal data. | ||
According to Art. 32 GDPR, data controllers and the processor are required to take appropriate technical and organizational measures (TOMs for short) to ensure a level of protection appropriate to the risk. The criteria that the TOM must meet, as well as some examples of appropriate measures, are described in Art. 32(1) of the GDPR. For more on the creation and use of TOMs in HITGuard, see [[Special:MyLanguage/TOMs| | According to Art. 32 GDPR, data controllers and the processor are required to take appropriate technical and organizational measures (TOMs for short) to ensure a level of protection appropriate to the risk. The criteria that the TOM must meet, as well as some examples of appropriate measures, are described in Art. 32(1) of the GDPR.<p>For more on the creation and use of TOMs in HITGuard, see [[Special:MyLanguage/TOMs|Data protection → TOMs]]. | ||
====Überprüfung==== | ====Überprüfung==== | ||
Zeile 97: | Zeile 89: | ||
Für die verschiedenen Elemente in HITGuard kann eine (oder mehrere) verantwortliche Person oder ein (oder mehrere) verantwortliches Team festgelegt werden. Bei Elementen der Stammdaten (z.B. Ressourcen oder Organisationseinheiten) ist der Verantwortliche rein informativ und aktuell nicht aktiv in Workflows involviert. Bei Elementen der verschiedenen Managementmodule ist der Verantwortliche auch in Workflows involviert. Beispielsweise implementiert er eine Maßnahme und meldet deren Fortschritt, überprüft Risiken und Verarbeitungstätigkeiten und sieht Überprüfungen unter Meine Aufgaben.<p>Die Rolle des Verantwortlichen für jedes Element ergibt sich aus dem Kontext bzw. kann auf der jeweiligen Seite in der Online Hilfe nachgeschlagen werden. | Für die verschiedenen Elemente in HITGuard kann eine (oder mehrere) verantwortliche Person oder ein (oder mehrere) verantwortliches Team festgelegt werden. Bei Elementen der Stammdaten (z.B. Ressourcen oder Organisationseinheiten) ist der Verantwortliche rein informativ und aktuell nicht aktiv in Workflows involviert. Bei Elementen der verschiedenen Managementmodule ist der Verantwortliche auch in Workflows involviert. Beispielsweise implementiert er eine Maßnahme und meldet deren Fortschritt, überprüft Risiken und Verarbeitungstätigkeiten und sieht Überprüfungen unter Meine Aufgaben.<p>Die Rolle des Verantwortlichen für jedes Element ergibt sich aus dem Kontext bzw. kann auf der jeweiligen Seite in der Online Hilfe nachgeschlagen werden. | ||
==== Processing activity/PA ==== | |||
=== | PA is the abbreviation for processing activity. A legal definition of the term can be found in Art. 4 of the GDPR, where the term "processing" is defined as follows: | ||
PA is the abbreviation for processing activity. | |||
A legal definition of the term can be found in Art. 4 of the GDPR, where the term "processing" is defined as follows: | |||
:* any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. This means that any operation or process which in any way processes personal data, whether the data is only stored or used for analysis, is a processing activity. | :* any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. This means that any operation or process which in any way processes personal data, whether the data is only stored or used for analysis, is a processing activity. | ||
====Wirksamkeitsprüfung==== | ====Wirksamkeitsprüfung==== |
Version vom 23. Oktober 2023, 13:30 Uhr
Glossary
Clarification needed
In the course of a review, there can be an uncertainty regarding the answer to a review question. Sometimes further queries arise for them that can’t be answered right away. These review questions can be marked with “Clarification needed”. They are then listed in the overview under Risk management → Vulnerabilities → Clarification needed and can be worked through uncomplicatedly.
More on the Clarificatio needed tag can be found under Vulnerabilities → Clarification needed.
Gap
A gap is the difference to the desired target score that's identified in a gap analysis or a review result. Generally, those are underfulfillments that are then shown as risks or clustered as such, and mitigated or eradicated with measures. Overfulfillments are also identified and can be useful in opportunities management.
Gap analysis
TBT
Dossier
TBT
Analysis period
TBT
Audit cluster
TBT
Observer
Observers are a user role in HITGuard.
For more on user roles, see Administration → Users/User roles.
Compliance manager
Compliance managers are a user role in HITGuard.
For more on user roles, see Administration → Users/User roles.
DPIA
DPIA stands for data protection impact assessment (DSFA in German). According to the GDPR, a documented decision must be made for each processing activity (PA) as to whether a data protection impact assessment (DPIA) is to be carried out. This is done in the course of a so-called DPIA requirement assessment. This DPIA and DPIA requirement check can be performed in HITGuard under Data protection → DPIA.
Experts
Experts are a user role in HITGuard.
For more on user roles, see Administration → Users/User roles.
ID in third party system
In HITGuard, it is possible to import existing data, e.g. hazard situations or organizational units, from other sources (e.g. SAP). The ID makes it possible to keep data consistent across applications. If an import is performed and the ID of the import data set matches an existing ID, then a new data set is not imported, but the existing data set is updated with the import data set.
Example: You use SAP to manage organizational units and import them monthly to HITGuard to bring all changes from SAP into HITGuard.
For more information, see Data import.
KPI
The term KPI stands for key performance indicator and is used in business administration to describe key figures that can be used to measure and/or determine progress or the degree of fulfillment with regard to important objectives or critical success factors within an organization.
LDAP
LDAP or Lightweight Directory Access Protocol is a network protocol standard that can be used in HITGuard to authenticate users. This allows users to log in using the credentials from your Authentication Provider.
For more information about this, see Login options and Global settings.
OrgUnit
OrgUnit or organizational units map the structure of a company. A company usually consists of several organizational units that participate in the individual processing steps, which in turn take place in one or more organizational units. The creation and processing of data in these organizational units during the individual process steps is predominantly IT-supported using IT systems. In HITGuard, the process steps occurring in the OrgUnit as well as the data and resources used in the process can be mapped with the Structural analysis.
Practitioners
Practitioner is a user role in HITGuard.
For more on user roles, see Administration → Users/User roles.
Professionals
Professionals is a user role in HITGuard. For more on user roles, see Administration → Users/User roles.
Prüfergebnis (PE)
Beim Prüfergebnis werden mithilfe eines Assistenten Fragenkataloge und deren Antworten in HITGuard eingepflegt, die nicht aus einer Wissensdatenbank stammen. Die Prüfobjekte und Prüffragen können nach einer Überprüfung vollständig beantwortet erfasst, in einem Interview gemeinsam bearbeitet, oder dem Verantwortlichen und/oder Interviewpartner zum Self Assessment übermittelt werden. Beispielsweise können so die Inhalte eines externen Audits dokumentiert und in Auswertungen miteinbezogen werden.
Risikopolitik
Die Risikopolitik ist ein Konglomerat aus Parametern und Einstellungen für das Risikomanagement in HITGuard. Dazu gehören beispielsweise die Schutzziele, Schadensausmaße, Eintrittswahrscheinlichkeiten oder auch die Risikomatrix. Unter Risikomanagement > Risikopolitik können diese und mehr Faktoren für alle Managementsysteme konfiguriert werden, um den maximalen Nutzen aus den verschiedenen Analysen und Workflows im Risikomanagement ziehen zu können.
Mehr zur Risikopolitik finden Sie unter Risikomanagement → Risikopolitik.
RPO
RPO or Recovery Point Objective indicates how much data loss can be accepted. The RPO specifies the period of time that can elapse between two data backups. In other words, the maximum amount of data/transactions that can be lost between the last backup and the system failure. If no data loss is acceptable, the RPO is 0 seconds.
RTO
RTO or Recovery Time Objective specifies how long a business process/system may be down. The RTO specifies the time that may pass from the time of damage until the complete recovery of the business processes (recovery of: Infrastructure - Data - Reprocessing of data - Resumption of activities) may pass. The time period can range from 0 minutes (systems must be available immediately) to several days, in some cases weeks.
Sachbearbeiter
Der Sachbearbeiter ist jener Benutzer, dem vom Verantwortlichen die Bearbeitung einer Aufgabe in den verschiedenen Modulen HITGuards zugewiesen wird. Für viele Elemente, wie Risiken oder Verarbeitungstätigkeiten, werden sowohl Verantwortlicher wie auch Sachbearbeiter festgelegt, um Arbeit delegieren zu können.
Self Assessment
If a review, protection needs analysis or processing activity in HITGuard is of the Self Assessment type, then this means that this activity is to be carried out by the officer or interviewee, for example. The responsible party can then request a response to the activity from the case worker or interview partner. The clerk or interview partner answers this and returns it to the responsible person. The latter can then check and accept the response or request a new response.
TOMs
TOMs are technical and organizational measures or controls used for handling personal data.
According to Art. 32 GDPR, data controllers and the processor are required to take appropriate technical and organizational measures (TOMs for short) to ensure a level of protection appropriate to the risk. The criteria that the TOM must meet, as well as some examples of appropriate measures, are described in Art. 32(1) of the GDPR.
For more on the creation and use of TOMs in HITGuard, see Data protection → TOMs.
Überprüfung
Es gibt in HITGuard drei Arten von Überprüfungen:
- Abweichungsanalysen
- Schutzbedarfsanalysen
- Prüfergebnisse
Umsetzer
Der Umsetzer wird bei Kontrolldefinitionen festgelegt. Es ist jener Benutzer, der die Kontrolle durchführt, nachdem sie auslöst, und sie dann zur Prüfung retourniert. Mehr zu Kontrollen finden Sie unter Kontrolldefinitionen.
Verantwortlicher
Für die verschiedenen Elemente in HITGuard kann eine (oder mehrere) verantwortliche Person oder ein (oder mehrere) verantwortliches Team festgelegt werden. Bei Elementen der Stammdaten (z.B. Ressourcen oder Organisationseinheiten) ist der Verantwortliche rein informativ und aktuell nicht aktiv in Workflows involviert. Bei Elementen der verschiedenen Managementmodule ist der Verantwortliche auch in Workflows involviert. Beispielsweise implementiert er eine Maßnahme und meldet deren Fortschritt, überprüft Risiken und Verarbeitungstätigkeiten und sieht Überprüfungen unter Meine Aufgaben.
Die Rolle des Verantwortlichen für jedes Element ergibt sich aus dem Kontext bzw. kann auf der jeweiligen Seite in der Online Hilfe nachgeschlagen werden.
Processing activity/PA
PA is the abbreviation for processing activity. A legal definition of the term can be found in Art. 4 of the GDPR, where the term "processing" is defined as follows:
- any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. This means that any operation or process which in any way processes personal data, whether the data is only stored or used for analysis, is a processing activity.
Wirksamkeitsprüfung
Eine Wirksamkeitsprüfung dient dazu festzustellen, ob die Umsetzung einer Maßnahme kurz- oder auch langfristig den gewünschten Effekt erzielt hat. Dies wird in Form einer Folgemaßnahme überprüft, die sich mit dem neuen Ist-Zustand auseinandersetzt.
Wissensdatenbank/WDB
Eine Wissensdatenbank ist ein Katalog von Prüffragen, anhand dessen Compliance und Score festgestellt werden können. Wissensdatenbanken können von TogetherSecure als Abonnement bezogen oder direkt im Tool frei erstellt werden.
Mehr zu Wissensdatenbanken finden Sie unter Administration → Wissensdatenbanken.