Somo 1Majukumu ya wafanyabiashara na muundo wa utawala: maafisa wa kuripoti wa ndani, naibu, Sheria, HR na majukumu ya watoa huduma wa njeSehemu hii inafafanua muundo wa utawala na majukumu ya wafanyabiashara. Inafafanua majukumu ya maafisa wa kuripoti wa ndani, naibu, Sheria, HR na watoa huduma wa nje, na inaelezea njia za kupandisha, kinga za uhuru na mipango ya cheche.
Mandate of the internal reporting officerDeputy arrangements and business continuityInterfaces with Legal, HR, and ComplianceUse of external ombuds or hotline providersIndependence, conflicts, and reporting linesSomo 2Uchora wa mchakato: uchukuzi, uchambuzi, tathmini ya awali, uchunguzi rasmi, hatua za kurekebisha, kufungaSehemu hii inaelezea jinsi ya kuchora mwendo wa kuripoti wa mwisho kutoka kwa uchukuzi hadi kufunga. Inafafanua uchambuzi, tathmini ya awali, uchunguzi rasmi, hatua za kurekebisha na hati, ikihakikisha uwazi wa majukumu, ratiba na pointi za maamuzi.
Designing the intake and registration stepsTriage rules and risk-based prioritizationPreliminary assessment and scopingFormal investigation workflow and controlsCorrective action, closure, and lessons learnedSomo 3Udhibiti wa ufikiaji na ruhusa zinazotegemea majukumu kwa mifumo ya uchukuzi, uchunguzi na hifadhiSehemu hii inafafanua dhana za udhibiti wa ufikiaji kwa mifumo ya kuripoti. Inashughulikia ruhusa zinazotegemea majukumu, kutenganisha majukumu, haki ndogo na kuhifadhi salama, ikihakikisha kuwa wafanyakazi walioidhinishwa pekee wanaweza kuona, kuhariri au kusafirisha data nyeti ya kesi.
Role design for intake and investigation teamsLeast privilege and need-to-know principlesSegregation of duties and conflict checksAccess reviews and recertification cyclesSecure archive access and export controlsSomo 4Hatua za kiufundi na kimfumo kwa usiri: usimbu fiche, kutumia majina ya siri, kumbukumbu za ukaguzi, ratiba za uhifadhiSehemu hii inaelezea kinga za kiufundi na kimfumo kwa usiri, ikijumuisha usimbu fiche, kutumia majina ya siri, udhibiti wa ufikiaji, kuingiza na uhifadhi. Inahusisha hatua hizi na mahitaji ya kisheria, tathmini za hatari na sera za usalama wa ndani.
End-to-end encryption for reporting channelsPseudonymisation and data minimization rulesSecure storage, backups, and key managementAudit logging and monitoring of accessRetention schedules and secure deletionSomo 5Utawala wa kupandisha na kuripoti kwa bodi: wakati wa kuwahusisha wasimamizi wakubwa, Sheria, Kamati ya Kuzingatia SheriaSehemu hii inaelezea sheria za kupandisha, miundo ya utawala na kuripoti kwa bodi. Inafafanua wakati wa kuwahusisha wasimamizi wakubwa, Sheria au miili ya Kuzingatia Sheria, na jinsi ya kuandika maamuzi, kulinda uhuru na kuepuka hatari za kulipiza kisasi.
Escalation criteria and materiality thresholdsRoles of senior management in case handlingInvolvement of Legal and Compliance bodiesBoard and committee reporting formatsDocumenting escalation decisionsSomo 6Chaguo na ufafanuzi wa njia za kuripoti (fomu za uchukuzi mtandaoni salama, hotline ya simu, posta, ana kwa ana, barua pepe iliyotumwa)Sehemu hii inaelezea jinsi ya kuchagua na kufafanua njia za kuripoti, ikijumuisha fomu za uchukuzi mtandaoni, hotline ya simu, posta, ana kwa ana na barua pepe iliyotumwa. Inashughulikia usalama, utumiaji rahisi, upatikanaji na hati ili kuhakikisha ufikiaji wa kuaminika na kufuata sheria kwa wote wanaoripoti.
Channel mix: online, phone, postal, in-personSecurity requirements for each channel typeDesigning usable and clear intake formsDelegated email and mailbox managementBusiness continuity and fallback channelsSomo 7Tarehe za mwisho na SLA zinazofuata HinSchG: muda wa kutambua, hatua za uchunguzi, maoni kwa mwandishiSehemu hii inalenga tarehe za mwisho na SLA chini ya HinSchG. Inaelezea ratiba za kutambua, hatua za uchunguzi na wajibu wa maoni, na inaonyesha jinsi ya kuzipachika katika taratibu, zana na dashibodi za kufuatilia kwa kufuata sheria.
HinSchG timelines and legal benchmarksAcknowledgement and status update deadlinesInvestigation duration and milestone trackingFeedback obligations to the reporterMonitoring SLA breaches and remediationSomo 8Mahitaji ya lugha nyingi na upatikanaji (Kijerumani, Kiingereza na mazingatio ya lugha ya Kijerumani-Austria; chaguo za kuripoti bila jina)Sehemu hii inashughulikia mahitaji ya lugha nyingi na upatikanaji kwa wanaoripoti. Inashughulikia matumizi ya Kijerumani na Kiingereza, tofauti za Austria, lugha rahisi, chaguo za kutofichua jina na mipango kwa ulemavu, ikihakikisha ufikiaji sawa na salama kwa njia zote za kuripoti.
Language strategy for German and EnglishHandling Austrian-German terminologyPlain language and easy-to-read draftingAccessibility for disabilities and assistive techAnonymous and confidential reporting optionsSomo 9Tathmini ya watoa huduma wa tatu na vifungu vya mkataba (DPA, usiri, haki za ukaguzi, SLA kwa nyakati za majibu)Sehemu hii inaongoza tathmini ya watoa huduma wa nje wa hotline au jukwaa. Inashughulikia uchunguzi wa kina, DPA, usiri, haki za ukaguzi, SLA na kufuatilia endelevu ili kuhakikisha kufuata sheria, usalama wa data na utoaji wa huduma wa kuaminika.
Due diligence on hotline and platform vendorsData Processing Agreement key clausesConfidentiality and conflict-of-interest termsAudit and inspection rights in contractsSLAs for uptime and response timesSomo 10Hati za templeti na uhifadhi wa rekodi: fomu za uchukuzi, barua za kutambua, mipango ya uchunguzi, ripoti za mwisho, templeti za kurekebishaSehemu hii inashughulikia templeti za lazima na rekodi katika mzunguko wa maisha ya kesi. Inaelezea jinsi ya kusawazisha uchukuzi, kutambua, mipango ya uchunguzi, ripoti na marekebisho ili kuhakikisha usawaziko, uwezo wa ukaguzi na kufuata HinSchG na GDPR.
Standardized intake and case opening formsAcknowledgement and follow-up letter templatesInvestigation planning and scoping templatesFinal report and management summary formatsRedaction standards for shared documents
