1-darsOperator rollari va boshqaruv modeli: ichki hisobot ofitseri(lar), o'rinbosar, Huquqiy, HR va tashqi provayder rollariUshbu bo'lim boshqaruv modelini va operator rollarini aniqlashtiradi. Ichki hisobot ofitserlari, o'rinbosarlari, Huquqiy, HR va tashqi provayderlar mas'uliyatlarini belgilaydi va eskalsatsiya yo'llari, mustaqillik himoyasi va zaxira tartiblarini tushuntiradi.
Mandate of the internal reporting officerDeputy arrangements and business continuityInterfaces with Legal, HR, and ComplianceUse of external ombuds or hotline providersIndependence, conflicts, and reporting lines2-darsJarayon xaritalash: qabul qilish, triage, dastlabki baholash, rasmiy tergov, tuzatish choralari, yopishUshbu bo'lim qabul qilishdan yopishgacha bo'lgan to'liq hisobot jarayonini xaritalashni tushuntiradi. Triage, dastlabki baholash, rasmiy tergov, tuzatish choralar va hujjatlashtirishni belgilaydi, rollar, muddatlar va qaror nuqtalarini aniqlashtiradi.
Designing the intake and registration stepsTriage rules and risk-based prioritizationPreliminary assessment and scopingFormal investigation workflow and controlsCorrective action, closure, and lessons learned3-darsQabul qilish, tergov va arxiv tizimlari uchun kirish nazorati va rolga asoslangan ruxsatlarUshbu bo'lim hisobot tizimlari uchun kirish nazorati tushunchalarini belgilaydi. Rolga asoslangan ruxsatlar, vazifalarni ajratish, eng kam imtiyoz va xavfsiz arxivlashni qamrab oladi, faqat ruxsat etilgan xodimlar sezgir ish ma'lumotlarini ko'rish, tahrirlash yoki eksport qilishini ta'minlaydi.
Role design for intake and investigation teamsLeast privilege and need-to-know principlesSegregation of duties and conflict checksAccess reviews and recertification cyclesSecure archive access and export controls4-darsMaxfiylik uchun texnik va tashkiliy choralar: shifrlash, psevdonimlashtirish, audit jurnallari, saqlash jadvaliUshbu bo'lim maxfiylik uchun texnik va tashkiliy himoya choralari batafsil, shifrlash, psevdonimlashtirish, kirish nazorati, logging va saqlashni qamrab oladi. Ushbu choralarni huquqiy talablar, xavf baholash va ichki xavfsizlik siyosatlariga bog'laydi.
End-to-end encryption for reporting channelsPseudonymisation and data minimization rulesSecure storage, backups, and key managementAudit logging and monitoring of accessRetention schedules and secure deletion5-darsEskalsatsiya boshqaruvi va kengash hisoboti: yuqori rahbariyat, Huquqiy, Compliance qo'mitasini jalb qilish vaqtiUshbu bo'lim eskalsatsiya qoidalari, boshqaruv tuzilmalari va kengash hisobotini tushuntiradi. Yuqori rahbariyat, Huquqiy yoki Compliance organlarini jalb qilish vaqtini aniqlashtiradi va qarorlarni hujjatlashtirish, mustaqillikni himoya qilish va qasos xavfini oldini olishni ko'rsatadi.
Escalation criteria and materiality thresholdsRoles of senior management in case handlingInvolvement of Legal and Compliance bodiesBoard and committee reporting formatsDocumenting escalation decisions6-darsHisobot kanallarini tanlash va belgilash (xavfsiz onlayn qabul formulalari, telefon hotline, pochta, shaxsan, topshirilgan email)Ushbu bo'lim hisobot kanallarini tanlash va belgilashni, onlayn formulalar, hotline, pochta, shaxsan va emailni qamrab tushuntiradi. Xavfsizlik, qulaylik, mavjudlik va hujjatlashtirishni qamrab oladi, barcha xabardorlar uchun ishonchli, qonuniy kirishni ta'minlaydi.
Channel mix: online, phone, postal, in-personSecurity requirements for each channel typeDesigning usable and clear intake formsDelegated email and mailbox managementBusiness continuity and fallback channels7-darsHinSchG ga mos muddatlar va SLA: tasdiqlash muddati, tergov bosqichlari, xabardorga fikr bildirishUshbu bo'lim HinSchG bo'yicha muddatlar va SLA ga e'tibor qaratadi. Tasdiqlash muddatlari, tergov bosqichlari va fikr bildirish majburiyatlarini tushuntiradi va ularni jarayonlar, vositalar va monitoring dashboardlariga joylashtirishni ko'rsatadi.
HinSchG timelines and legal benchmarksAcknowledgement and status update deadlinesInvestigation duration and milestone trackingFeedback obligations to the reporterMonitoring SLA breaches and remediation8-darsKo'p tilli va kirish imkoniyatlari talablari (nemis, ingliz va nemis-avstriya til masalalari; anonim hisobot variantlari)Ushbu bo'lim xabardorlar uchun ko'p tilli va kirish imkoniyatlari ehtiyojlarini hal qiladi. Nemis va ingliz tilidan foydalanish, avstriya variantlari, oddiy til, anonim variantlar va nogironliklar uchun imkoniyatlarni qamrab oladi, barcha hisobot kanallariga teng, xavfsiz kirishni ta'minlaydi.
Language strategy for German and EnglishHandling Austrian-German terminologyPlain language and easy-to-read draftingAccessibility for disabilities and assistive techAnonymous and confidential reporting options9-darsUchinchi tomon provayder baholash va shartnoma bandlari (DPA, maxfiylik, audit huquqlari, javob vaqti uchun SLA)Ushbu bo'lim tashqi hotline yoki platforma provayderlarini baholashga yo'l ko'rsatadi. Tekshiruv, DPA, maxfiylik, audit huquqlari, SLA va doimiy monitoringni qamrab oladi, huquqiy rioya, ma'lumot xavfsizligi va ishonchli xizmat yetkazib berishni ta'minlaydi.
Due diligence on hotline and platform vendorsData Processing Agreement key clausesConfidentiality and conflict-of-interest termsAudit and inspection rights in contractsSLAs for uptime and response times10-darsShablon hujjatlar va yozuvlarni saqlash: qabul formulalari, tasdiqlash xatlari, tergov rejalari, yakuniy hisobotlar, tahrirlash shablonlariUshbu bo'lim ish hayoti davomida majburiy shablonlar va yozuvlarni qamrab oladi. Qabul qilish, tasdiqlashlar, tergov rejalari, hisobotlar va tahrirlashlarni standartlashtirishni tushuntiradi, izchillik, audit va HinSchG hamda GDPR ga rioya qilishni ta'minlaydi.
Standardized intake and case opening formsAcknowledgement and follow-up letter templatesInvestigation planning and scoping templatesFinal report and management summary formatsRedaction standards for shared documents
