WO2015150895A1 - Système et procédé de contrôle et de suivi d'obligations normativo-légales - Google Patents

Système et procédé de contrôle et de suivi d'obligations normativo-légales Download PDF

Info

Publication number
WO2015150895A1
WO2015150895A1 PCT/IB2015/000404 IB2015000404W WO2015150895A1 WO 2015150895 A1 WO2015150895 A1 WO 2015150895A1 IB 2015000404 W IB2015000404 W IB 2015000404W WO 2015150895 A1 WO2015150895 A1 WO 2015150895A1
Authority
WO
WIPO (PCT)
Prior art keywords
legal
server
monitoring
obligations
control
Prior art date
Application number
PCT/IB2015/000404
Other languages
English (en)
Spanish (es)
Inventor
Héctor SAN-ROMÁN-RIVERA
Original Assignee
San-Román-Rivera Héctor
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by San-Román-Rivera Héctor filed Critical San-Román-Rivera Héctor
Publication of WO2015150895A1 publication Critical patent/WO2015150895A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management

Definitions

  • the present invention is related to systems that facilitate regulatory and legal compliance by means of methods that allow for precise control and monitoring of each of the activities assigned to the user of the system, and more particularly is related to a system and procedure for the control and monitoring of legal-legal obligations.
  • legal obligations may include actions that are required to be carried out with respect to an issue and may be based on policies (retention policies, privacy policies and security policies). These legal obligations may include, for example, a legal hold to preserve potential evidence data on the site or collect potential evidence data.
  • policies retention policies, privacy policies and security policies.
  • legal obligations may include, for example, a legal hold to preserve potential evidence data on the site or collect potential evidence data.
  • the system described above is related to specific legal obligations for data, which differ totally from what is intended to be protected in the present invention, since they solve different technical problems.
  • US Patent Application No. US 2007/0061158 A (Fry et al.), which describes systems, methods and machine-readable means to administer compliance with legal obligations using complexity factors.
  • said method comprises: receiving, in a compliance assurance system, legal obligation information for a plurality of legal obligations; receive in the compliance assurance system, a complexity factor associated with the respective legal obligation; storing, in the compliance assurance system, the legal obligation information and complexity factors; create a report, with the compliance assurance system; and, show said report.
  • a further example of systems for monitoring regulatory obligations is described in US Patent Application No. US 2007 / 0061156A (Fry et al.).
  • a compliance assurance system comprising a user interface, a logic and a data storage.
  • the user interface is configured to receive a request from a user to show at least a subset of legal obligations assigned to the user and to show the subset of legal obligations.
  • the logic is configured to obtain the subset of legal obligations of data storage.
  • Data storage includes a plurality of legal obligations and a plurality of compliance plans, each associated with one of the legal obligations. Compliance plans specify at least one action to comply with the associated legal obligation.
  • a further object of the present invention is to provide a system and procedure for the control and monitoring of legal-legal obligations, which allows the permanent updating of the applicable regulations remotely.
  • Another object of the present invention is to provide a system and procedure for the control and monitoring of legal-legal obligations, which allows the protection of the information contained in a database in order to, where appropriate, enable and facilitate the generation of all kinds of reports including White Books.
  • the present invention is related to a system for the control and follow-up of the legal-regulatory obligations that govern the company, institution or public body where said system is implemented.
  • the present system comprises at least one electronic device that stores and processes information, to be operated by a user and is interconnected to a first server and a second server; a first server that stores and processes information, which is interconnected with the electronic device and with a second server; and a second server that stores and processes information, which is interconnected with the electronic device and with the first server; the second server may be located geographically in a position close or remote to the first server.
  • the electronic device is assigned and operated by a user of the system, where said user represents an employee or an official of the company, institution or public body where said system is implemented for control and monitoring, and is through said electronic device that the user manages his participation within the system.
  • Said electronic device comprises an information processing module that is responsible for processing and displaying the information that comes from both the first server and the second server.
  • the first server is responsible for storing a first database, which contains information on each of the users of this system for control and monitoring and a second database, which includes the regulatory universe that governs the company, institution or public body where said system is implemented.
  • the second server has an update module, which is responsible for carrying out, whenever required, updating the module Information processing of the electronic device and updating of the second database stored on the first server.
  • each of the following stages must be carried out: definition of the organizational structure; definition of a normative universe; carry out a normative dissection; assignment of compliance; compliance attention; generation of evidence of compliance; and, regulatory update.
  • Figure 1 is a block diagram of the arrangement of the elements that make up a preferred embodiment of the system for the control and monitoring of legal-regulatory obligations of the present invention.
  • Figure 2 is a block diagram of the sequence of the steps that make up the procedure for the control and monitoring of legal-regulatory obligations of the present invention.
  • FIG. 1 it shows the provision and elements that integrate the system for the control and monitoring of legal-legal obligations 10, object of the present invention, conformed according to a particularly preferred embodiment, which should be considered only as illustrative but not limited thereto, wherein said system for control and monitoring 10 comprises: less an electronic device 100 that stores and processes information, to be operated by a user 101 and is interconnected to a first server 200 and a second server 300; a first server 200 that stores and processes information, which is interconnected with the electronic device 100 and with a second server 300; and a second server 300 that stores and processes information, which is interconnected with the electronic device 100 and with the first server 200; the second server 300 may be located geographically in a position close or remote to the first server 200.
  • the electronic device 100 is preferably a computer equipment that contains all the electrical and electronic elements necessary to allow the storage of information from both the first server 200 and the second server 300, in addition to also having all the necessary elements for processing and generation of instructions and information to said first server 200 and second server 300.
  • some elements that make up the electronic device 00 are at least one power source; a memory device; a processing element; a network card (wired and / or wireless); peripheral input devices (keyboard and / or mouse); and, peripheral output devices (printer and / or monitor).
  • the electronic device is preferably a computer equipment that contains all the electrical and electronic elements necessary to allow the storage of information from both the first server 200 and the second server 300, in addition to also having all the necessary elements for processing and generation of instructions and information to said first server 200 and second server 300.
  • some elements that make up the electronic device 00 are at least one power source; a memory device; a processing element; a network card (wired and / or wireless); peripheral input devices (keyboard and / or mouse); and
  • a desktop computer preferably using a desktop computer in the present mode.
  • a laptop preferably using a desktop computer in the present mode.
  • a smart cell phone smart cell phone
  • the electronic device 100 is assigned and operated by a user
  • the electronic device 100 assigned to it has an information processing module 110, which is responsible for processing and displaying the information that comes from both the first server 200 and the second server 300.
  • Said information processing module 110 has a graphical interface that is displayed on one of the peripheral output devices (monitor) of the electronic device 100.
  • the user 101 is assigned an email account 20 where you can check, among other things, notifications of upcoming obligations to expire which will be detailed later.
  • the first server 200 is preferably a computer equipment that contains all the electrical and electronic elements necessary to allow the storage and processing of information from both the electronic device 100 and the second server 300. Some elements that make up the first server 200 are at least , a power supply; a memory device; a processing element; a network card (wired and / or wireless); peripheral input devices (keyboard and / or mouse); and, peripheral output devices (printer and / or monitor).
  • the first server 200 is responsible for storing a first database 210, which contains information on each of the users 101 of the present system for control and monitoring 10 and a second database 220, which comprises the regulatory universe that governs the company, institution or public body where said system 10 is implemented, which will be detailed in subsequent paragraphs.
  • the second server 300 is preferably a computer equipment that contains all the electrical and electronic elements necessary to allow the storage and processing of information from both the electronic device 100 and the first server 200. Some elements that make up the second server 300 are at least one power source; a memory device; a processing element; a network card (wired and / or wireless); peripheral input devices (keyboard and / or mouse); and peripheral output devices (printer and / or monitor). Said second server 300 may be geographically located at a location near the first server 200 or at a distant location, making it a remote server.
  • the second server 300 has an update module 310, which is responsible for carrying out, whenever required, the update of the information processing module 110 of the electronic device 100 and the update of the second database 220 stored on the first server 200.
  • the interconnection between the electronic device 100, the first server 200 and the second server 300 can be carried out by means of a local communication network (LAN type) or by means of TCP / IP protocols (Internet type).
  • LAN type local communication network
  • TCP / IP protocols Internet type
  • the information processing module 110 is stored in the first server 200 and not in the electronic device 100, and the user 101 accesses said information processing module 110 through a web browser .
  • each of the following stages must be carried out: definition of the organizational structure 1000; definition of a 2000 normative universe; carry out a normative dissection 3000, which includes the elaboration of a normative matrix; assignment of compliance 4000; 5000 compliance attention; generation of evidence of compliance 6000; and, normative update 7000, which includes permanent monitoring of normative genesis.
  • each of the users 101 who are part of the company, institution or public organization where the present system for control and monitoring is installed is identified and defined 10.
  • the internal, external, substantive and adjective normative universe that governs the company, institution or public body where the control and monitoring system is implemented is identified 10.
  • the definition of the normative universe is the quantitative identification of which and how many laws and / or norms govern the organization (federal and state political constitutions, municipal factions, laws, decrees, international treaties, regulations, official norms, circulars, offices, manuals, permits , concessions, franchises, licenses, authorizations, policies, codes of ethics, contracts, agreements, orders, agreements, sentences, awards, resolutions, strategic projects, including those that come from the governing bodies of the institutions, etc.).
  • the digital information related to said normative universe is loaded into the second database 220 of the first server 200 for consultation and subsequent reference of at least the electronic device 100 that is interconnected to said first server 200.
  • the regulatory universe can be consulted at any time by the user 101 of the present system for control and monitoring 10 through the information processing module 110 installed in Your electronic device 100.
  • normative universe With the normative universe already defined, it continues with a normative dissection of said normative universe, which includes the elaboration of a normative matrix that contains, individually, each one of the rights and obligations that must be attended by each of the users 101 of this system for control and monitoring 10; wherein said regulatory matrix also includes qualitative information of each of the obligations assigned to the user 101.
  • the regulatory matrix is stored within the first database 210 of the first server 200 and correlates with the organizational structure previously stored in said first database as well, so that each of the users 101 is assigned the obligations under his charge along with the quantification of the risks associated with compliance.
  • the regulatory matrix may contain the following information:
  • Compliance date corresponds to the date from which compliance enters the system for control and monitoring 10.
  • ⁇ Date received corresponds to the date from which, each user 101 responsible for compliance, knows the existence of compliance.
  • Type of periodicity corresponds to the times that an obligation must be met in a timeline (daily, weekly, monthly, etc.).
  • Priority of the right or obligation corresponds to the level of importance that has the attention of that standard (high, medium or low).
  • Risk level corresponds to the level of risk that this compliance has for the organization based on the damage that the non-compliance could generate to the organization (high, medium or low).
  • Type of risk corresponds to a classification of the different types of risks that may affect the organization (financial, legal, operational, technological, etc.).
  • Amount of the fine or penalty corresponds to the amount of money that organizations must pay when they fail to comply with an obligation.
  • Sanction corresponds to the type of punishment that the user 101 responsible for compliance will receive for failing to meet the obligations under his charge, being able to correspond an administrative, criminal, civil, etc. sanction.
  • Responsible area corresponds to the operational area within the organization that is responsible for fulfilling the task derived from compliance, for delivering the information emanating from their daily activities or for presenting evidence of compliance with the assigned task.
  • the compliance assignment stage 4000 is carried out, which consists of the assignment to the user 101, through the information processing module 110 of the electronic device 100, of each of the regulatory obligations contained in the regulatory matrix that correspond to it and that is directly responsible for attending to its compliance. Fits mention that the hierarchical superior of the user 101 can also consult and visualize the normative-legal obligations assigned by said user 101. In this way, the assignment of compliance allows identifying the obligations to be addressed in each of the areas of the organization, that allows to achieve the institutionalization of the information, thus avoiding the breaches caused by the ignorance, absences or the rotation of the personnel responsible for attending the compliance.
  • said compliance assignment stage 4000 and according to the type of periodicity determined in the regulatory matrix, all the necessary steps are taken to configure the sending of an alert to the electronic device 100 assigned to the user 101, which, in a Preferred mode is sent via email to the email account 120 assigned to said user 101.
  • Said alert is generated for each of the obligations assigned to the user 01 and may contain the following information: notice of the assignment of A homework; deadline for the fulfillment of the assigned task; time remaining for the expiration of an obligation; name of the user responsible for compliance; compliance creation date; date of assignment of compliance; compliance text; percentage of compliance progress; expiration date of compliance and / or, financial impact that it would have not completed in due time and form compliance.
  • One of the characteristics that is worth mentioning about the sending of alerts of said stage 4000, is that its configuration incorporates an ascending escalation in the hierarchy of the organization when the compliance is not attended to in a timely manner. For example, if a user 101 who has been assigned the fulfillment of a certain obligation, does not fulfill said obligation adequately, in a timely manner, the alert related to said obligation is sent to the hierarchical superior of said user 101.
  • the user 101 In the compliance stage 5000, the user 101, through the information processing module 110, which is executed in the electronic device 100, carries out the control and monitoring of the obligations assigned to it.
  • the user 101 In the information processing module 1 0, the user 101 manages his participation in the present system for the control and monitoring 10 and in it, the user 101 can:
  • the information processing module 110 allows the interaction between the user 101 responsible for the obligation and its hierarchical superior and / or the applicant for the information, so that the attention of each obligation is relieved according to the applicable regulations. It also allows that, in the event that compliance has not been made correctly, it is returned to the user 101 responsible for compliance for timely correction.
  • said information processing module 110 incorporates a search tool and filters on specific compliance and topics.
  • a digital can be integrated into the fulfillment of each of the assigned tasks or obligations.
  • the aforementioned evidence is included in the stage of generating evidence of compliance 6000, where said evidence is stored in the second database 220 of the first server 200, being linked to the fulfillment of each of the tasks or obligations assigned to the user 101.
  • such evidence may be consulted subsequently under the regulations in force at the time of its release, even if it is no longer in force.
  • Non-compliance task which is not incorporated into the regulatory matrix and follows a procedure similar to the incorporation of additional tasks described above.
  • the present procedure contemplates the stage of the normative update 7000, through which, it is carried out periodically the updating of the normative universe contained in the second database 220 of the first server 200. With said update, the updating of the normative matrix contained in said first server 200 is carried out autonomously.
  • the person in charge of carrying out all the necessary steps to carry out the normative update 7000 is the second server 300, which, through its interconnection with the first server 200, performs a periodic monitoring of the information contained in the second database 220 and updates the information as soon as it detects that there have been modifications in the current regulations. Said activity is carried out by the update module 310 located in said second server 300 and of which no further details will be given, since its operation and operation is widely known in the state of the art.
  • This stage also includes a permanent monitoring of the normative genesis, which corresponds to the periodic review of various regulatory documents, which include the state, municipal, official gazettes of the federation, publications made by the Federal Commission of Regulatory Improvement, publications made by the chambers and industry associations, law initiatives presented in the Chamber of Deputies and Congress, assemblies of representatives, local congresses, internal areas and bodies of companies or institutions, among others, which could modify the normative universe previously defined in stage 2000, thus allowing the permanent updating of the normative matrix elaborated in stage 3000.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Human Resources & Organizations (AREA)
  • Operations Research (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Data Mining & Analysis (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Telephonic Communication Services (AREA)
  • Selective Calling Equipment (AREA)

Abstract

La présente invention concerne un système pour le contrôle et suivi d'obligations normativo-légales qui comprend au moins un dispositif électronique qui stocke et traite des informations, destiné à être exploité par un utilisateur et relié à un premier serveur et à un second serveur; un premier serveur qui stocke et traite des informations, lequel est relié au dispositif électronique et à un second serveur; et un second serveur qui stocke et traite des informations, lequel est relié au dispositif électronique et au premier serveur; le second serveur pouvant être situé géographiquement à proximité ou à distance du premier serveur et le dispositif électronique étant affecté et exploité par un utilisateur, ledit utilisateur représentant un employé ou un fonctionnaire de l'entreprise, de l'institution ou de l'organisme public où est mis oeuvre ledit système de contrôle et suivi.
PCT/IB2015/000404 2014-03-31 2015-03-26 Système et procédé de contrôle et de suivi d'obligations normativo-légales WO2015150895A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MXMX/A/2014/003926 2014-03-31
MX2014003926A MX2014003926A (es) 2014-03-31 2014-03-31 Sistema y procedimiento para el control y seguimiento de obligaciones normativo-legales.

Publications (1)

Publication Number Publication Date
WO2015150895A1 true WO2015150895A1 (fr) 2015-10-08

Family

ID=54239458

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2015/000404 WO2015150895A1 (fr) 2014-03-31 2015-03-26 Système et procédé de contrôle et de suivi d'obligations normativo-légales

Country Status (2)

Country Link
MX (1) MX2014003926A (fr)
WO (1) WO2015150895A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10685025B2 (en) 2017-08-29 2020-06-16 International Business Machines Corporation Generating a data structure that maps two files

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111612601B (zh) * 2020-04-17 2023-05-09 北京智信度科技有限公司 基于服务机构的上市公司的财务风险识别方法及装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070061158A1 (en) * 2005-09-09 2007-03-15 Qwest Communications International Inc. Compliance management using complexity factors
US20070143355A1 (en) * 2005-12-13 2007-06-21 Qwest Communications International Inc. Regulatory compliance advisory request system
US20080027746A1 (en) * 2000-08-11 2008-01-31 Marian Exall Systems and methods for employment law compliance, establishment, evaluation and review
US20090327021A1 (en) * 2008-06-27 2009-12-31 Pss Systems, Inc. System and method for managing legal obligations for data

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080027746A1 (en) * 2000-08-11 2008-01-31 Marian Exall Systems and methods for employment law compliance, establishment, evaluation and review
US20070061158A1 (en) * 2005-09-09 2007-03-15 Qwest Communications International Inc. Compliance management using complexity factors
US20070143355A1 (en) * 2005-12-13 2007-06-21 Qwest Communications International Inc. Regulatory compliance advisory request system
US20090327021A1 (en) * 2008-06-27 2009-12-31 Pss Systems, Inc. System and method for managing legal obligations for data

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10685025B2 (en) 2017-08-29 2020-06-16 International Business Machines Corporation Generating a data structure that maps two files
US10997181B2 (en) 2017-08-29 2021-05-04 International Business Machines Corporation Generating a data structure that maps two files

Also Published As

Publication number Publication date
MX2014003926A (es) 2015-09-30

Similar Documents

Publication Publication Date Title
Cassar Environmental management: guidelines for museums and galleries
Noraziani et al. An overview of electronic medical record implementation in healthcare system: Lesson to learn
Bilau et al. Practice framework for the management of post-disaster housing reconstruction programmes
Mohammed US healthcare industry: Cybersecurity regulatory and compliance issues
Pero et al. In the “service” of migrants: the temporary resident biometrics project and the economization of migrant labor in Canada
Roper et al. International facility management
WO2015150895A1 (fr) Système et procédé de contrôle et de suivi d'obligations normativo-légales
Upton et al. Using QR codes to enable quick access to information in acute cancer care
Wild et al. The supply and distribution of essential medicines in Malawi
Bouesseau Strengthening research ethics review systems
Chang The dark cloud of convenience: How the HIPAA omnibus rules fail to protect electronic personal health information
Cruess et al. Professional trust
Kareem Do Pandemics Disrupt or Seed Transformations in Cities? A Systematic Review of Evidence
Ladd et al. Shedding light on nurse practitioner prescribing
Rubin et al. Next generation public health emergency readiness: standardized tools and a threat agnostic biosurveillance system
Shelke et al. Applications of Blockchain: A Healthcare Use Case
Chung et al. Enhancing information privacy and data sharing in a healthcare IT firm: The case of Ricerro communications
Rose New nist revisions–what do they mean for regulatory compliance?
Selker Comparative effectiveness research: medical practice, payments, and politics: the need to retain standards of medical research
Were Management of records in health institutions
Nair et al. A Comparative Study of Security and Privacy in Electronic Health Records
Younger Employee Assistance Programs
Alraimi et al. Strengthening Health Systems in Conflict: Evidence-Based Policies for Quality Care in Yemen
Ron Sterling CPA Defend your practice against HIPAA violations
Cohen The Evolving Legal Framework Regulating Commercial Data Security Standards

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15773621

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS (EPO FORM 1205N DATED 06.02.2017)

122 Ep: pct application non-entry in european phase

Ref document number: 15773621

Country of ref document: EP

Kind code of ref document: A1