Users of the trust network conform to the TTP policy. Business users are expected to provide an annual statement of compliance with the obligations of the TTP policy, in particular the TTP Code of Conduct GDPR. The MYOBI compliance team supports the users with tools and organizes a compliance approach.
MYOBI itself also uses the compliance team to perform compliance work. Caroline Willemse fulfills the role of Head of Compliance for MYOBI.
Agenda and activities
The compliance team annually draws up an agenda with activities to be performed for:
Facilitating users of the trust network, see accountability and accountability; and
The MYOBI compliance. We give an impression of this internal work.
MYOBI implements a compliance approach to be able to comply with the TTP policy itself. This approach means that a risk analysis is used to determine which business activities have an inherent risk that can affect the confidentiality, reliability and continuity of the business and personal data. It is then determined which control measures can sufficiently mitigate the threats for the target maturity level on the basis of the baselines. Depending on the level of the risk, the periodicity of the internal control to determine the effective operation of the measure during the year is determined. Based on the information ecosystem, the compliance team determines which rights must be received and which obligations must be met. The execution of the checks and the results thereof is recorded in files.
MYOBI has the ambition to reach maturity level 3 before 2022. This requires that the requirements for this level as mentioned in the overview ‘Handles for meeting the maturity level’ must be met. MYOBI must also organize itself in 2022 or early 2023 to be certified for ISO 27001, ISO 27701 and NEN 7510.
Internal control and reporting
The compliance team verifier records which plausibility tests have been carried out and keeps a record of the discussions with and inspections carried out at companies. These files are accessible to the Accountability Board of MYOBI and the Monitoring Body of the Association IE.
In addition, a file is kept in which the audit work performed by the compliance team for MYOBI is recorded. That is the basis for MYOBI’s DPO to base its confirmation on.
Feel free to contact MYOBI’s compliance department on +31 (70) 362 18 07 or firstname.lastname@example.org.