Mark E.S. Bernard privacy program health check
 

Mark E.S. Bernard privacy program health check

on

  • 462 views

Mark E.S. Bernard privacy program health check

Mark E.S. Bernard privacy program health check

Statistics

Views

Total Views
462
Views on SlideShare
462
Embed Views
0

Actions

Likes
1
Downloads
1
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Mark E.S. Bernard privacy program health check Mark E.S. Bernard privacy program health check Document Transcript

    • Mark's Privacy Program Health Check. If I were facilitating a privacy audit here’s an example of a few things that I would look for . I would need to identifyevidence to substantiate the privacy program. • Security Policy – Has your privacy program been endorsed by management assuring their support and commitment to the Privacy program? Do you have it in writing? • Security Organization – Does your privacy program have an established management framework to initiate and control the implementationof privacy program within your organization and to help you manage your ongoing privacy compliance? • Asset Classification and Control – Does your privacy program include a comprehensive inventory of private information assets? Does the privacy program include a classificationschema and governance to assign responsibilities to ensure that effective security protection is maintained? • Personnel Security – Does your privacy program include well defined job descriptions for all staff outlining privacy protection roles and responsibilities? • Physical and Environmental Security – Does your privacy program have a clear definition of personal information and the requirements to protect it so that employees are empowered to safeguard private information? • Communications and Operations Management – Does your privacy program include a formal communication strategy designed to facilitate smooth operation of your privacy program? • Access Control – Does your privacy program include controls over network management to ensure that only those with the appropriate responsibility have access to private information traversing the networks? • Systems Development and Maintenance – Does your privacy program maintain the capabilityof assuring IT projects and support activitiesare conducted in a secure manner throughout the information life cycle? • Business Continuity Management – Does your privacy program use a managed process for developing and maintaining business contingency plans that protect critical business processes handling private information from major disasters or failures? • Compliance – Does your privacy program maintainthe capabilityof demonstrating to clients, employees and authoritiesyour organizations commitment to statutory data protection or privacy legislation? *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *** Contact: Skype; Mark_E_S_Bernard, CRISC,CGEIT, CISM, CISSP,CISA, ISO 27001 Lead Auditor Twitter; @MESB_TechSecure LinkedIn; http://ca.linkedin.com/in/markesbernard