Mark E.S. Bernard privacy program health check

206 views

Published on

Mark E.S. Bernard privacy program health check

Published in: Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
206
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
2
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Mark E.S. Bernard privacy program health check

  1. 1. Mark's Privacy Program Health Check. If I were facilitating a privacy audit here’s an example of a few things that I would look for . I would need to identifyevidence to substantiate the privacy program. • Security Policy – Has your privacy program been endorsed by management assuring their support and commitment to the Privacy program? Do you have it in writing? • Security Organization – Does your privacy program have an established management framework to initiate and control the implementationof privacy program within your organization and to help you manage your ongoing privacy compliance? • Asset Classification and Control – Does your privacy program include a comprehensive inventory of private information assets? Does the privacy program include a classificationschema and governance to assign responsibilities to ensure that effective security protection is maintained? • Personnel Security – Does your privacy program include well defined job descriptions for all staff outlining privacy protection roles and responsibilities? • Physical and Environmental Security – Does your privacy program have a clear definition of personal information and the requirements to protect it so that employees are empowered to safeguard private information? • Communications and Operations Management – Does your privacy program include a formal communication strategy designed to facilitate smooth operation of your privacy program? • Access Control – Does your privacy program include controls over network management to ensure that only those with the appropriate responsibility have access to private information traversing the networks? • Systems Development and Maintenance – Does your privacy program maintain the capabilityof assuring IT projects and support activitiesare conducted in a secure manner throughout the information life cycle? • Business Continuity Management – Does your privacy program use a managed process for developing and maintaining business contingency plans that protect critical business processes handling private information from major disasters or failures? • Compliance – Does your privacy program maintainthe capabilityof demonstrating to clients, employees and authoritiesyour organizations commitment to statutory data protection or privacy legislation? *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *** Contact: Skype; Mark_E_S_Bernard, CRISC,CGEIT, CISM, CISSP,CISA, ISO 27001 Lead Auditor Twitter; @MESB_TechSecure LinkedIn; http://ca.linkedin.com/in/markesbernard

×