In today’s environment, it is important for organizations to address any risk associated with privacy requirements.
An effective privacy program is built on a set of well-defined and clearly stated business objectives. Key objectives articulate the ideal performance results that the company expects from that process. When determining what process improvements are needed to reach the next level of maturity, evaluators should consider the importance of the process being addressed. As the importance of a process increases, its desired capability increases.
This tool features a number of leading practices for the privacy program process, including:
- Develop a body of policies, procedures and standards that aim to document the organization’s critical business processes in order to establish the processes as repeatable and managed
- Develop and implement an information security awareness program to educate the organization’s employees and contractors on information security policies, procedures and standards
- Develop and implement distribution mechanisms to communicate the program to the appropriate parties
- Develop network security monitoring requirements based on the above network security architecture
- Develop network security policies and standards that govern and drive processes and procedures