Accountability Reporting |
|
|
|
Many organizations find it advantageous to report the status of their privacy program to internal stakeholders, such as senior management and operational units, and in some cases, to external stakeholders such as regulators/DPAs/AGs/Commissioners or business partners.
|
Nymity’s Accountability Reporting tool assists the privacy office in reporting the status of their privacy program as an:
- Assertion: Privacy office reports the status based on the knowledge gained implementing and maintaining the program likely in cooperation with the operational units involved
- Attestation: Privacy office conducts a privacy assessment and attests the status of their privacy program
or they help prepare for: - Validation: Privacy office prepares for an internal audit
- Verification: Privacy office prepares for an external assessment, audit or Trustmark
Flexible and Creditable
To best assist the privacy office in reporting the status of their privacy program the reports are structured based on the AICPA/CICA Privacy Maturity Model. The Privacy Maturity Models provide for a high degree of flexibility on implementation and creditability in delivery.
Flexibility includes: - Deployment: It can be deployed by department, data store, division and presented as an organizational report.
- Application: Being based on a maturity model it reports the status of the privacy program in a business friendly, risk-based format.
- Goal Setting: The reporting tool allows for the setting of goals should the organization need reports to include desired state, when applicable.
- Applicable: The reporting tool takes into consideration criteria that do not apply, for example when reporting the status of service-providers.
- Usage: If being used as an attestation comments can be added to each criteria based on the organization’s attestation practices.
- Graphical Reporting: A wide varity of reports can be generated including organization/department comparisons.
- Industry Comparisons: Compare your privacy programs against all organizations or specifically against organizations in your industry.
The creditability is gained as the reporting tool was built using the AICPA/CICAPrivacy Maturity Module which is based on the Generally Acceptable Privacy Principles. |
AICPA/CICA Privacy Maturity Model |
| Ad hoc |
procedures or processes are generally informal, incomplete, and inconsistently applied. |
| Repeatable |
procedures or processes exist; however, they are not fully documented and do not cover all relevant aspects. |
| Defined |
procedures and processes are fully documented and implemented, and cover all relevant aspects. |
| Managed |
reviews are conducted to assess the effectiveness of the controls in place. |
| Optimized |
regular reviews and feedback are used to ensure continuous improvement towards optimization of the given process. |
Nymity’s Accountability Reporting is a two step process.
Step One – Create Maturity Models
Depending on your reporting requirements, create maturity models by department, location, process or risk; decide which of the GAPP 73 criteria apply. Then select the current status and/or the goal for each of the criteria. The selection options are one of the five levels of maturity. For each criteria, notes can be added, for example, documenting current controls that meet the status, or documenting the controls to be added to meet the goals.
Step Two – Produce Reports
Nymity’s Accountability Reporting software tool provides several reporting options, all include graphical representations. Subscribers can report on one to five maturity models in the same report and/or compare maturity models to organizational and industry averages. Subscribers can produce summary reports, detailed reports, or principle level reports. All reports can be downloaded and customized.