Top

Privacy

Services:
Consulting:
Specialties

Special Engagements

Compliance

Business Continuity Planning

Data Auditing

Data Quality

Protecting Confidential and Regulated Data

Privacy

Business Intelligence

Target Marketing


Overview

Managing privacy is one of the most complex and difficult tasks facing corporations today. This complexity is driven by the differences among the current and pending laws (International, US Federal, and US State), the increasing awareness of the importance of privacy by the general population, and the inherent inconsistencies in most of Corporate America's manual and automated systems. But this problem must be solved because failure to comply with these laws has significant impact: fines, lawsuits, and lose of customer confidence.

▲Top

Services

Architecture / Planning

Planning

  •      A plan for a comprehensive Privacy Architecture is developed through interviews and assessment of your current environment.

  •       Requirements are documented based on both company and regulatory mandates.

  •      An in-depth gap analysis is performed and a high-level action plan is
         delivered.      

Program Assessment

  •        We test your Privacy Program for signs of life!! Has a once vital and meaningful program become moribund?

  •      We test to see if your program is effective. Anonymous focus groups and surveys are used to get a reading on your employee base.

  •       We will suggest programs and activities that will pump life back into your Privacy Program.

Policy Architecture Strategy

  •     Lead key Privacy stakeholders through focus sessions covering trends, laws, risks and vulnerabilities associated with sensitive data management.

  •     Facilitate work group activities during which key executives define and agree upon a long-term approach for addressing Privacy through Corporate Policies and Programs.

  •       Provide a technical team to work with your lead Privacy managers to produce Action Plans for Policy implementation.

▲Top

Policy

Assessment

  •        Evaluate existing policies against current and anticipated legislative mandates.

  •       Perform an analysis of your competition.

  •       Produce a comprehensive gap analysis along with recommendations for updating your policies.

Development

  •       A comprehensive approach to Privacy that integrates with Corporate Business Policies and IT Control Policies.

  •      Builds on existing policies or a "clean slate".

  •      Create Work group of staff stakeholder buy-in a priority.

  •      Deliver Policies plus (optionally) Procedures, Tool Requirements, Deployment Plans and Job Descriptions.

Compliance (Effectiveness)

  •        Develop an education  program of seminars and materials that equips your staff to implement and comply with Privacy Policies. Includes a self-assessment tool for line managers.

  •       Results in increased awareness of every employee's responsibility and manager's accountability for the control of sensitive data.

▲Top

Compliance

Risk Assessment

Risk assessments are structured using your selected or ours. Either self-assessment or audit-based methods can be used. All the following areas are addressed.

Network LAN access, physical security, and application security. Areas of emphasis are:
  Inbound -   remote access risks, firewalls, VPN's, dial-in's
  Internal -    desktop security, insider breaches
  Outbound - data distribution, e-mail, chat rooms, rogue web sites
Privacy Data We answer the questions: What is Privacy Data?; Where is it?; and Who can access it?
Applications What is user access control? Who and How is user access control maintained?
People Control personnel qualifications, adequacy of staffing, and training.

Outside Service Monitoring

Perform an evaluation of the risks associated with an outsourcer. Find out:

  •      How well do they comply with your policies?

  •      How well do they measure up to generally accepted procedures?

  •      Do they have a SAS70 with no material findings?

  •     Learn if your contract contains language that protects you from the consequences of outsourcer data disclosures or thefts?

This service delivers a gap analysis report with recommendations for remediation.

Remediation Planning

We work with your Line and IT Managers to develop action plans for implementing measures, procedures and tools that close any gaps discovered by an assessment.

We can also work with your line managers to implement compensating controls on an interim basis, until the technical solution is ready.

Tools Effectiveness Analysis

  • Are your tools up to the job?

  • Can you find a more cost effective solution?

  • How much training will it take?

▲Top

How do we do this

Advantageware uses a structured work approach and solid project management practices which facilitate communication throughout the entire project effort. We also use various proprietary methodologies, techniques, and tools (PrivacyRiskRater™) as we carefully work with our clients to evaluate your exposure. 

Based upon the nature and scope of the problems we uncover and your PrivacyRiskRater™ Score, we present our findings and a proposed Resolution Strategy and associated tactical level work plans. These are reviewed with the client for concurrence and approval. Advantageware can then work with the client to develop and implement the privacy solution that works. Care is taken to assist clients to identify what processes may have to be reengineered and what existing information systems and infrastructure technologies may have to integrated, upgraded or replaced. Advantageware then assists the client do whatever it takes to get the training programs, operational processes and technologies prepared for the Privacy Solution.

Advantageware gives its clients two ways to implement their privacy solution. 

  • Advantageware can partner with the client and work with them on an "as-assigned" basis. The client would manage the project and Advantageware would supply resources on an as-assigned basis.

  • Advantageware can also deliver the solution on a complete project basis. In this case, Advantageware would develop and implement the proposed solution. Advantageware would also assist the client's staff to integrate the solution into their environment and train the client's staff as required.

▲Top

Home | Compliance | Services | CompanyWhat's New

Last updated 07/22/2008
Suggestions or comments?
Terms of Use | Copyright © 2008 Advantageware, Inc.
All products and brand names are trademarks of their respective holders.