
A global financial management software service was looking for support to assess their current privacy program against a recognized privacy framework, to enable the support or continued maturity of the Program and the associated Controls.
The client asked Myna to undertake an assessment of their program, identify gaps and risks, and identify the level of maturity each control had when aligned against a recognized Privacy Maturity Model. As a multinational organization the assessment had to align to multiple jurisdictions and support their current Privacy Operating Model.
our approach
Myna worked with the client to understand their business, in-scope regulations, risk appetite and use of Personal Data. Through a series of workshops and reviewing documentation we assessed the privacy program against the NIST Privacy Framework and additionally reviewed current maturity level of their existing controls.
This included:
- Identification of applicable privacy regulations and requirements for compliance;
- Development of a Control Framework to assess their program against;
- Undertaking an assessment of the current privacy program;
- Evaluating the maturity of the current program using the Capability Maturity Model Integration Framework (CMMI); and
- Identifying gaps, opportunities to enhance the maturity of the program and providing documentation to support decisions to determine the maturity level that best meets the client’s needs.
Program Outcomes
- A Privacy Program Assessment Framework was created, validated and accepted by the client.
- An executive Summary was provided of our findings and recommendations.
- A detailed final report providing identified gaps (risk rated), quick wins, and estimated effort levels to address each gap.
- A Maturity Assessment for each Category of the assessment Framework, with supporting documentation for decisions to determine the best level to meet the client’s needs.
- Strategic Roadmap to support the implementation efforts and resources needed to address the findings and recommendations.