Justifying Additional Privacy Program Funding

Privacy Program

A global financial management software service was looking for support to assess their current privacy program against a recognized privacy framework, to enable the support or continued maturity of the Program and the associated Controls.​

The client asked Myna to undertake an assessment of their program, identify gaps and risks, and identify the level of maturity each control had when aligned against a recognized Privacy Maturity Model. As a multinational organization the assessment had to align to multiple jurisdictions and support their current Privacy Operating Model. ​

our approach

Myna worked with the client to understand their business, in-scope regulations, risk appetite and use of Personal Data. Through a series of workshops and reviewing documentation we assessed the privacy program against the NIST Privacy Framework and additionally reviewed current maturity level of their existing controls.

This included:​

  • Identification of applicable privacy regulations and requirements for compliance;​
  • Development of a Control Framework to assess their program against;​
  • Undertaking an assessment of the current privacy program;​
  • Evaluating the maturity of the current program using the Capability Maturity Model Integration Framework (CMMI); and​
  • Identifying gaps, opportunities to enhance the maturity of the program and providing documentation to support decisions to determine the maturity level that best meets the client’s needs.​

Program Outcomes

  • A Privacy Program Assessment Framework was created, validated and accepted by the client.​
  • An executive Summary was provided of our findings and recommendations.​
  • A detailed final report providing identified gaps (risk rated), quick wins, and estimated effort levels to address each gap.​
  • A Maturity Assessment for each Category of the assessment Framework, with supporting documentation for decisions to determine the best level to meet the client’s needs.​
  • Strategic Roadmap to support the implementation efforts and resources needed to address the findings and recommendations.​