A global financial management software service was looking for support to assess their current privacy program against a recognized privacy framework.
To understand their privacy program and identify any gaps in compliance levels across the organization, the client asked Myna to assess their program, identify gaps and risks as well as evaluate the level of maturity each control had when aligned against a recognized Privacy Maturity Model.
our approach
Myna worked with the client to understand their business, in-scope regulations, risk appetite, and use of personal data. Through a series of workshops and documentation reviews, we assessed the privacy program against the NIST Privacy Framework, while also reviewing the current maturity level of their existing controls.
This included:
- Identifying applicable privacy regulations and compliance requirements
- Developing a control framework to assess their program against
- Undertaking an assessment of the current privacy program
- Evaluating the maturity of the current program using the Capability Maturity Model (CMMI)
- Identifying gaps and opportunities to enhance the maturity of the program and providing documentation to support decisions to determine the maturity level that best meets the client’s needs
Program Outcomes
- Privacy Program Assessment Framework was created, validated, and accepted by the client
- Executive Summary was provided, outlining our findings and recommendations
- Detailed final report was delivered, identifying gaps (with risk ratings), quick wins, and estimated effort levels to address each gap
- Maturity Assessment for each category, with supporting documentation to help determine the best maturity level to meet the client’s needs
- Strategic roadmap was provided to help with the implementation efforts that address the findings
