NIST Privacy Program Assessment for Global Financial Software

A global financial management software service was looking for support to assess their current privacy program against a recognized privacy framework.

To understand their privacy program and identify any gaps in compliance levels across the organization the client asked Myna to undertake an assessment of their program, identify gaps and risks, and identify the level of maturity each control had when aligned against a recognized Privacy Maturity Model.

our approach

Myna worked with the client to understand their business, in-scope regulations, risk appetite and use of Personal Data. Through a series of workshops and reviewing documentation we assessed the privacy program against the NIST Privacy Framework, and additionally reviewed current maturity level of their existing controls. This included:

  • Identification of applicable privacy regulations and requirements for compliance
  • Development of a Control Framework to assess their program against.
  • Undertaking an assessment of the current privacy program
  • Evaluating the maturity of the current program using the Capability Maturity Model (CMM)
  • Identifying gaps, opportunities to enhance the maturity of the program and providing documentation to support decisions to determine the maturity level that best meets the client’s needs

Program Outcomes

A Privacy Program Assessment Framework was created, validated and accepted by the client

An executive Summary was provided of our findings and recommendations

A detailed final report providing identified gaps (risk rated), quick wins, and estimated effort levels to address each gap.

A Maturity Assessment for each Category, with supporting documentation for decisions to determine the best level to meet the client’s needs

Strategic Roadmap to support the implementation efforts to address the findings.