It pays to be prepared.

Align Your Program With the NIST Privacy Framework ​

In February 2014, the National Institute of Standards and Technology (NIST) released the NIST Cybersecurity Framework, providing a detailed, voluntary structure against which an organization’s cybersecurity program can be measured.

Following its success and wide adoption, the NIST Privacy Framework was released in January 2020. Similar to its cybersecurity counterpart, the Privacy Framework assists organizations to reliably assess the robustness of their privacy program.

Your NIST Privacy Framework Consultants

Few other consultants have the requisite knowledge and skill to properly apply the framework. Enterprivacy Consulting Group’s R. Jason Cronk has been intimately involved in the framework’s development: 

  • Instrumental in the initial drafting, participating stakeholder workshops and providing copious comments on early drafts.
  • Worked with one of the early adopters to align their program to the framework even before final release.
  • Contributed the GDPR to NIST Privacy Framework crosswalk.
  • Active and frequent participant in the Privacy Workforce Working Group to define TKS (Task, Knowledge and Skill) statements for each outcome in the framework.

The Core of the Privacy Framework can best be analogized to a muffin pan. Just as a muffin pan determines the basic shape of whatever is poured into it, the Core provides the basic structure necessary to develop a thorough and effective privacy program. What you choose to pour into the muffin pan — whether you make cupcakes or cornbread, the particular recipe you follow, or how big of a batch you prepare — is up to you. In much the same way, how completely and how closely you adhere to the Core’s structure, and in what ways, is entirely up to you and your organization’s specific needs and objectives. No matter what you choose, we’re here to assist you.

Using the industry standard NIST Privacy Framework, we can help you!

Bring a Modern Privacy Program to Life

Whether your organization is just starting the process of building a privacy program or you’re looking to energize and modernize your existing program, we can guide you.

Privacy values are the driver of any successful privacy program, and no one size fits all. Relying on established privacy norms, we will help you identify the values that reflect your organization’s missions and objectives — the result of this process will drive your Target Profile, your goal for the coming years. Next, we’ll work up your Current Profile, which reflects an assessment of your organization’s privacy program as it stands right now.

After we’ve drawn up both Profiles, we’ll take your Target Profile and walk it through the Privacy Framework Core, identifying what specific actions need to be taken to resolve the gap between your Current and Target Profiles. Then we’ll make a plan to bridge that gap.

Determine Your Current Privacy Program's Maturity Level​

Your organization’s privacy program may appear to have all the components it needs, but how well is it actually performing? The answer comes down to its maturity level – essentially, the degree to which its privacy practices are clearly articulated and managed.

When measuring a privacy program’s maturity, two models are particularly well-regarded: one from  AICPA/CICA’s Generally Accepted Privacy Principles (GAPP) and other from the MITRE Corporation, both of which include five levels of maturity and are based on the 1986 Capability Maturity Model (CMM). Rather than measuring privacy maturity, the CMM measures maturity in the software development context. The CMM’s success and wide acceptance inspired the GAPP and MITRE maturity models, which apply its same basic model to privacy program maturity . 

Relying primarily on MITRE, we can assess your organization’s privacy maturity against the NIST Privacy Framework to give you a clearer idea as to not only how well your organization is doing but also how to fix what isn’t optimal.

Schedule a Consultation

Privacy should always be a guarantee… together we can make it so! Your contact information will only be used to discuss potential services with you.

Learn Everything You Need With Our Curated Training ​

We delve into key concepts, frameworks, and practical applications to enhance participants’ understanding of privacy risk management. Our expert-led courses ensure a deep dive into the intricacies of the NIST Privacy Framework, empowering professionals to implement effective privacy practices within their organizations. Elevate your privacy expertise with our multi-step NIST Privacy Framework training program and stay ahead in the ever-evolving landscape of privacy and data protection.