NIST Privacy Framework

Assessments and GAP Analysis

Third party assessments help an organization gauge how they are doing and what they can be doing better. Many companies, leveraging the reputation of NIST,  want an assessment against the Privacy Framework. But the framework is not a conformance standard, as many people mistakenly believe.

Types of Assessments

NIST Privacy Framework Implementation

… has attempted to implement the framework as a basis for privacy, but not sure how well you followed it.

How consistent is my implementation with the methodology of privacy framework?

High level review and analysis of your framework implementation, which components you have implemented and recommendations for better implementation. 

Privacy Program Alignment

 … has a privacy program but want to align it to the NIST Privacy Framework.

What does privacy at my company look like (organized using the framework Core)? 

Current Profile – A detailed list your programs current activities and substantive components framed in the Functions, Categories and Subcategories in the Core.

Privacy Improvement

… has a privacy program but need to know what you should be doing.

Where do we want to be?

Target Profile – Based on your privacy values, business objectives and compliance obligations, we help you identify activities and substantive components that you should be doing. 

GAP Analysis and Roadmap

 … knows where you’re going but you need help on how to get there.

How do we get there? 

Delta between Current and Target Profiles (note you must have a current and target profile first).
Prioritized road map to get from your current state to future state, usually over 1, 3 or 5 years.

Maturity Assessment

… a privacy program but want it to be more consistent and resilient.

How can we make privacy more resilient to staffing changes? 

A review of your current program maturity and suggested improvements to match or best your industry peers. 

Need Help Finding the Right One For You?

All of our assessments are offered at three levels of detail, so you can determine the best size and fit for your organization and budget:

  1. Our first tier, the Functional Level, we look at the five high level functions (Identify, Govern, Control, Communicate and Protect) and organize our assessment based on these. This is ideally suited for small to medium sized organization, though larger ones may find it advantageous as a simple starting point. 
  2. For medium to large companies with a limited budget, we conduct an assessment based on the 18 Categories in the framework Core. This is our Categorical Level
  3. Finally, enterprises and multi-national corporations may want to take advantage of our Outcome Level assessments, to go deeper into the 100+* outcomes in the privacy framework Core, giving you the most comprehensive and detailed analysis possible. 

Schedule a call today to discuss which assessment is best for you! 

*While there are 100 subcategories in the framework Core, many subcategories include multiple outcomes to which an organization can aspire to achieve.

Schedule a Consultation

Privacy should always be a guarantee… together we can make it so! Your contact information will only be used to discuss potential services with you.