NIST Privacy Framework
Implementation
Implementation of the NIST Privacy Framework can be challenging. If you’re just beginning your journey, we recommend first you head over to our training website. We offer the most comprehensive training in the world on the NIST Privacy Framework. From introductory online courses to intensives and practicums, we can even customize training to your team if you need it. If you’re just looking for a helping hand and subject matter expert, then consider our Strategic Consulting. There we can offer you hourly consulting engagements with suggestions and recommendations. However, if you want to go to the next level and get full blown implementation assistance, look no further!
5 Steps to Success
Begin with the End in Mind
The NIST Privacy Framework is a tool for managing risk. In order to manage risk, you must first understand risk. This first step entails understanding the business, its operations, the clients, customers, vendors, partners and others it interacts with and most importantly, what it values and, in some cases, doesn’t value. Consistent with the Implementation Tiers in the framework, this can be done at different levels of detail and care, whether its more intuitive (“Partial”) or deliberative and systematic (“Optimized”).
1
Develop Your Target Profile
With your mission, business objectives and company values in mind, the next step is to decide what you need to do (from a privacy perspective) to achieve those objectives and live those values. This will directly impact what you need to do for your privacy program. Operating at the Function, Category or Outcome level, we help you identify the procedural steps and substantive components of your desired Target Profile.
2
Find Your Current State
Assuming your not starting from a blank slate, you may have some processes in place already. What are they? How do they fit in the privacy framework? Aligning your current work to the framework Functions, Categories or outcomes will help you get quick wins for the things you’re already doing successfully.
3
Bridge the Gap
You’re never where you want to be. The purpose of a gap analysis is to find the delta between your current state and where you need to be to address privacy risks. For each of the Functions, Categories or outcomes, you need to know how big the gap is before you can hope to get from point A to point B.
4
Roadmap to Success
Bridging the gap is the penultimate step to success. The ultimate step is to cross that bridge. Developing a roadmap, a step-by-step instruction prioritized instruction guide will help you take one step at a time until you cross the finish line. Note that implementation of the roadmap requires another step and one we don’t normally handle, but will discuss on a case by case basis. In other words, we’ll tell you what policies, procedures, processes and system changes you need, how you should prioritize them, what resources and timeframe but your organization is tasked with budgeting resources and actually implementing the roadmap.
5
Offerings
Facilitated Implementation
Our lowest tier of implementation assistance, we will give you templates, homework assignments and set up progress reports to ensure you’re moving along to implement the NIST Privacy Framework. The bulk of the work is on you and your staff, but we provide all the tools and knowledge to ensure your success.
White Glove Treatment
If you’re short staffed, we can help too. Let us do the heavy lifting. From research, to interviewing staff, to writing and project management, we handle everything you need to give you a blue print to success.
Standard Offer or Custom Engagement
We’ve done enough of these to know the ropes and can help you guide your company to improving privacy at your organization. If you think your company needs a more customized engagement, we offer scoping engagements and can craft a customized proposal for you.
Schedule a Consultation
Privacy should always be a guarantee… together we can make it so! Your contact information will only be used to discuss potential services with you.