Assessments

Whatever the reason for needing an assessment, Navigate works closely with clients to provide an assessment that specifically meets their needs. Through on-site and remote interviews, document reviews, observation and testing we get to know each client, their industry, company, and culture so assessment results and recommendations are specific, actionable and value added.

We regularly perform assessments against the following frameworks:

  • Generally Accepted Privacy Principles (GAPP)
  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • EU-U.S. Privacy Shield
  • Asia Pacific Economic Cooperation Cross Border Privacy Rules (APEC CBPR)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • ISO 27001/27002 Security Framework
  • NIST Guidance

It is not uncommon for some clients to need assistance documenting data flows as part of the assessment process. We have extensive experience in creating data flows/maps for clients that need a more thorough understanding of their information lifecycles.

Improvements

One size does not fit all when it comes to implementing solutions for a client—at Navigate we understand that what works for one company may not work for another. A company’s size, industry, resources, relative maturity and culture all factor in to what we recommend and develop for a client.

We regularly work with our clients to design, create, and implement improvements in areas such as:

  • Policy and Procedure Development
  • Training and Awareness
  • Risk Management
  • Information and Privacy Governance
  • Privacy by Design
  • Vendor Management
  • Ongoing Monitoring

Improvement Planning and Management

An assessment generally results in findings and recommendations that essentially defines “what” needs to be accomplished to achieve compliance or meet improvement goals. The next step is to define “how” the recommendations can be implemented. Creating a program and project plan requires thoughtful consideration of the various alternatives for implementing a recommendation that will close a compliance gap or improve the current state in the most efficient and cost-effective manner and with minimal disruption to the business.

Individual projects must also work in unison with the current business environment. We focus not just on individual projects but ensure a program plan is constructed as well to deliver results that provide the overall desired end state for the organization. We have extensive experience creating actionable project plans for clients. For some clients, we also serve as the overall program manager for execution of the project plans to help ensure tasks and projects are completed on-time and on-budget, status is periodically reported to ensure accountability, and any execution issues are promptly identified and addressed.

Operational Support

Some clients need assistance in performing certain operational tasks such as completing or reviewing privacy impact assessments (PIAs), data protection impact assessments (DPIAs), reviewing security/privacy questionnaires submitted by vendors, and being a subject matter expert resource for business representatives.  We can provide privacy operations support services and can also coach internal resources to help build internal capabilities.

Privacy Program Roadmap

Organizations that develop the most effective privacy programs have a multi-year roadmap that describes the initiatives (e.g., role-based training) to be completed in a specific year, including the resources who will part of the effort and the resources required. A roadmap not only helps ensure focus and clear purpose, it is a valuable tool for resource planning and budgeting. We can assist in preparing a roadmap for any time period desired.

Board Presentations

Presentations to the Board of Directors, Audit Committee and Executives are high stakes events that require thoughtful preparation. We can assist in preparing presentation materials and speaking points, help you anticipate and prepare for the likely and “loaded” questions, to ensure that you are prepared to deliver an impressive presentation.

Legislative Monitoring

While Navigate is not a law firm and does not perform legal analysis or provide legal advice, we monitor global privacy and cybersecurity legislative developments and offer a monthly legislative brief. The brief provides a single source to stay apprised of global information protection and privacy legislative developments.

Incident Response Planning

Every state in the U.S., the EU, Canada and other international markets, have laws dictating what you must do if certain personal information, including the information you’ve entrusted to outsourced vendors, is subject to unauthorized access or use. These laws are similar but not the same and have far reaching consequences, creating a complex—and often confusing – legal patchwork. Navigate works with clients to develop an incident response plan designed to ensure your organization is prepared to meet its legal obligations, while minimizing damage to brand reputation.

Elements typically addressed in an incident response plan include:

  • An identified incident response team;
  • Investigative plan to determine the root cause and extent of data loss and ensure the loss is stopped;
  • Templates for notification letters that may be required for affected individuals as well as appropriate legal authorities;
  • Q&A documents for call center staff so that questions from affected individuals are answered with a “single voice”;
  • Media response plan, including press releases, spokesperson preparation;
  • Q&A training; and
  • Identification and engagement of third-party service providers (such as forensic resources, printers, mail houses, outside legal counsel and credit monitoring service companies) to help your organization deliver on the steps in your response plan quickly.

Navigate works with clients to create or review their incident response plan, and facilitate practice walkthroughs of the plan (table-top tests).

Incident Response Execution & Management

When a data breach occurs, a fast, well-executed response is critical to minimize the damage. If a client does not have an incident response plan, has never been through a “live” data breach response, or just needs response assistance, Navigate can bring the required experience to efficiently and effectively manage your response in a manner that is defensible to regulators, and provides you with an opportunity to limit expenses incurred as well as reputational damage.

Contact

We would be delighted to discuss your needs and how we can be of assistance. You can contact us at info@navigatellc.net or
888-284-7309.

Copyright © 2009-2019 Navigate LLC