It is not uncommon for some clients to need assistance documenting data flows as part of the assessment process. We have extensive experience in creating data flows/maps for clients that need a more thorough understanding of their information lifecycles.
One size does not fit all when it comes to implementing solutions for a client—at Navigate we understand that what works for one company may not work for another. A company’s size, industry, resources, relative maturity and culture all factor in to what we recommend and develop for a client.
An assessment generally results in findings and recommendations that essentially defines “what” needs to be accomplished to achieve compliance or meet improvement goals. The next step is to define “how” the recommendations can be implemented. Creating a program and project plan requires thoughtful consideration of the various alternatives for implementing a recommendation that will close a compliance gap or improve the current state in the most efficient and cost-effective manner and with minimal disruption to the business.
Individual projects must also work in unison with the current business environment. We focus not just on individual projects but ensure a program plan is constructed as well to deliver results that provide the overall desired end state for the organization. We have extensive experience creating actionable project plans for clients. For some clients, we also serve as the overall program manager for execution of the project plans to help ensure tasks and projects are completed on-time and on-budget, status is periodically reported to ensure accountability, and any execution issues are promptly identified and addressed.
Some clients need assistance in performing certain operational tasks such as completing or reviewing privacy impact assessments (PIAs), data protection impact assessments (DPIAs), reviewing security/privacy questionnaires submitted by vendors, and being a subject matter expert resource for business representatives. We can provide privacy operations support services and can also coach internal resources to help build internal capabilities.
Organizations that develop the most effective privacy programs have a multi-year roadmap that describes the initiatives (e.g., role-based training) to be completed in a specific year, including the resources who will part of the effort and the resources required. A roadmap not only helps ensure focus and clear purpose, it is a valuable tool for resource planning and budgeting. We can assist in preparing a roadmap for any time period desired.
Presentations to the Board of Directors, Audit Committee and Executives are high stakes events that require thoughtful preparation. We can assist in preparing presentation materials and speaking points, help you anticipate and prepare for the likely and “loaded” questions, to ensure that you are prepared to deliver an impressive presentation.
While Navigate is not a law firm and does not perform legal analysis or provide legal advice, we monitor global privacy and cybersecurity legislative developments and offer a monthly legislative brief. The brief provides a single source to stay apprised of global information protection and privacy legislative developments.
Every state in the U.S., the EU, Canada and other international markets, have laws dictating what you must do if certain personal information, including the information you’ve entrusted to outsourced vendors, is subject to unauthorized access or use. These laws are similar but not the same and have far reaching consequences, creating a complex—and often confusing – legal patchwork. Navigate works with clients to develop an incident response plan designed to ensure your organization is prepared to meet its legal obligations, while minimizing damage to brand reputation.
Navigate works with clients to create or review their incident response plan, and facilitate practice walkthroughs of the plan (table-top tests).
When a data breach occurs, a fast, well-executed response is critical to minimize the damage. If a client does not have an incident response plan, has never been through a “live” data breach response, or just needs response assistance, Navigate can bring the required experience to efficiently and effectively manage your response in a manner that is defensible to regulators, and provides you with an opportunity to limit expenses incurred as well as reputational damage.