Data Privacy Program Development
ScottMadden developed a program to protect mission-critical data and comply with federal and international regulations.
Regulatory Compliance
- Evaluated client’s practices against international and national control standards, including ISC, NIST, and GDPR
Detailed Security Guidance
- Created improved documentation for security programs and requirements
Talent Upskilling
- Used audience-specific training to inform employees of new policies, programs, tools, and responsibilities
Challenge
A specialized firm serving regulated utilities operates in locations subject to stringent privacy legislation (United States and Europe). The company was forced to revamp its data privacy program in its information security program to account for privacy requirements within its regulatory scope. Previous privacy program documentation only contained high-level guidance and needed a refresh.
Process
- Interviewed key stakeholders to understand what personally identifiable information was in scope
- Evaluated client’s current privacy practices against best practices and international and national control standards (e.g., ISO, NIST, GDPR)
- Conducted workshops with key stakeholders to validate privacy controls that the organization needs to implement to meet regulatory requirements
- Updated the data privacy program and cyber incident response plan to reflect necessary privacy controls
- Backlogged aspirational privacy requirements to be incorporated into future iterations of the program
- Developed audience-specific awareness training to inform employees of new policies, programs, and responsibilities
- Developed executive communications to inform leadership of changes to the program
Result
- An updated enterprise privacy standard and cyber incident response plan aligned with the organization’s objectives
- Data Privacy program development and implementation plan that reflects the impacts of the program implementation
Related Insights
Achieving Security Program Alignment with the NIST Cybersecurity Framework
Case Study
ScottMadden partnered with a large energy provider to align its security program with the NIST Cybersecurity Framework (CSF).
Cybersecurity Operational Technology Program Development
Case Study
A large electric and gas utility’s enterprise IT cybersecurity group initiated the IT-OT program to address the increasing threat of cyber attacks against OT found in the operating environment.
NERC Audit Support
Case Study
An electric utility was preparing for a NERC CIP and O&P audit to take place within the next six months. The utility started to prepare for the audit…
Let’s Work Together
We don’t solve problems with canned methodologies. We help you solve the right problem in the right way. Our experience ensures that the solution works for you.