Personal Information Assessment and Safeguards
Ingenuity Personal Information Safeguard Assessment and Guidance Services
Is your company keeping information secure?
Are you taking steps to protect personal and other sensitive information in your organization? While it is just good business to protect sensitive information, you have a fiduciary and ethical responsibility and, depending on your industry and location, a regulatory responsibility as well, such as Sarbanes-Oxley, Gramm-Leach-Bliley, HIPPA, or any number of state specific Identify Theft Protection Acts.
Identity Theft is a crime in which an intruder or imposter obtains key pieces of personal information such as Social Security numbers, credit card number, name or driver's license numbers and uses them for their own personal gain. It can start with lost or stolen hardcopy or softcopy documents, lost or stolen laptops or backup media, a data breach on a server, computer virus, phishing, a scam, or paper documents inappropriately disposed of. This crime varies widely, and can include check fraud, credit card fraud, financial identity theft, criminal identity theft, governmental identity theft, and identity fraud. |
|
Sensitive information is important in the normal day to day processing of most businesses, such as payroll, online ecommerce, human resource, product development and any number of business functions that are critical to your public, private or government business. Regardless of your industry and how you use this information, your organization has a responsibility to develop an organization-wide security program that is vigilant in protecting sensitive information.
Ingenuity advises customers in developing a sound data security program plan. One that is built on seven key principles: Know, Keep, Protect, Dispose, Respond, Plan and Educate
- Know what personal information you have in your files and on your computers.
- Keep only what you need for your business.
- Protect the information in your care.
- Properly dispose of what you no longer need.
- Create a plan to respond to security incidents.
- Plan by developing a security program, security responsibilities and related policies, procedures and guidelines.
- Educate the work force by conducting comprehensive and routine security awareness training.
Ingenuity has significant experience helping organizations determine their level of compliance with regulations governing the protection of personal information—and providing expert advice on how to improve safeguards and develop a robust security program to provide a framework for protecting an organization's information assets.
Our Personal Information Safeguard Assessment and Guidance Service can be tailored to your needs:
- Assess the use, sources, storage and transmission of Personal Information in the organization—build a personal information catalog
- Assess how Personal Information is currently protected (safeguards)
- Conduct a gap analysis, evaluating current safeguards against proper and best practice administrative, physical and technical safeguards
- Perform a risk analysis that identifies the threats, vulnerabilities, probabilities and business impact
- Develop policies and procedures for guiding a security program focused on protecting sensitive information
- Develop specific recommendations for protecting Personal Information to fill the identified gaps and address risks
- Develop an Identity Theft and personal information protection awareness training program
Please contact us today to discuss your organization's needs, evaluate our capabilities, obtain project case studies, get customer references or schedule an initial review.