| | DECEMBER 201919CIOReviewConvergent Risks A Holistic Approach to Privacy and Data Protection ComplianceCompliance will continue to be a process that evolves over time and requires an ongoing commitmentlawyers, cloud and application security consultants, qualified auditors and seasoned risk and cybersecurity professionals, Convergent is trusted by some of the world's largest organisations to handle their most sensitive content and data protection issues and cover all aspects of PII, Privacy and GDPR best practice compliance. The team draws on its extensive experience in developing and managing secure information asset workflows from both an enterprise and a third-party perspective to empower clients with privacy and cybersecurity best-practice solutions. The company helps clients operationalise their day-to-day data protection activities, securely migrate data from on-prem to on cloud, prepare for, and respond to the emerging reality of personal data breaches and efficiently manage its vendor supply chain, saving on time and budget. Convergent offers the proper mix of guidance, support, and oversight to ensure privacy compliance when processing is conducted outside of the organisation through the implementation of its Privacy Control Framework. Iyayi explains, "The controls provide a structure for managing and processing personal data as well as securing the physical and logical environments where such assets are stored, accessed or processed. This helps to build a greater internal understanding of the information being shared and the risk exposure, enabling organisations to prioritise further compliance efforts." "In some cases, we have implemented an ongoing programme of compliance for personal data and combined it with existing information security compliance as a number of controls tend to be common," Johnson adds.An assessment against Convergent's Privacy Control Framework includes analysis of a detailed vendor questionnaire mapped to the framework and review of contracts, policies, and other relevant documentation. Where relevant, Convergent also carry out a site visit to validate responses provided and conduct interviews with third-party personnel. The end product being a user-friendly report documenting the findings and any correction plans. Johnson explains, "The amount of time and resources required for a vendor audit depends in large part on the risks that a third-party may pose within the organisation. Entrusting this process to a specialist such as Convergent can provide both peace of mind as well as cost and operational efficiencies." He continues to emphasise that while privacy incidents continue to make headline news and result in substantial fines and reputational damage, organisations must adopt appropriate preventative physical and logical security measures, besides compliant policies. Companies should regularly test policies, processes, and systems against real-life threat scenarios. "By complying with a robust privacy control framework, our clients can clearly demonstrate that it takes data privacy seriously and is managing it within industry best practice. Carrying out such an exercise provides a practical and relatively inexpensive way to identify and manage risks to personal data, whilst supporting regulatory compliance with data protection legislation, enhancing customer loyalty and protecting your reputation," informs Johnson.Given the robust features and methodologies, Convergent's Privacy Control Framework is already creating ripples in the market. Iyayi illustrates, "Backed by Convergent, organisations of any size or structure can utilise the GDPR controller, GDPR processor or CCPA control frameworks as applicable, to demonstrate it meets the requirements of the relevant legislation to stakeholders and customers alike." Apart from its uniquely experienced global multidisciplinary team, the uniqueness of Convergent also stems from its ability to support clients in related areas such as penetration testing, preparatory security assessments, remediation, secure workflow strategy, and training. "We also make use of appropriate technology as far as possible to streamline our administrative processes, which enables us to pass on cost savings to our clients," adds Johnson.Convergent is further enhancing its service with the introduction of its web-based application in the coming months, a compliance tool that enables clients to manage large-scale assessments against relevant privacy and security control frameworks. The app allows users to access helpful guidance and implementation materials and download templates and policies from the platform. To evaluate the security systems, the app will also enable penetration testing and vulnerability scanning, thereby offering a holistic tool toward privacy and cybersecurity compliance. Stephanie Iyayi
< Page 9 | Page 11 >