Privacy Impact Assessment
Information Technology (IT) is now an integral part of service delivery in all aspects of today's networked e-business and e-government economy. The Information Management and IT functions have come under increased scrutiny by senior managers and external auditors. Almost all aspects of delivering services in a networked environment are made more complex by a plethora of interdependent legal and regulatory requirements related to security and privacy. Our clients need to identify and articulate the policies that underpin business processes supported by the IT architecture.
The International Security Trust Privacy Alliance (ISTPA) produced a Privacy Framework that bridges the gap between the legal, regulatory and privacy principles and the IT architects that need to design and build the supporting IT infrastructure. The ISTPA Framework defines seven security services and three capabilities intended to support the implementation of fair information practices that are generally accepted within the international privacy community and defined in international legislation and regulations.
Intertek EWA-Canada has recognized the need to have a common approach that ensures privacy and security issues are identified and considered at every stage in the life cycle of systems and data. Intertek EWA-Canada is involved with both the International Systems Security Engineering Association (ISSEA) and International Security Trust & Privacy Alliance ( ISTPA) and through these organizations, has agreed to collaborate in the development of an initial series of high level foundation documents. These foundation documents form the basis for our approach to not just PIA's but to security reviews in general.
Our approach provides a security engineering perspective of the "privacy services and capabilities" and demonstrates:
- how the systems security engineering base practices defined by the SSE-CMM can be used to develop, deliver and operate a system to comply with all relevant policies; and
- how the resulting system architecture can be assessed to provide assurance that both security and privacy requirements have been met.
Knowledge Center
- Cybersecurity Awareness Training Fact Sheet
- Common Criteria Certification Process Fact Sheet
- FIPS 140-3 Process and Service Offerings Fact Sheet
- 5G Technology Assurance Solution Fact Sheet
- Cyber Security Risk in a Mass Remote Working Environment Webinar
- Intertek Cyber Assured Fact Sheet
- Consumer Product Focused Cyber Security Test and Certification Program
- PCI PIN Transaction Security (PTS) Cyber Security Fact Sheet
- Cyber Security Assurance Overview
- ANSI/UL 2900 Cyber Security Assessments Fact Sheet
- Software Assurance Overview
- Network Certification Guides
- Guide to PTCRB Certification
- Guide to Verizon ODI Process
Upcoming Events
Connected World Complimentary Webinars
