Engagement with privacy and security within organizations has not kept pace with the increasing demands from regulations. As a result, organizations often find themselves saying they support privacy and security engagement but struggling to create behavioral changes in their staff.
However, with new privacy and security requirements proliferating globally, we can’t help but wonder how much longer we can carry on with this approach.
To truly take hold, privacy and security engagement must be supported by senior leadership, aligned with business objectives, and embedded within each of the organization’s operating groups and teams.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use the charter template to document the primary outcomes and objectives for the privacy and security engagement program within the organization and map the organizational structure to each of the respective roles to help develop a culture of privacy and security.
This tool maps business objectives and key strategic goals to privacy and security objectives and attributes identified as a part of the overall engagement program. Leverage the alignment tool to ensure your organizational groups are mapped to their corresponding enablers and supporting metrics.
This document maps out the organization’s continued efforts in ensuring employees are engaged with privacy and security principles, promoting a strong culture of privacy and security. Use the playbook to document and present the organization’s custom plan for privacy and security culture.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand the current privacy and security landscape in the organization.
Targeted set of drivers from both a privacy and security perspective
1.1 Discuss key drivers for a privacy and security engagement program.
1.2 Identify privacy requirements and objectives.
1.3 Identify security requirements and objectives.
1.4 Review the business context.
Understanding of the role and requirements of privacy and security in the organization
Privacy drivers and objectives
Security drivers and objectives
Privacy and security engagement program objectives
Ensure that your privacy and security engagement program is positioned to obtain the buy-in it needs through business alignment.
Direct mappings between a culture of privacy and security and the organization’s strategic and business objectives
2.1 Review the IT/InfoSec strategy with IT and the InfoSec team and map to business objectives.
2.2 Review the privacy program and privacy strategic direction with the Privacy/Legal/Compliance team and map to business objectives.
2.3 Define the four organizational groupings and map to the organization’s structure.
Privacy and security objectives mapped to business strategic goals
Mapped organizational structure to Info-Tech’s organizational groups
Framework for privacy and security engagement program
Initial mapping assessment within Privacy and Security Business Alignment Tool
Make your engagement plan tactical with a set of enablers mapped to each of the organizational groups and privacy and security objectives.
Measurable indicators through the use of targeted enablers that customize the organization’s approach to privacy and security culture
3.1 Define the privacy enablers.
3.2 Define the security enablers.
3.3 Map the privacy and security enablers to organizational structure.
3.4 Revise and complete Privacy and Security Business Alignment Tool inputs.
Completed Privacy and Security Engagement Charter.
Completed Privacy and Security Business Alignment Tool.
Ensure that metrics are established to report on what the business wants to see and what security and privacy teams have planned for.
End-to-end, comprehensive program that ensures continued employee engagement with privacy and security at all levels of the organization.
4.1 Segment KPIs and metrics based on categories or business, technical, and behavioral.
4.2 Select KPIs and metrics for tracking privacy and security engagement.
4.3 Assign ownership over KPI and metric tracking and monitoring.
4.4 Determine reporting cadence and monitoring.
KPIs and metrics identified at a business, technical, and behavioral level for employees for continued growth
Completed Privacy and Security Engagement Playbook