BS ISO IEC 29190:2015 pdf free download – Information technology – Security techniques – Privac ty capability assessment model
A capability assessment model typically involves the following aspects:
a) Capability Levels: a layered framework providing a progression to the discipline needed to engage in continuous improvement.It is important to note that an organization needs to develop the abilityto assess the impact of a new practice, technology or tool on their business activities. Hence it is nota matter of adopting these rather it is a matter of determining how innovative efforts influenceexisting practices. This empowers projects,teams, and organizations by giving them the foundation to supportreasoned choice.
b) Key Process Areas: this identifies a cluster of related activities which, when performed collectively, achieve a set of goals considered important.
c)Goals: the goals of a key process area summarize the states that need to exist for each key process area to have been implemented in an effective and lasting way.The extent to which the goals havebeen accomplished is an indicator how well the organization has established that capability level.The goals signify the scope, boundaries and intent of each key process area.
d)Common Features: common features include practices that implement and institutionalize a key process area. Common features are frequently defined as: Commitment to Perform; Ability to Perform; ActivitiesPerformed,Measurement and Analysis,and Verifying Implementation.
e) Key Practices: the key practices describe the elements of infrastructure and practice that contribute most effectively to the implementation and institutionalization of the key process areas. The objective of this International Standard is to provide guidance to organizations on assessinghow mature they are with respect to compliance with privacy and data protection legislation andrelevant good practice. This international Standard focusses on assessing those activities thatorganizations should carry out in order to demonstrate such compliance.
This capability scale provides a layered framework to advance the disciplines needed to engage incontinuous improvement. This empowers projects,teams, and organizations by giving them thefoundation to support reasoned choice. With profiling, the model can be used to assess an organization’s capability with respect to, for instance,protecting PlI as required by relevant national regulatory laws.
A capability model can also be used as a benchmark for comparing different organizations once thereis a common model that can be used as a basis for comparison.For the purposes of this InternationalStandard, the basis for comparison is the organizations’ processes for handling Pll in a mannercompliant with national regulatory laws and relevant good practice. There is benefit in including this capability scale, as it is of more use (to the corporate executiveresponsible) than some of the more detailed analysis and audit results which one could expect fromassessment at the “key performance indicator” level (see Annex A).