Chapter 7 - Sustain Flashcards
What characteristics should metrics contain
They should be simple, quantifiable and easy to use with correlation to business performance and operational goals
Define the characteristics of a metric measurement system
Easy to understand, repeatable and reflective of relevant indicators to the business
How do metrics help a business achieve its objectives
- Facilitate conversations with leaders and non privacy professionals
- Eliminate terminology and jargon by being simple
- Consider but not be based on certain technologies
- Matures privacy programs
According to a 2020 IAPP survey what are the most popularly used metrics?
- None (20 pct)
- Incident response metrics (58 pct)
- Pia/dpia (57)
- Training and awareness metrics (56)
- DSAR (56)
What are differences between trend analysis and cyclical component analysis and irregular component
Trend attempts to spot a patters in the period over a period whereas cyclical focuses on regular fluctuations (ie complaints made after rolling out training) and irregular component focuses on what is left over when other components are removed (noise analysis)
What are the 5 levels of of the PMM (privacy maturity model)
Ad hoc (nothing formal)
Repeatable (formal but incomplete and not implemented)
Defined (formal and implemented)
Managed (reviews are conducted)
Optimised (regular review and feedback)
What does section 39 of gdpr stipulate?
Monitoring responsibilities of the DPO
What are the different types of monitoring?
- Compliance monitoring (ie audits to monitor compliance)
- Regulation monitoring (ie Afriwise)
- Environment monitoring (monitor internal and external environment for threats)
- Training monitoring
What are the different forms of monitoring?
- Tools monitoring
- Audits
- Breaches
- Complaints
- Breaches
- Data retention
- Controls
- HR
- Vendors
What are the 4 common approaches to compliance monitoring?
- Self monitoring
- Audit management
- Security and system management
- Risk management
What is the difference between an audit and an assessment?
An audit is evidence based
What events may trigger an audit?
- Periodic assurance that is evidence based
- In response to change
- In response to events : breaches
- If required by a regulator
- As a result of a risk assessment
What are the 5 stages of an audit?
- Plan
- Prepared
- Audit
- Report
- Follow up
What are the three forms of audit
- First party (support self certifications)
- Second party (ie we audit a supplier)
- Third party (ie independent)