Safe Harbor Consulting Overview
We provide Safe Harbor consulting and implementation support. This includes understanding business/information context, scope, risk assessment, logical and physical boundary scoping, detail recommendations, policy/documentation support, training, coaching team/staff, coaching privacy officers, security dashboard for top management, internal audit, and management review leading to successful compliance.
What is the approach for successful implementation?
There are primarily five phases, and in each phase there can be several sub-phases:
Phase I – Scope determination
that part of the organisation/network which needs to be covered which needs control prioritization.
Phase II – Asset identification/Risk Assessment/Gap Analysis
risk assessment is key to determine the scope of infrastructure and the requirement for controls. This phase results in identification of each gap.
Phase III - Implementation
through definition of policy/procedure/documentation and relevant people/process/technology records.
Phase IV – Internal Audit
is the process of verifying successful implementation, on one hand, and the inclusion of security principle in business lifecycle on the other.
Phase V – Safe Harbor certification
Total duration of each milestone can vary depending upon the complexity of the organisation. Talk or write to us at firstname.lastname@example.org to know how we can take you through a successful journey.
Organizations must notify individuals about the purposes for which they collect and use information about them.
Organizations must give individuals the opportunity to choose (opt in and opt out) whether their personal information will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual.
Onward Transfer (Transfers to Third Parties)
To disclose information to a third party, organizations must apply the notice and choice principles.
Individuals must have access to personal information about them that an organization holds and be able to correct, amend, or delete that information where it is inaccurate.
Organizations must take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
An organization should take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.
Readily available and affordable independent recourse mechanisms so that each individual's complaints and disputes can be investigated and resolved and damages awarded where the applicable law or private sector initiatives so provide;