PMRM Revision Discussion Slides Illustrations/Figures 1-3 o Model, Methodology, “Scope” options Functions, Mechanisms and “Solutions” Accountability and.

Slides:

Advertisements

Similar presentations

Module N° 4 – ICAO SSP framework

Advertisements

Privacy By Design Sample Use Case

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

Data Quality Considerations

Privacy By Design Draft Privacy Use Case Template

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

Environmental Management System (EMS)

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Pertemuan 16 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

First Practice - Information Security Management System Implementation and ISO Certification.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

© 2008 Prentice Hall11-1 Introduction to Project Management Chapter 11 Managing Project Execution Information Systems Project Management: A Process and.

Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Internal Auditing and Outsourcing

Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or

Project Human Resource Management

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.

OASIS PRIVACY MANAGEMENT REFERENCE MODEL EEMA European e-identity Management Conference Paris, June 2012 John Sabo, CA Technologies Co-Chair, OASIS.

AICT5 – eProject Project Planning for ICT. Process Centre receives Scenario Group Work Scenario on website in October Assessment Window Individual Work.

Introduction to Software Quality Assurance (SQA)

Ship Recycling Facility Management System IMO Guideline A.962

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Occupational Health and Safety

HIPAA COMPLIANCE WITH DELL

Confidential1 ISTPA Framework Project Combining Security and Privacy Throughout the Life Cycle of Personal Information MICHAEL WILLETT Wave Systems Chair:

Professional Certificate – Managing Public Accounts Committees Ian “Ren” Rennie.

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

Internal controls. Session objectives Define Internal Controls To understand components of Internal Controls, control environment and types of controls.

ITEC 3220M Using and Designing Database Systems

Roles and Responsibilities

TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.

Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.

Gershon Janssen 11 th October 2011 London Privacy Management Reference Model International Cloud Symposium 2011.

Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)

Presentation annotated by Gail Magnuson LLC with permission from Using Information Technologies to Empower and Transform.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

Lecture 11 Managing Project Execution. Project Execution The phase of a project in which work towards direct achievement of the project’s objectives and.

ISM 5316 Week 3 Learning Objectives You should be able to: u Define and list issues and steps in Project Integration u List and describe the components.

Overview Privacy Management Reference Model and Methodology (PMRM) John Sabo Co-Chair, PMRM TC.

10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.

Notes of Rational Related cyt. 2 Outline 3 Capturing business requirements using use cases Practical principles  Find the right boundaries for your.

Programme Performance Criteria. Regulatory Authority Objectives To identify criteria against which the status of each element of the regulatory programme.

Professional Certificate in Electoral Processes Understanding and Demonstrating Assessment Criteria Facilitator: Tony Cash.

QUALITY MANAGEMENT STATEMENT

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Confidential1 ISTPA Framework Project Combining Security and Privacy Throughout the Life Cycle of Personal Information MICHAEL WILLETT Wave Systems Chair:

S5: Internal controls. What is Internal Control Internal control is a process Internal control is a process Internal control is effected by people Internal.

1 Designing a Privacy Management System International Security Trust & Privacy Alliance.

1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.

Internal Auditing ISO 9001:2015

HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.

Castlebridge associates | | Castlebridge changing how people think about information How to Implement the.

Company LOGO. Company LOGO PE, PMP, PgMP, PME, MCT, PRINCE2 Practitioner.

Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.

Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Program Performance Criteria.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

1. Scope of Application 2. Use Case Actors Data Flows Touch Points Initial PI 3. PI - at Touch Points In Internal Out 4. PI - Operational Privacy Policies.

Administrative Data and Official Statistics Administrative Data and Official Statistics Principles and good practices Quality in Statistics: Administrative.

Accountability & Structured Privacy Management

GDPR - Individual’s Rights

Analysis of Privacy and Data Protection Laws and Directives

The General Data Protection Regulation: Are You Ready?

Engineering Processes

AICT5 – eProject Project Planning for ICT

What is IT audit? An examination of how IT systems where implemented to ensure that they meet the organization’s business needs without compromising.

Presentation transcript:

PMRM Revision Discussion Slides Illustrations/Figures 1-3 o Model, Methodology, “Scope” options Functions, Mechanisms and “Solutions” Accountability and Enforcement Proposed “Enforcement” Definition Use Case – revision? Relocation to Appendix? Glossary

Proposed New Figure 1 Language: “Landscape View of the PMRM Scope”

Original Figure 2: PMRM Methodology Graphic

3.2 - PI in Use Case Domains and Systems Incoming PI Outgoing PI Internally Generated PI 3/3.1 - Detailed Privacy Use Case Analysis Participants Systems and Business Processes Domains and Owners Roles and Responsibilities in Domains Touch Points Data Flows 2. Initial Use Case Description and Scope Use Case Description and Inventory Privacy Policy Conformance Criteria Initial PIA or Other Assessments Discussion Proposal: New PMRM PMA Methodology

7. – Initiate Iterative Process 6. - Risk and/or Compliance Assessment 5. - Mechanisms Supporting the Selected Services and Functions 4/4.1 - Services and Functions Needed to Implement Privacy Controls AgreementUsageValidation CertificationEnforcement SecurityInteractionAccess Required Privacy Controls Associated with PI InheritedInternalExported

PMRM Services

Possible Inclusion of “Accountability” in Enforcement Service

8 SERVICEFUNCTIONALITY INFORMAL DEFINITION AGREEMENTDefine and document permissions and rules for the handling of PI based on applicable policies, individual preferences, and other relevant factors; provide relevant Actors with a mechanism to negotiate or establish new permissions and rules; express the agreements for use by other Services Manage and negotiate permissions and rules USAGEEnsure that the use of PI complies with the terms of any applicable permission, policy, law or regulation, including PI subjected to information minimization, linking, integration, inference, transfer, derivation, aggregation, and anonymization over the lifecycle of the use case Control PI use VALIDATIONEvaluate and ensure the information quality of PI in terms of Accuracy, Completeness, Relevance, Timeliness and other relevant qualitative factors Check PI CERTIFICATIONValidate the credentials of any Actor, Domain, System or Subsystem, or system component involved in processing PI; verify compliance and trustworthiness of that Actor, Domain, System or Subsystem, or system component against defined policies Check credentials ENFORCEMENT [Accountability?] Initiate monitoring capabilities to ensure the effective operation of all Services. Initiate response actions, policy execution, and recourse when audit controls and monitoring indicate operational faults and failures. Record and report evidence of compliance and accountability to Stakeholders and/or regulators. Monitor and respond to audited exception conditions and demonstrate accountability on request SECURITYProvide the procedural and technical mechanisms necessary to ensure the confidentiality, integrity, and availability of personal information; make possible the trustworthy processing, communication, storage and disposition of privacy operations Safeguard privacy information and operations INTERACTIONProvide generalized interfaces necessary for presentation, communication, and interaction of PI and relevant information associated with PI; encompasses functionality such as user interfaces, system-to- system information exchanges, and agents information presentation and communication ACCESSEnable data-subject Actors, as required and/or allowed by permission, policy, or regulation, to review their PI that is held within a Domain and propose changes and/or corrections to their PI View and propose changes to stored PI Proposed revised Service Definitions