ERE Information Security Auditors
Home | Site Map | Contact Us | Blog | Cyber Security News | Resource Center
This text is replaced by the Flash movie.
 list of IT security and compliance audit steps
ERE Differentiators from other vendors

Privacy Compliance Auditors – Internet Privacy Audits

Privacy Officers engage ERE information security and privacy auditors to conduct threat risk analysis and privacy impact analysis as an assurance step for their privacy compliance needs.

Differentiators of ERE Privacy Compliance Auditors

  • Provide by the text book internet privacy audits, TRA, and PIA services, cross indexed to requirements in the privacy standard of the client’s choice.
  • Minimize cost and confusion by aligning scope precisely with the client’s business needs or control points mandated by their third party auditors.
  • Correlate IT security technology risks with privacy compliance requirements specified by the client’s privacy standard of choice.
  • Utilize components of several standards that best meet a client’s business requirements, such as components of: PIPEDA audits, RCMP / CSE TRA, and our experience with best practice borrowed from other ERE Internet privacy audits.
  • Clear, precise identification of: evidence of compliance violations, compliance violations, risk triaged by risk, and mitigation steps.
  • The Internet privacy audit report contains an actual PIA in the form of a pro-forma PIA analysis. ERE populates the template with compliance violations identified by the TRA and we provide a methodology / algorithm to calculate the cost of potential impacts or the PIA.
  • Each PIA is prefaced with an executive summary that describes the key risks in terms of compliance violations, our methodology, and leads directly into the PIA pro forma calculation template.
  • Scope and price of each step are presented in a clear, simple price quotation.
  • Costs and scope are tuned to meet the business requirements and budget for each client.

confidential stamp

As text book privacy compliance auditors our PIA results focus on the audit control points specified in privacy regulations / standards:

  • Internet Privacy Audits – Identify compliance to any of the privacy standards / regulations below correlated with a technical security assessment of the underlying host network.
  • California Identity Theft Law SB 1386.
  • PIPEDA audits – checklist of 10 critical elements, policy, standard operating procedures, technology.
  • RCMP / CSE TRA – checklist of 10 critical elements, policy, standard operating procedures, technology.
  • PIPEDA Audits and RCMP / CSE TRA correlation – simplified best of both standards
  • PHIPA.
  • FIPPA.
  • GLB.
  • HIPAA.

PIPEDA ACT

Additional Information Resources

 

California SB 1386
http://www.oit.ucsb.edu/committees/itpg/sb1386.asp

FIPPA
http://www.accessandprivacy.gov.on.ca/english/act/index.html

GLB
http://banking.senate.gov/conf/grmleach.htm

HIPAA – Privacy Compliance Audits
 http://www.hipaacompliances.com/list-hipaa-access-control-policy

PIPEDA Audits -  PIA
http://www.priv.gc.ca/information/pub/ar-vr/pipeda_sa_tool_200807_e.cfm   

PHIPA
http://www.e-laws.gov.on.ca/html/statutes/english/elaws_statutes_04p03_e.htm

RCMP / CSE TRA
http://www.rcmp-grc.gc.ca/ts-st/pubs/tra-emr/tra-emr-1-eng.pdf
 
 

Contact Us

905 764 3246
info@ere-security.ca
 
 
  Budgetary Price Quote
  10 minute scope definition call
  ROI Calculation for your next Audit 
  Sanitized Statement of Work
  Sanitized Audit Report
  Product Literature  
  White Papers and Published Articles
   
  Daily Cyber Security News
 
Home | Technology Audits | Compliance Audits | Process Audits | Doc Audit/Authorship| | 7x24 Monitoring | Knowledge Transfer
ERE Differentiators | About Us | Site map | Contact Us | Blog | Cyber Security News | Resource Center
Copyrights © 2007-2008. All rights reserved.  Non-security resources 1|2|3|4|5|6|7|8|9|10

   AddThis Social Bookmark Button