The National Institute of Standards and Technology (NIST) has published a new set of guidelines designed to help organizations assess their security and privacy controls.
The guidelines include customizable privacy assessment procedures that are intended to be "flexible enough to meet the needs of different organizations while providing consistency in conducting control assessments," according to NIST, a division of the U.S. Department of Commerce.
Topics covered under the guidelines include access control policies, contingency planning, incident response, system maintenance and risk assessment, among others.
The guidelines are intended to help organizations determine the effectiveness of their existing controls and risk management processes, and gain insights on the strengths and weaknesses of the systems supporting their missions and business functions.
Organizations of any size and in any sector are vulnerable to privacy risks. Although NIST's guidelines are aimed at an American audience, they are widely applicable to businesses and organizations operating in Western Canada.
The lawyers in the MLT Aikins Privacy, Data Protection & Cybersecurity practice group have extensive experience conducting privacy assessments for clients and developing effective privacy compliance programs.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
