PROSEC 2.0:18 DATA PROTECTION MANAGEMENT SYSTEM (DPMS) 

Data Protection best practice, audit and certification 

THE CHALLENGE

A number of organisations have highlighted four core challenges that have emerged since the introduction of GDPR in May 2008.

  1. The lack of any approved definition of ‘compliance’ or certification resulting in unmeasured and unaudited compliance efforts

  2. The lack of a practical structure to ensure ongoing maintenance of requirements.

  3. The lack of a structured internal audit process

  4. The lack of separation of personal data and business non-personal data

Influenced by the fundamentals and structures of the ISO 27001, BS 10012, Cyber Essentials and the GDPR, we developed the ProSec 2.0:18 Data Protection Management System. to assist our clients with resolving the above challenges. We are now making the standard publicly available.

KEY FEATURES

  • 50 best practice data protection controls

  • Built in Audit process and schedule to ensure ongoing maintenance

  • Practical guidance included for significant controls

  • References to GDPR requirements

  • Optional templates available for each significant control

  • Optional external audit

  • Optional certification

METHODOLOGY

The model is designed to help organisations embed a data protection best practice program within their business operations that will apply to all data but take into account any special measures required for personal data. Successful implementation of the DPMS will enhance customer trust and enable ongoing and auditable compliance with core legislation.

In addition there are associated templates that are designed to simplify compliance and clearly defined audit points for periodic self-evaluation

The ProSec 2.0:18 DPMS is based on the internationally recognised PLAN, DO, REVIEW, ACT model and uses a set of key controls, policies, processes and audits to develop a robust and manageable accountability framework for all data that the organisation processes. In addition we include practical advice on how controls can be actioned as well as a set of core templates to assist with implementation.

To ensure a maintained compliance effort, the framework has at its heart a mandatory self-audit program. This in turn can be enhanced with the addition of an optional external audit and certification if required.

OPTIONS

ProSec 2.0:18 is designed to meet the requirements of all organisations regardless of size. We have therefore made the standard available as a stand alone document or with additional optional resources:

 

CONTROL REQUIREMENTS

 

For ease of understanding we use the following compliance requirement terms:

MUST – this is mandatory to achieve the ProSec 2.0:18 standard.

MUST(G) - this is mandatory to achieve the ProSec 2.0:18 standard and mandatory under GDPR.

SHOULD – this is not required to achieve the ProSec 2.0:18 standard, not mandated by GDPR but constitutes current best practice.

OPTIONAL – this describes something that is available but not required to achieve the ProSec 2.0:18 standard, not mandated by GDPR and is not necessarily best practice.

 

IMPLEMENTATION MODELS

 

There are 3 ways to implement the ProSec 2.0:18 standard.

DIY 

Simply purchase the standard and implement the DPMS to your organisation. - whilst an external audit is recommended, this standard can be self audited.

Consultant Audited

One of our certified ProSec 2.0:18 consultants will audit and optionally certify your implementation efforts.

Consultant assisted

One of our certified ProSec2.0:18 consultants can assist you with the implementation and audit.

TO GET A FREE COPY OF THE PROSEC 2.0:18 STANDARD OR FOR FURTHER INFORMATION ON ANY OF THESE OPTIONS PLEASE CONTACT US AT THE BELOW EMAIL ADDRESS OR USE THE CONTACT FORM ON THIS SITE

 

info@2twenty4consulting.com

We have a Partner network for those looking to 'white-label' the standard for their own services. Contact us for more information.

Cyber Essentials

DPO SERVICES

GDPR SERVICES

How can we help you? 

Copyright 2twenty4 Consulting 2018

2twenty4 Consulting LTD are registered with the ICO ZA377863