PROSEC 2.0:18 DATA PROTECTION MANAGEMENT SYSTEM (DPMS)
Data Protection best practice, audit and certification
A number of organisations have highlighted four core challenges that have emerged since the introduction of GDPR in May 2008.
The lack of any approved definition of ‘compliance’ or certification resulting in unmeasured and unaudited compliance efforts
The lack of a practical structure to ensure ongoing maintenance of requirements.
The lack of a structured internal audit process
The lack of separation of personal data and business non-personal data
Influenced by the fundamentals and structures of the ISO 27001, BS 10012, Cyber Essentials and the GDPR, we developed the ProSec 2.0:18 Data Protection Management System. to assist our clients with resolving the above challenges. We are now making the standard publicly available.
50 best practice data protection controls
Built in Audit process and schedule to ensure ongoing maintenance
Practical guidance included for significant controls
References to GDPR requirements
Optional templates available for each significant control
Optional external audit
The model is designed to help organisations embed a data protection best practice program within their business operations that will apply to all data but take into account any special measures required for personal data. Successful implementation of the DPMS will enhance customer trust and enable ongoing and auditable compliance with core legislation.
In addition there are associated templates that are designed to simplify compliance and clearly defined audit points for periodic self-evaluation
The ProSec 2.0:18 DPMS is based on the internationally recognised PLAN, DO, REVIEW, ACT model and uses a set of key controls, policies, processes and audits to develop a robust and manageable accountability framework for all data that the organisation processes. In addition we include practical advice on how controls can be actioned as well as a set of core templates to assist with implementation.
To ensure a maintained compliance effort, the framework has at its heart a mandatory self-audit program. This in turn can be enhanced with the addition of an optional external audit and certification if required.
ProSec 2.0:18 is designed to meet the requirements of all organisations regardless of size. We have therefore made the standard available as a stand alone document or with additional optional resources:
For ease of understanding we use the following compliance requirement terms:
MUST – this is mandatory to achieve the ProSec 2.0:18 standard.
MUST(G) - this is mandatory to achieve the ProSec 2.0:18 standard and mandatory under GDPR.
SHOULD – this is not required to achieve the ProSec 2.0:18 standard, not mandated by GDPR but constitutes current best practice.
OPTIONAL – this describes something that is available but not required to achieve the ProSec 2.0:18 standard, not mandated by GDPR and is not necessarily best practice.
There are 3 ways to implement the ProSec 2.0:18 standard.
Simply purchase the standard and implement the DPMS to your organisation. - whilst an external audit is recommended, this standard can be self audited.
One of our certified ProSec 2.0:18 consultants will audit and optionally certify your implementation efforts.
One of our certified ProSec2.0:18 consultants can assist you with the implementation and audit.
TO GET A FREE COPY OF THE PROSEC 2.0:18 STANDARD OR FOR FURTHER INFORMATION ON ANY OF THESE OPTIONS PLEASE CONTACT US AT THE BELOW EMAIL ADDRESS OR USE THE CONTACT FORM ON THIS SITE
We have a Partner network for those looking to 'white-label' the standard for their own services. Contact us for more information.
Copyright 2twenty4 Consulting 2018
2twenty4 Consulting LTD are registered with the ICO ZA377863