The new privacy tool from the National Institute of Standards and Technology (NIST) should be a wake-up call for organizations to make sense of the various privacy laws. This is according to Kathleen Randall, EVP of North America at SureCloud, who says multiple privacy regulations are increasing and technology advancements are adding complexity to complying with them.
“Advancements in technology are rapidly creating new ways of using personal data, but this must be balanced with protecting people’s privacy,” comments Kathleen. “The NIST Privacy Framework is filling a much-needed void. Companies that fall under multiple privacy regulations can now use a single framework to take an ‘implement once, comply with many’ approach, rather than developing separate programs for each regulation.
“This framework is necessary because it helps organizations of all sizes and industries identify early to maturing privacy protection activities that are aligned to business objectives, policies, regulations and risk management strategy. It also aligns cybersecurity, risk, privacy, compliance and operations teams on requirements, while also providing a way to assess the risk of future data privacy concerns with emerging digital and technology projects.”
The NIST Privacy Framework isn’t the only framework that businesses have to contend with in today’s ever-changing digital and regulatory landscape.
As such, SureCloud has integrated the new framework into its data privacy, risk and compliance management solution which already supports other regulations and frameworks including the NIST Cyber Security Framework, International Organization for Standardization (ISO) standards, Payment Card Industry Data Security Standard (PCI DSS), Information Security Forum (ISF), California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR).
SureCloud provides end-to-end workflow to drive the NIST Privacy Framework life cycle from assessment to control activity implementation to remediation. And, whether privacy programs are in their infancy or are fully mature, SureCloud offers out-of-the-box guidance and fully configurable templates and workflows to meet company-specific practices.
Kathleen adds: “Our solution is a one-stop shop for launching and managing on-going risk, compliance, and data privacy programs to meet multiple regulations and frameworks while minimizing complexity. Companies can use SureCloud to better understand their own risk tolerance, enable security, privacy and legal teams to speak in the same language and, crucially, get more value out of these frameworks by adapting a risk-based approach to identifying the policies and activities in a way that’s right for them.
“Essentially, organizations can spend less time worrying about interpreting lots of information from regulations and analyzing their risk and compliance posture, and more time on innovating and making sense of what they need to do as a business to protect their customer information.”
Businesses using SureCloud’s solution will benefit from real-time dashboards to report risks and compliance posture on business units and stakeholder accountability right through to regulations, policies. Additionally, they can link their data privacy program to other risk, cybersecurity and compliance initiatives – reporting true risk impact across the business in more meaningful, simplified and relevant terms that executives and the board can understand.
About SureCloud
SureCloud is a provider of Gartner recognized GRC software and CREST accredited Cyber Security & Risk Advisory services. Whether buying products or services your organization would benefit from automated workflows and insight from the award-winning SureCloud platform. All of SureCloud’s service offerings are fully compatible with the GRC suite of products enabling seamless integration of information, taking your risk programs to the next level.