A Readiness Assessment is a thorough evaluation of an organisation’s privacy infrastructure with reference to regulations such as the GDPR, CPRA, HIPAA, etc. It is technically a first-party audit designed to help organisations demonstrate their level of compliance to a certain regulation or standard.

For the purpose of this assessment, organisations are typically required to establish their compliance by means of abundant documentation and evidence.

Key Objectives

1. Compliance Evaluation: Through a Readiness Assessment, an organisation evaluates its conformity to federal and sectorial regulations and standards.
2. Compliance Demonstration: An organisation can demonstrate its compliance with reference to a readiness report.
3. Compliance Certification: Upon achieving a satisfactory compliance score, the concerned organisation may be awarded a compliance certificate which indicates their commitment to uphold privacy.
4. Further Audits: A Readiness Assessment equips an organisation with the resources which are necessary to facilitate second-party and third-party audits and assessments by partners, regulators or certifying authorities.

Deliverables

Upon completion of the Readiness Assessment, the subject organisation is supplied with:

• Readiness Report: A report documenting the areas of compliance while highlighting any instances of non-compliance which may require further enhancements. The report shall assist organisations in facilitating second-party and third-party audits.
• Compliance Certificate: In cases where sufficient compliance to the respective standard is observed, the organisation is awarded with a certificate which demonstrates their compliance to all stakeholders. The validity of the certificate is of one year from the date of certification.

Procedure

• Step 1 – Consultations with Key Stakeholders: In this stage, our specialists hold consultations with the key stakeholders of the organisation, such as the concerned person(s) from the organisation’s Development team, IT department and HR department. The objective of this stage is to evaluate the present privacy infrastructure of the organisation.

• Step 2 – Documentation of Evidences: Based on the previous step, the necessary evidence of privacy implementation are collected from the organisation and documented.

• Step 3 – Preparation of Readiness Report: The findings of the assessment are documented into a Readiness Report. The report indicates the overall level of compliance adopted by the organisation with respect to a particular regulation or standard.

• Step 4 – Presentation of Readiness Report: The fourth stage involves a detailed presentation of the Readiness Report while addressing any identified points of concerns.

• Step 5 – Awarding of Compliance Certificate: Upon discovery of sufficient compliance measures undertaken by an organisation, a Compliance Certificate is awarded to the organisation. The certificate serves as a verifiable proof of compliance and demonstrates the organisation’s commitment to the protection of personal data of its customers, employees, partners and stakeholders.

Project Duration/Timeframe

Depending upon the size of the organisation, the number of departments and the complexity of processing activities, the procedure may take anywhere between 3 to 6 (three to six) weeks.

Benefits

1. Stakeholder Trust & Confidence: Most individuals and organisations prefer to collaborate with certified partners. A Privacy Compliance Certification helps the organisation build trust with its customers, partners and investors.
2. Regulatory Compliance: A Readiness Report demonstrates an organisation’s compliance before regulatory authorities.
3. Further Audits & Assessments: Conduction of a Readiness Assessment simplifies subsequent audits by business partners (second-party audit) and regulatory/certifying authorities (third-party audits).