Board Readies Next Generation of Privacy+ Certification

September 10, 2019

The i-SIGMA Board of Directors has officially accepted a recommendation by the Privacy+ Certification Committee to both lower program expenses while increasing its relevance.

When PRISM International originally launched the program, Privacy+ Certification was directly tied to the SSAE 16 Certification, a well-accepted accounting/operational certification created by the American Institute of Certified Public Accountants (AICPA) to acknowledge fiscal and operational integrity. The reasons for basing Privacy+ Certification on SSAE 16 were that the SSAE 16 was already well-known, it verified network security issues which were of increasing concern, and, finally, because many client contracts were already requiring it.

Over the years, however, Privacy+ Certification failed to gain widespread adoption, with many members citing its expense as well as its scope, and the absence of direct linkage to regulatory compliance.

A New Approach Emerges

At the beginning of the year, the i-SIGMA board formed the Privacy+ Committee and appointed Michael Payton, CSDS, to head it up.

As Michael says, what the board wanted was clear.

The board said they wanted recommendations on how to increase Privacy+ acceptance, not only among members, said Payton, “but customers too. They were clear too, that they wanted to move quickly.”

To their credit and as directed, the Privacy+ Certification Committee returned with those recommendations last month; recommendations the board has greenlighted next steps.

The committee proposes that SSAE accreditation no longer serves as the basis for awarding Privacy+, but rather a list of industry-specific criteria that validates security as well as data protection and privacy regulatory compliance. As a result, the costly accounting audit would be replaced by an audit by i-SIGMA’s existing network of security auditors.

Because the audit validates regulatory compliance, its relevance to customers increases – serving now as their vendor selection due diligence, and, because of the audit methodology, the cost is reduced by as much as 70%. Finally, because i-SIGMA’s auditors are already global, there will be no issues achieving the accreditation anywhere in the world.

Member Input Needed!

The i-SIGMA Board and the Privacy+ Certification Committee are aware a change of this magnitude cannot happen in a vacuum. Shortly, i-SIGMA members will be asked to comment on both the proposed specifications and audit methodology. This crucial input will then be incorporated into the program. The open comment period will be launched on October 1.

“With members’ help, we hope to ask for final board approval in December,” said Payton. “Which would mean the new program would be rolled out in January.”