PRISM Privacy+ Certification FAQs

PRISM PRIVACY+ Certified companies are eligible to compete for the business of private contracts and RFPs where PRISM PRIVACY+ Certification is required. More importantly, however, PRISM PRIVACY+ Certified service providers have the advantage of being pre-qualified as meeting the requirements of all data protection regulations. When the client understands they are legally required to verify service provider regulatory compliance, they naturally show preference to the service provider who has already verified it.

At this time you do not have to be a member of the association in order to achieve PRISM PRIVACY+ Certification.

No. PRISM International Membership and PRISM PRIVACY+ Certification are two separate programs, with two separate fees, both of which need to be paid annually. Membership dues follow a calendar year renewal. Certification renewal fees are paid on the anniversary of your initial approval.

Please submit an ethical complaint with proof of the offense to [email protected] The complaint will be reviewed by the Certification Review Committee. Learn more about the association’s Code of Ethics and Complaint Resolution Council Guidelines for how to make a formal complaint.

The steps to apply for Privacy+ Certification are as follows:

1. Review the Privacy+ Handbook thoroughly to make sure you understand the Privacy+ program, the Privacy+ control objectives, and the process required to establish and maintain Privacy+ certification.
2. Have your auditor complete the Auditor Commitment and Approval Form. Note that if you intend to use an auditor other than Kirkpatrick Price, your auditor must be approved by PRISM International in writing. Although not required, we suggest that you wait until PRISM International accepts your auditor before you proceed with the audit because PRISM International’s approval of your auditor is not guaranteed.
3. Submit the following forms from the Privacy+ Program Handbook to PRISM International:
   • Application Form
   • License Agreement
   • Auditor Commitment and Approval Form
4.  Payment:
   • Receive an invoice from PRISM International for the application fee, first year’s licensing fees, and, if you are using Kirkpatrick Price, audit fees. If you are using an audit firm other than Kirkpatrick Price, invoice receipt from PRISM International indicates your auditor has been approved. If your auditor is not approved, you will be contacted directly by PRISM International staff.
   • Pay your PRISM invoice within 30 days of receipt.
5. Schedule the audit. We would prefer that your Privacy+ audit is completed within 6 months of submitting your Privacy+ application. If your audit is not completed within 1 year of submitting your application, you will need to submit a new application and application fee.
6. When your audit is complete, your auditor will forward Privacy+ Audit Report Form B to PRISM International and Privacy+ Audit Report Forms A and B to you.
7. PRISM Privacy+ Certification is typically approved by PRISM International within 30 days of receiving a successfully completed Audit Report Form B.

PRISM Privacy+ Certification is typically approved by PRISM International within 30 days of receiving a successfully completed Audit Report Form B.

All criteria needed for PRISM PRIVACY+ Certification can be found in the PRISM PRIVACY+ Certification Handbook.

Yes, the association offers a number of resources to assist you in becoming certified.

• The PRISM PRIVACY+ Certification Program Department – The association has staff available to answer your questions. Contact staff anytime at [email protected] or +1 602-788-6243
• Ask the Auditors at Kirkpatrick Price – Reach out to the PRISM International representative, Sharon Kempen at [email protected]
• Attend a Conference Session – Register to attend the NAID & PRISM International Annual Conference & Expo, which offers excellent sessions and exhibit hall opportunities to learn more about the benefits and of becoming PRISM PRIVACY+ Certified and how to utilize it as a sales tool