Here are answers to some of the most Frequently Asked Questions (FAQs) related to the program.
PRISM PRIVACY+ Certified companies are eligible to compete for the business of private contracts and RFPs where PRISM PRIVACY+ Certification is required. More importantly, however, PRISM PRIVACY+ Certified service providers have the advantage of being pre-qualified as meeting the requirements of all data protection regulations. When the client understands they are legally required to verify service provider regulatory compliance, they naturally show preference to the service provider who has already verified it.
Yes. PRISM Privacy+ Certification is a voluntary benefit of PRISM Membership. Discover benefits of being a PRISM Member. Those interested in joining should please contact the Membership Department for more information.
No. PRISM International Membership and PRISM PRIVACY+ Certification are two separate programs, with two separate fees, both of which need to be paid annually. Membership dues follow a calendar year renewal. Certification renewal fees are paid on the anniversary of your initial approval.
Please submit an ethical complaint with proof of the offense to [email protected] The complaint will be reviewed by the Certification Review Committee. Learn more about the association’s Code of Ethics and Complaint Resolution Council Guidelines for how to make a formal complaint.
You can apply for PRISM Privacy+ Certification by filling out & submitting the Privacy+ Certification Application. All of the criteria to become PRISM Privacy+ Certified can be found in the Certification Specifications Reference Manual.
Under the i-SIGMA audit regime, once your application is processed and certification fee is paid an auditor will be assigned who will contact you to schedule your initial audit.
You may also submit the PRISM Privacy+ Application & fee along with:
• Verification of a current SOC 2 Audit Report
or
• Current ISO 27001 Registration
Once your application & fee(s) have been received, your application will be processed as soon as possible. If using the i-SIGMA Audit Regime, an auditor will be assigned who will contact you to schedule your initial audit. The entire process can take approximately 4-8 weeks. If submitting your application & fee(s) with a compliant SOC 2 or ISO 27001, the process to have your location become Privacy+ Certified will be as soon as possible.
All criteria needed for PRISM PRIVACY+ Certification can be found in the Certification Specifications Reference Manual.
The PRISM PRIVACY+ Certification Program Department are available to answer your questions and help you through the process. Contact staff anytime at [email protected] or +1 602-788-6243.
The association also offers a Peer-to-Peer Certification Assistance Program. Contact the NAID AAA Certification Support Committee Chair, Margaret Meier, CSDS to be connected with another company already PRISM Privacy+ Certified, so that you can talk with someone who has walked this path before.
If the audit is found to be non-compliant, you’ll be contacted with a copy of the findings along with suggestions to remediate the non-compliant items. Certification is only granted to companies with a successful audit.
