Management Tools                                                     
These tools will help your company manage the security and privacy of non-public information,
business partners, and compliance.  I've created and used these tools to help my clients, and
I am confident that they will help your organization too.
Sign Up For Free Monthly Privacy Awareness Tips
Email:  
For Email Newsletters you can trust
Privacy Management Toolkit                               
The Privacy Management Toolkit, Version 1.0 is a complete resource for managing customer
and employee data privacy while maintaining compliance with international data protection
laws. The Privacy Management Toolkit addresses all of the critical components of a privacy
management program for less than the cost of one day of outside consulting advice. The
Privacy Management Toolkit has everything you need to save money while building a privacy
governance program based on the international O.E.C.D. Privacy Principles upon which most
data protection laws throughout the world are based.  

For more information see http://www.informationshield.com/privacy_main.html or get in touch
with me
Vendor Security Assessment Kit                        
These are tools I developed and that I use for the assessments I am contracted to perform.  I
have used them for over 150 vendor and business partner security program reviews, and they
have worked exceptionally well for me.  

Here is some additional information about my Vendor Security Assessment Kit:
  • The vendor questionnaire is an Excel spreadsheet.
  • The beginning section collects information about the vendor (name of company,
contact info, website, size of company, etc.), along with identifying the specific types
personally identifiable information (PII) from your organization that the vendor
accesses/handles/stores/etc.
  • There is a worksheet for the information security section and a worksheet for the   
privacy section.
  • There are a total of 136 questions following the vendor information collection beginning  
section.  The questions use the international frameworks of ISO 27002 and the   
OECD privacy principles, which the government oversight agencies view as best
practices and encourage organizations to follow.  
  • The 136 questions are within 16 well-defined topics.  I have found this helps the vendor
to answer the questions; often they will assign the different topics to different people
to expedite getting the questionnaire completed, as well as to ensure that those most
knowledgeable about the topic are the ones answering the questions.
  •  I also include a template to create the vendor security review results report within
the kit.  The format is a Word document which includes directions for how to complete
it.
  •  I also include the following within the Vendor Security Assessment Kit:
1)  A set of 21 sample security and privacy clause issues to include within vendor
contracts
2)  A set of 15 sample vendor security and privacy management policies

For more information, contact me


Planned Management Tools - Coming Soon!
  
 
© 2011 Rebecca Herold & Associates, LLC.  All rights reserved.
 Privacy Policy  
 Email Rebecca Herold