Presentation is loading. Please wait.

Presentation is loading. Please wait.

DSCI Framework- Pilot Implementation. Operational Locations Different project groups Different client Geographies Different services Exposes PI through.

Published byCandice Lane Modified over 8 years ago

Similar presentations

Presentation on theme: "DSCI Framework- Pilot Implementation. Operational Locations Different project groups Different client Geographies Different services Exposes PI through."— Presentation transcript:

1 DSCI Framework- Pilot Implementation

2 Operational Locations Different project groups Different client Geographies Different services Exposes PI through different means Privacy Organization New Project- Exposure to Personal information Training and Awareness Report Visibility over Personal Information Exposure to different compliance regulations Regulatory Compliance Intelligence Privacy Policies, processes Enforce Contract, Service Agreement Guide Privacy Contract Management Monitoring & Incident Management Privacy breach Detect Information Usage & Access Personal Information Security DSCI Privacy Approach (POR) (PPP) VPI) (RCI) (PCM) (MIM) (PIS) (IUA) (PAT)

3 VPIPPPPCM PIS PATMIM POR Personal Information Security Information Usage & Access, Monitoring & Training RCI IUA VPI – Visibility Over Personal Information POR – Privacy Organization & Relations PPP – Privacy Policy & Processes RCI – Regulatory Compliance Intelligence PCM – Privacy Contract Management MIM – Privacy Monitoring & Incident Management IUA – Information Usage & Access PAT – Privacy Awareness & Training PIS– Personal Information Security Privacy Strategy & Processes DSCI- Privacy Framework DPF © - DSCI Privacy Framework

4 A NASSCOM ® Initiative What brings the data to you ? What the data brings to you? Business processes that involve transactions with the end customer Business relationships that involve transactions in the data Business functions that deal with employee data Concerns Retail Business Customer Services Business Partners Retailers CRM Sales & Marketing Outsourcing Service Agents HR Management Finance Travel Admin Data Protection requirements End Customer Client / Partner Employee Governments Privacy Principles Technology Measures Compliance Requirements Security & Safeguards Service (MSA) Agreements Geographical regulations (UK DPA, US California Data Sec) Vertical specific regulations (HIPAA/HITECH: Health) Functional regulations (GLBA- Finance Products) Organizational Measures Data Centric Approach DSCI Framework Implementation

5 A NASSCOM ® Initiative DC Role for Employee Data Protection Data Processor Role Data Controller Role Data Elements Data Fields Data Access Points Data Operations Application Access Underlying Infrastructure Physical Environment Personnel security Client environment Type of Data US, California State Health Financial Processing Data Origin Client: xyz MSA SB 1386 HIPAA/ HITECH GLBA Client Relations ProcessSub-process Business Functions ProcessSub-process Business Services ProcessSub-process Business Process Portfolio Relationship Portfolio Business Function Portfolio 1 2 3 DSCI Framework Implementation Data Centric Approach Portfolio from Data Perspective Example Compliance MSA Requirements Geographical regulations Vertical regulations Functional regulations

6 A NASSCOM ® Initiative Client Relationship, Processes, Sub Processes, Gives insight into the data associated with the process/sub-process Process Portfolio: Data Perspective Data View Data Field, Form, File View of data in all processes Access, Process, Transmits, Storage View of operations performed on the data element Data AccessData Env Client & Offshore Env, Infrastructure Physical Env View of underlying infrastructure that process data Compliance MSA, Geography), Domain Specific, Special Legislation View of compliance reqds mapped to the Data Visibility Exercise Visibility Vigilance Coverage & Accuracy Discipline in defense Compliance demonstration Enablers DSCI Framework: DSF& DPF DSCI Best Practices DSCI- Document Ecosystem (Strategic Options, Guidance Notes etc) Framework Implementation Strategic, tactical & operational View DSCI Principles DSCI Framework Implementation Identify Problem Strategic Options Security Program Impleme ntation Operatio nalization DSCI Best Practices DSF & DPF or Any Security Program- ISO, PCIDSS, etc.

7 A NASSCOM ® Initiative Pilot Implementation DSCI Contribution DSCI Approach & Methodology Visibility tool (spreadsheet) Data capture guidance Data analysis & presentation Phase I: Visibility Exercise Service Provider Contribution Identify function/ LOS is to be covered, define sample size Data capture Help in data analysis Create case study Client relationship portfolio from data security perspective Consolidated view of data, & underlying environment Granular risk map, revealing real issues Risk classification - reveals client, as well as, SP accountability Deliverables Roles & Responsibility Scope Scope restricted to a mutually agreed sample size. Depends on the LOBs to, no of client relationships, & number of processes or sub processes under each relationship Future directions & plan No involvement of third party Lean exercise, avoiding bulkiness Enablers DSCI Best Practices Data Controller Data Processor DSCI Framework - DPF | DSFVisibility Exercise Tools

8 A NASSCOM ® Initiative Brings data centric approach in the security initiatives Creates a portfolio of business processes from data perspective Focus on scenarios that may lead to data breach, identify the issues in environments both at client and service provider Reach to the granularities of risks, which help fix accountability of process and project owners, Revitalize security operations, compliances and reporting to incorporate data centric elements Rely on visibility that identifies where the data is residing and how it is transacting Provides assurance over security over the specific data element in the wake of emerging data protection regulations Data Centric Approach Visibility as a fundamental Principle Portfolios from Data perspective Granularity of risks Scenario based evaluation Revitalization of security operations Assurance in the wake of regulations Framework Implementation Benefits

9 A NASSCOM ® Initiative Thank You

Download ppt "DSCI Framework- Pilot Implementation. Operational Locations Different project groups Different client Geographies Different services Exposes PI through."

Similar presentations

Auditing Governance Functions

Auditing Governance Functions
STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)

STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
INTRODUCTION TO ISO 14001 Joan Kithika. OUTLINE DEFINITIONS WHY ENVIRONMENTAL MANAGEMENT? LEGAL OVERVIEW HOW TO MANAGE THE ENVIRONMENT-AN ENVIRONMENTAL.

INTRODUCTION TO ISO Joan Kithika. OUTLINE DEFINITIONS WHY ENVIRONMENTAL MANAGEMENT? LEGAL OVERVIEW HOW TO MANAGE THE ENVIRONMENT-AN ENVIRONMENTAL.
© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
Grow Your Business through Contact Centre Outsourcing Fanny Vaz Director, Personal Market Unit, CTM.

Grow Your Business through Contact Centre Outsourcing Fanny Vaz Director, Personal Market Unit, CTM.
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
Security Controls – What Works

Security Controls – What Works
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Geneva, Switzerland, 14 November 2014 Data Protection for Public Cloud (International Standard ISO 27018) Stéphane Guilloteau Engineer Expert, Orange Labs.

Geneva, Switzerland, 14 November 2014 Data Protection for Public Cloud (International Standard ISO 27018) Stéphane Guilloteau Engineer Expert, Orange Labs.
Training.

Training.
Security Governance Technology Executive Club

Security Governance Technology Executive Club
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
–LSI Internal Use Only LSI’s Investments in Compliance Energy Insight 2014.

–LSI Internal Use Only LSI’s Investments in Compliance Energy Insight 2014.
Welcome ISO9001:2000 Foundation Workshop.

Welcome ISO9001:2000 Foundation Workshop.
Vendor Risk: Effective Management is Essential

Vendor Risk: Effective Management is Essential

Similar presentations

Ads by Google