SlideShare una empresa de Scribd logo

Privacy Impact Assessment Management System (PIAMS)

The Canton Group
The Canton Group

The document discusses the Privacy Impact Assessment Management System (PIAMS) developed by The Canton Group to improve the privacy impact assessment (PIA) process for federal agencies. PIAMS automates the collection, storage, and review of PIA documents to reduce costs and improve transparency. It replaces manual PIA processes and filing with a web-based system. The Internal Revenue Service successfully implemented PIAMS, reducing the time to complete PIAs by a factor of 10 and decreasing labor hours.

Tecnología
1 de 10
Descargar para leer sin conexión
1 Protect Personally Identifiable Information (PII) through process improvement and automation with the Privacy Impact Assessment Management System (PIAMS) Presented by www.cantongroup.com Richard Snyder Jason Lancaster Kelly Price 2920 O’Donnell St. Baltimore, MD 21224 tel: 410.675.5708 fax: 410.675.5111 www.cantongroup.com
2 Problem Statement • A Privacy Impact Assessment, or PIA, is an analysis of how information in identifiable form is collected, stored, protected, shared and managed...[to] ensure that system owners and developers have consciously incorporated privacy protection throughout the entire life cycle of a system. • PIA’s expose internal and external threats to the confidentiality of Personally Identifiable Information (PII) in compliance with the EGovernment Act of 2002 (Pub. L 107-347) and applicable Office of Management and Budget (OMB) guidance. • This analysis is required on many systems within Federal Organizations and can result in a significant investment in time during the preparation and review cycles. www.cantongroup.com
3 Solution Overview • A Privacy Impact Assessment Management System (PIAMS) collects and stores multiple Privacy Impact Assessment (PIA) questionnaires for system owners. • Types of PIA’s can include specialty questionnaires for ~ Surveys ~ Social networking sites ~ Public internet sites ~ Generic data storage PIA • Manual process of filing and reviewing PIAs is replaced by a web system to store the final deliverable and automate the PIA process. www.cantongroup.com
4 Workflow Overview • Promotes workflow flexibility An example would be allowing management approval on the “business” side as well as the “privacy side”. • Multiple versions of each type of questionnaire As the need for stored information changes, each questionnaire can be updated to reflect those changes. Existing approved or signed PIAs will be linked to the version of the questionnaire active at the time • Dynamic sub-questions based on answers. For example, if the answer to a question is “yes” display one subset of questions; if no, show a different subset. • Approved (or signed) PIAs stored in a read-only state ~ Minimizes the need for physical storage ~ Allows for statistical analysis and data-mining of PII elements www.cantongroup.com
5 Process Flow www.cantongroup.com
6 Technical Architecture • Microsoft .NET Framework, version 4.0 or 4.5 • Pages & functionality developed using C#, JavaScript, and SQL Stored Procedures • Database server running Microsoft SQL Server 2008 • Web Server(s) running Windows Server® 2012 or Windows Server ®2008 R2 • Windows Internet Information Services (IIS) 8.0 • Database Server running Microsoft SQL Server 2008 www.cantongroup.com
7 Key Benefits of PIAMS • Eliminates the use of paper application submissions (Paper Reduction) • Increases the ability of tracking and centrally storing the PIA’s (Transparency and Accessibility) • The ability for electronic notifications for PIA renewal or missing information sent to the system owners (Workflow Automation) • Increases reporting for individual systems or enterprise wide (Reporting and Metrics) • Reduces man hours required to perform initial and subsequent PIA’s (Sustained Operational Reduction) • Facilitates enhanced security of PII Data (Enhanced data security) www.cantongroup.com
8 Proven Success Story • The Canton Group worked with IRS to automate and improve the existing PIA processes leveraging state of the art web software. • The system created by The Canton Group provided the IRS with new operational capability and allowed the IRS to have more confidence in assigning security levels for systems as well as massively decrease the labor hours required to gathering this information. • The implementation of this system has resulted in a sustained reduction in man hours required to perform Privacy Impact Assessments (PIAs) and improved the speed to perform PIAs by a factor of 10. www.cantongroup.com
9 Summary • PIAMS improves operational effectiveness • The Canton Group designed and developed PIAMS • The IRS has a significant number of systems with PII and is successfully using PIAMS • PIAMS can be configured and customized to meet agency specific requirements • The Canton Group is a GSA Schedule 70 and 8a Stars 2 Prime Contractor www.cantongroup.com
10 Contact Canton Group For more information or to schedule a demonstration please contact: Chris Forhan, Director of Digital Strategy cforhan@cantongroup.com Ed Peck, Senior Security Engineer CISSP epeck@cantongroup.com Or call 410-675-5708 x7117 www.cantongroup.com

Recomendados

Wayne richard - pia risk management - atlseccon2011
Wayne richard - pia risk management - atlseccon2011Wayne richard - pia risk management - atlseccon2011
Wayne richard - pia risk management - atlseccon2011
Atlantic Security Conference
 
Data classification-policy
Data classification-policyData classification-policy
Data classification-policy
Coi Xay
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Eryk Budi Pratama
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPR
MyComplianceOffice
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
Eryk Budi Pratama
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 

Recomendados

Wayne richard - pia risk management - atlseccon2011
Wayne richard - pia risk management - atlseccon2011Wayne richard - pia risk management - atlseccon2011
Wayne richard - pia risk management - atlseccon2011
Atlantic Security Conference
 
Data classification-policy
Data classification-policyData classification-policy
Data classification-policy
Coi Xay
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Eryk Budi Pratama
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPR
MyComplianceOffice
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
Eryk Budi Pratama
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
rajab ssemwogerere
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role
HackerOne
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data Pribadi
Eryk Budi Pratama
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...
Sebastien Deleersnyder
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
Eryk Budi Pratama
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You
TrustArc
 
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QAQA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QAFest
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
S.M. Towhidul Islam
 
Database auditing essentials
Database auditing essentialsDatabase auditing essentials
Database auditing essentials
Craig Mullins
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
Ulf Mattsson
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification Presentation
Derroylo
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating Model
Eryk Budi Pratama
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
Eryk Budi Pratama
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
Eryk Budi Pratama
 
GDPR master class - transparent research projects
GDPR master class - transparent research projectsGDPR master class - transparent research projects
GDPR master class - transparent research projects
MRS
 
GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)
MRS
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
Eryk Budi Pratama
 
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
GDPR: 3 Months On | Guest Speaker: Data Protection CommissionersGDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
BrightPay Payroll and Auto Enrolment Software
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Frank Dawson
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPR
Jessvin Thomas
 
Integrated Privacy Impact Assessment
Integrated Privacy Impact AssessmentIntegrated Privacy Impact Assessment
Integrated Privacy Impact Assessment
Jeremy Hilton
 
Trackment
TrackmentTrackment
Trackment
meaannn
 

Más contenido relacionado

La actualidad más candente

5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You
TrustArc
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification Presentation
Derroylo
 
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
GDPR: 3 Months On | Guest Speaker: Data Protection CommissionersGDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
BrightPay Payroll and Auto Enrolment Software
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Frank Dawson
 

La actualidad más candente (20)

Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data Pribadi
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You
 
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QAQA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
 
Database auditing essentials
Database auditing essentialsDatabase auditing essentials
Database auditing essentials
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification Presentation
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating Model
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
 
GDPR master class - transparent research projects
GDPR master class - transparent research projectsGDPR master class - transparent research projects
GDPR master class - transparent research projects
 
GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
 
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
GDPR: 3 Months On | Guest Speaker: Data Protection CommissionersGDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPR
 

Destacado

Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
IBM Security
 
StuartMillar_13616005_PIA
StuartMillar_13616005_PIAStuartMillar_13616005_PIA
StuartMillar_13616005_PIA
Stuart Millar
 
Privacy in Computing - Impact on emerging technologies
Privacy in Computing - Impact on emerging technologiesPrivacy in Computing - Impact on emerging technologies
Privacy in Computing - Impact on emerging technologies
Mensah Sitti
 

Destacado (20)

Integrated Privacy Impact Assessment
Integrated Privacy Impact AssessmentIntegrated Privacy Impact Assessment
Integrated Privacy Impact Assessment
 
Trackment
TrackmentTrackment
Trackment
 
opncc_certificate
opncc_certificateopncc_certificate
opncc_certificate
 
iTrack WP3 workshop
iTrack WP3 workshopiTrack WP3 workshop
iTrack WP3 workshop
 
Privacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataPrivacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal Data
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
StuartMillar_13616005_PIA
StuartMillar_13616005_PIAStuartMillar_13616005_PIA
StuartMillar_13616005_PIA
 
Privacy in Computing - Impact on emerging technologies
Privacy in Computing - Impact on emerging technologiesPrivacy in Computing - Impact on emerging technologies
Privacy in Computing - Impact on emerging technologies
 
Brussels Privacy Hub: SATORI and iTRACK
Brussels Privacy Hub: SATORI and iTRACKBrussels Privacy Hub: SATORI and iTRACK
Brussels Privacy Hub: SATORI and iTRACK
 
Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011
 
Impact of CCTV on 'Right to Privacy'
Impact of CCTV on 'Right to Privacy'Impact of CCTV on 'Right to Privacy'
Impact of CCTV on 'Right to Privacy'
 
Impact of ict on privacy and personal data
Impact of ict on privacy and personal dataImpact of ict on privacy and personal data
Impact of ict on privacy and personal data
 
ISO 27001 cambios 2005 a 2013
ISO 27001 cambios 2005 a 2013ISO 27001 cambios 2005 a 2013
ISO 27001 cambios 2005 a 2013
 
Robert beggs incident response teams - atlseccon2011
Robert beggs incident response teams - atlseccon2011Robert beggs incident response teams - atlseccon2011
Robert beggs incident response teams - atlseccon2011
 
From Privacy Impact Assessment to Social Impact Assessment: Preserving TRrus...
From Privacy Impact Assessment to Social Impact Assessment: Preserving TRrus...From Privacy Impact Assessment to Social Impact Assessment: Preserving TRrus...
From Privacy Impact Assessment to Social Impact Assessment: Preserving TRrus...
 
WRC Newsletter Feb 2013
WRC Newsletter Feb 2013WRC Newsletter Feb 2013
WRC Newsletter Feb 2013
 
The Impact of Cloud: Cloud Computing Security and Privacy
The Impact of Cloud: Cloud Computing Security and PrivacyThe Impact of Cloud: Cloud Computing Security and Privacy
The Impact of Cloud: Cloud Computing Security and Privacy
 
opncc_certificate SALES
opncc_certificate SALESopncc_certificate SALES
opncc_certificate SALES
 
opncc_certificate EBS
opncc_certificate EBSopncc_certificate EBS
opncc_certificate EBS
 

Similar a Privacy Impact Assessment Management System (PIAMS)

Building Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACLBuilding Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACL
Jim Kaplan CIA CFE
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
Precisely
 
PayPal Decision Management Architecture
PayPal Decision Management ArchitecturePayPal Decision Management Architecture
PayPal Decision Management Architecture
Pradeep Ballal
 
Threat and Risk Assessment QuestionnaireCompletion da.docx
Threat and Risk Assessment QuestionnaireCompletion da.docx Threat and Risk Assessment QuestionnaireCompletion da.docx
Threat and Risk Assessment QuestionnaireCompletion da.docx
MARRY7
 
HyperconvergedFantasyAnalytics
HyperconvergedFantasyAnalyticsHyperconvergedFantasyAnalytics
HyperconvergedFantasyAnalytics
Jerry Jermann
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports
Jim Kaplan CIA CFE
 

Similar a Privacy Impact Assessment Management System (PIAMS) (20)

NZS-4555 - IT Analytics Keynote - IT Analytics for the Enterprise
NZS-4555 - IT Analytics Keynote - IT Analytics for the EnterpriseNZS-4555 - IT Analytics Keynote - IT Analytics for the Enterprise
NZS-4555 - IT Analytics Keynote - IT Analytics for the Enterprise
 
Building Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACLBuilding Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACL
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
PayPal Decision Management Architecture
PayPal Decision Management ArchitecturePayPal Decision Management Architecture
PayPal Decision Management Architecture
 
Data Management Strategy
Data Management StrategyData Management Strategy
Data Management Strategy
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
 
Governance webinar 09062016
Governance webinar 09062016Governance webinar 09062016
Governance webinar 09062016
 
Governance webinar 09062016
Governance webinar 09062016Governance webinar 09062016
Governance webinar 09062016
 
Financial Services - New Approach to Data Management in the Digital Era
Financial Services - New Approach to Data Management in the Digital EraFinancial Services - New Approach to Data Management in the Digital Era
Financial Services - New Approach to Data Management in the Digital Era
 
Cyber security series administrative control breaches
Cyber security series administrative control breaches Cyber security series administrative control breaches
Cyber security series administrative control breaches
 
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
 
Rajasekkar
RajasekkarRajasekkar
Rajasekkar
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT Infrastructure
 
Threat and Risk Assessment QuestionnaireCompletion da.docx
Threat and Risk Assessment QuestionnaireCompletion da.docx Threat and Risk Assessment QuestionnaireCompletion da.docx
Threat and Risk Assessment QuestionnaireCompletion da.docx
 
Analytic Predictions for IT Operations: An Overview
Analytic Predictions for IT Operations: An OverviewAnalytic Predictions for IT Operations: An Overview
Analytic Predictions for IT Operations: An Overview
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
 
Beatrice s prunotto_resume_text
Beatrice s prunotto_resume_textBeatrice s prunotto_resume_text
Beatrice s prunotto_resume_text
 
Predicting Mission Success through Improved Data Collection, Reuse and Analysis
Predicting Mission Success through Improved Data Collection, Reuse and AnalysisPredicting Mission Success through Improved Data Collection, Reuse and Analysis
Predicting Mission Success through Improved Data Collection, Reuse and Analysis
 
HyperconvergedFantasyAnalytics
HyperconvergedFantasyAnalyticsHyperconvergedFantasyAnalytics
HyperconvergedFantasyAnalytics
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports
 

Último

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Último (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Privacy Impact Assessment Management System (PIAMS)

  • 1. 1 Protect Personally Identifiable Information (PII) through process improvement and automation with the Privacy Impact Assessment Management System (PIAMS) Presented by www.cantongroup.com Richard Snyder Jason Lancaster Kelly Price 2920 O’Donnell St. Baltimore, MD 21224 tel: 410.675.5708 fax: 410.675.5111 www.cantongroup.com
  • 2. 2 Problem Statement • A Privacy Impact Assessment, or PIA, is an analysis of how information in identifiable form is collected, stored, protected, shared and managed...[to] ensure that system owners and developers have consciously incorporated privacy protection throughout the entire life cycle of a system. • PIA’s expose internal and external threats to the confidentiality of Personally Identifiable Information (PII) in compliance with the EGovernment Act of 2002 (Pub. L 107-347) and applicable Office of Management and Budget (OMB) guidance. • This analysis is required on many systems within Federal Organizations and can result in a significant investment in time during the preparation and review cycles. www.cantongroup.com
  • 3. 3 Solution Overview • A Privacy Impact Assessment Management System (PIAMS) collects and stores multiple Privacy Impact Assessment (PIA) questionnaires for system owners. • Types of PIA’s can include specialty questionnaires for ~ Surveys ~ Social networking sites ~ Public internet sites ~ Generic data storage PIA • Manual process of filing and reviewing PIAs is replaced by a web system to store the final deliverable and automate the PIA process. www.cantongroup.com
  • 4. 4 Workflow Overview • Promotes workflow flexibility An example would be allowing management approval on the “business” side as well as the “privacy side”. • Multiple versions of each type of questionnaire As the need for stored information changes, each questionnaire can be updated to reflect those changes. Existing approved or signed PIAs will be linked to the version of the questionnaire active at the time • Dynamic sub-questions based on answers. For example, if the answer to a question is “yes” display one subset of questions; if no, show a different subset. • Approved (or signed) PIAs stored in a read-only state ~ Minimizes the need for physical storage ~ Allows for statistical analysis and data-mining of PII elements www.cantongroup.com
  • 6. 6 Technical Architecture • Microsoft .NET Framework, version 4.0 or 4.5 • Pages & functionality developed using C#, JavaScript, and SQL Stored Procedures • Database server running Microsoft SQL Server 2008 • Web Server(s) running Windows Server® 2012 or Windows Server ®2008 R2 • Windows Internet Information Services (IIS) 8.0 • Database Server running Microsoft SQL Server 2008 www.cantongroup.com
  • 7. 7 Key Benefits of PIAMS • Eliminates the use of paper application submissions (Paper Reduction) • Increases the ability of tracking and centrally storing the PIA’s (Transparency and Accessibility) • The ability for electronic notifications for PIA renewal or missing information sent to the system owners (Workflow Automation) • Increases reporting for individual systems or enterprise wide (Reporting and Metrics) • Reduces man hours required to perform initial and subsequent PIA’s (Sustained Operational Reduction) • Facilitates enhanced security of PII Data (Enhanced data security) www.cantongroup.com
  • 8. 8 Proven Success Story • The Canton Group worked with IRS to automate and improve the existing PIA processes leveraging state of the art web software. • The system created by The Canton Group provided the IRS with new operational capability and allowed the IRS to have more confidence in assigning security levels for systems as well as massively decrease the labor hours required to gathering this information. • The implementation of this system has resulted in a sustained reduction in man hours required to perform Privacy Impact Assessments (PIAs) and improved the speed to perform PIAs by a factor of 10. www.cantongroup.com
  • 9. 9 Summary • PIAMS improves operational effectiveness • The Canton Group designed and developed PIAMS • The IRS has a significant number of systems with PII and is successfully using PIAMS • PIAMS can be configured and customized to meet agency specific requirements • The Canton Group is a GSA Schedule 70 and 8a Stars 2 Prime Contractor www.cantongroup.com
  • 10. 10 Contact Canton Group For more information or to schedule a demonstration please contact: Chris Forhan, Director of Digital Strategy cforhan@cantongroup.com Ed Peck, Senior Security Engineer CISSP epeck@cantongroup.com Or call 410-675-5708 x7117 www.cantongroup.com