The patent-pending CSR Readiness Suite, available only through resellers, affordably offers enterprise-level risk evaluation to help small and medium-sized businesses comply with a host of regulations related to personally identifiable information (PII). Readiness provides comprehensive guidance to review, revamp and revisit processes for handling and reporting loss of PII data of customers, employees and vendors.Program.
Laws in over twenty-five states and 100+ countries plus fourteen U.S. federal laws require businesses entrusted with safeguarding the personal data of their residents to establish information security programs. Additionally, over 47 states have data breach laws requiring notice to authorities and consumers in the event of suspected data loss. All of these laws include penalties for noncompliance.
The Department of Homeland Security, the FTC, Visa and the BBB are just a few of the organizations that strongly recommend businesses proactively prepare for data breaches by developing Incident Response programs.
CSR’s team of in-house privacy experts, certified by the International Association of Privacy Professionals (IAPP), distilled their data life cycle management (DLCM) framework, used for large enterprise clients in CSR’s consulting practice, to build an affordable, subscription-based service to help businesses achieve PII compliance.
I. Review: Take the self-assessment questionnaire
II. Revamp: Follow the remediation instructions and implement best practices and policies
III. Revisit : Monitor annually by retaking questionnaire to meet legal, regulatory and compliance requirements
Companies start with an online self-guided risk-assessment questionnaire related to how they acquire, access, handle, transmit, store and destroy PII data. There are five areas, or domains, that are covered: Compliance, Security, Privacy, Incident Response planning, and Governance.
CSR’s sophisticated, proprietary system generates a variety of tasks, policies, best practices and remediation instructions. These materials are designed for employee training.
Once the company attests that all the tasks are finished, the business earns a Certification of Completion with an ID Stay Seal, suitable for publication, as well as a listing on IDStaySafe.com with other companies who have achieved Readiness Certification of Completion status. Businesses and consumers search IDStaySAfe.com for companies that demonstrate their commitment to protecting consumer data and compliance with information security laws and regulations.
In the event of a data loss incident, CSR professionals file all required reports to authorities, consumers and other affected individuals on behalf of business customers, using the patented, award-winning CSR Breach Reporting service.
Visa says “Consider a breach likely and plan accordingly.” Preparation still won’t prevent all breaches. That’s why organizations like Visa advise establishing relationships with experts prior to an event.
While it's impossible to completely avoid a breach, due to uncontrollable circumstances, 97% could have been prevented, according to Verizon Business.
– Employees cause 75% of breaches, either intentionally or by accident.
– System errors and theft are just a few of the many ways that information is compromised.
– Portable technology and devices compound the problem.
Proactive detection and correction can go a long way to prevent loss and further fallout due to reputational damage, lost sales, fines, lawsuits and prosecution.
Interested in joining CSR?