DPA Security Policies

What are they?

DPA Security Policies provide a comprehensive document that identifies what must be done in your organisation to protect the personal and sensitive information you process. Good policies are simple, pragmatic, and should be clearly communicated to your employees from the top down. They can proactively define and promote a culture of awareness, action, and responsibility. Done properly, no other mechanism has the power to ensure that all employees are working towards the established business goals as a good set of policies and procedures. Comprehensive and detailed policies set the foundation for your data protection compliance efforts.

Why should I do it?

They will enable your management, staff and 3rd party suppliers to understand what they specifically need to do to ensure that personal and sensitive business information is protected in accordance with Regulations. The policies demonstrate business due diligence and also specifically detail what they should not do, significantly reducing the likelihood of a breach or fines.

How often should I do this?

Once established, your policies should be re-evaluated after any major change to your systems. At a minimum, they should be reconfirmed and updated annually to keep them current with your business security objectives.

What will Risk Factory do?

• Provide best practice DPA Policies for your branding and implementation.
• Deliver an additional template of recommended “control-level” procedures required for actually implementing the policies.
• Conduct a workshop for management and key business stakeholders to ensure their understanding and finalisation of the policies for implementation.
• Provide one year of telephone support from an Information Security Policy specialist to answer any questions or issues you may have regarding the implementation of the policies.

What will I receive?

• A complete set of customised DPA Policies and recommended procedures. To see a sample of the policies template, please contact the Risk Factory Foreman.
• A certificate of validation for evidence of compliance.
• A half-day workshop to ensure stakeholder understanding and “buy-in”.
• One year of on-call advice and assistance with policy questions.

Is there anything I need to do in advance?

You’ll need to speak with our policy specialist so we can understand your current policy goals and objectives and schedule a workshop and then ensure that the appropriate business stakeholders are available to attend the workshop. If you have any questions, don’t hesitate to contact our Factory Foreman.