Policy Review and Development

The starting point of your privacy and security framework is a strong program and project management plan. Kuma deploys a selection of proposals to ensure all necessary components of your plan is soundly in place.

Policy and Program Review and Development

Kuma will conduct an assessment of current practices and priorities of key stakeholders and identifying gaps and areas for improvement or new priorities.  This will support the development of a privacy strategy, mission and vision for a privacy office.  The strategy will incorporate the scope and breadth of the privacy office, which will inform organizational resource allocation and asset support. Identification of key executive sponsors and office or department champions with accountability toward privacy will flow from this strategy.  Job descriptions and duties (chief privacy officer, privacy manager, compliance analysts, data stewards, etc.) will be developed as resource allocation is determined based on organizational support and budget capacity and specification.

Kuma deliverables to support the development of the Privacy Program may consist of a written assessment of findings and results of current privacy practices within specific business units. The assessment may encompass evaluation of the business unit’s strengths, weaknesses, opportunities and threats (SWOT) for privacy policies and practices within the greater South Carolina government (not limited to a specific agency).  Kuma will provide a written report of recommendations to evolve the organizational Privacy Program or a develop a Privacy Program across multiple, similarly structured business units.

The report will include several aspects to the Privacy Program including the governance structure, policies and practices, staffing approach, ways to manage legal regulations and contractual obligations, training and awareness program recommendations, incident response plans, and proposed performance management of a privacy program. Augmented consulting deliverables may include a Communications Plan and a Strategic Implementation Plan.

The Communications Plan can provide a comprehensive communication strategy for organizational leadership to use in socializing the development and implementation of a Privacy Program with agencies and workforce members.  This plan may also contain content recommendations for communicating the new office with the residents and public. The Implementation Plan will delineate steps to develop and implement a Privacy Program consistently across the business units within the organizational structure.  The plan will include milestones, a timeline, recommended resource allocation, including personnel and projected budget.

Policy Review and Development

Kuma will update the existing information security and privacy policies as needed to align with industry best-practices (i.e., NIST, ISO).  Kuma will augment the existing policies and procedures with additional policies as needed to deliver a comprehensive catalog of best-in-breed information security and privacy practices.