Comment Period Open for Proposed PRISM Privacy+ Certification Changes
October 2, 2019
i-SIGMA is officially requesting member comments on the proposed changes to the Privacy+ Certification program that are intended to make it both more accessible and more relevant. Under the proposed structure, Privacy+ Certification would no longer require SSAE 18 or SOC 2, instead offering the less expensive option to obtain the operational credential by meeting defined regulatory and security criteria.
According to PRISM International’s Subject Matter Expert Gail Bisbee, the new specifications are more closely tied to the regulatory compliance clients need to verify.
“As data protection regulations heap more liability on data controllers,” said Bisbee, “they come to rely on certifications to strengthen their due diligence requirements. It’s a trend that will continue and it bodes well for Privacy+ to emerge as that standard globally.”
Early this year, Bisbee’s point was made clear by the 2019 i-SIGMA Australian Consumer Attitude Survey where 94% of records managers polled said a credible certification would be the most important factor when selecting a records storage service provider.
Comments on the Proposed Privacy+ Certification Specifications will be accepted throughout the month of October. As proposed, the specifications would be verified by i-SIGMA’s global network of contracted security professionals.