NAID Members Invited to Comment on Proposed PRISM Privacy+ Certification Specs
October 9, 2019
Although the proposed PRISM Privacy+ Certification applies to records management services, NAID members are invited to comment on the revised approach and new specifications.
Under the proposed structure, PRISM Privacy+ Certification would no longer require SSAE 18 or SOC 2, instead offering the less expensive option to obtain the operational credential by meeting defined regulatory and security criteria modeled after NAID AAA Certification.
According to PRISM International’s SME Gail Bisbee, the new specifications are more closely tied to the regulatory compliance clients need to verify.
“As data protection regulations heap more liability on data controllers,” said Bisbee, “they come to rely on certifications to meet their due diligence requirements. It’s a trend that will continue and it bodes well for PRISM Privacy+ to emerge as that standard globally.”
Early this year, Bisbee’s point was made clear by the 2019 i-SIGMA Australian Consumer Attitude Survey where 94% of records managers polled said a credible certification would be the most important factor when selecting a records storage service provider.
Comments on the Proposed Privacy+ Certification Specifications will be accepted throughout the month of October. As proposed, the specifications would be verified by i-SIGMA’s global network of contracted security professionals.