New Certification Specs – Official Comment Period Open

June 9, 2021

The NAID AAA Rules Committee and the PRISM Privacy+ Committee have both approved new specifications that will require certified firms to designate a Data Protection Officer (DPO) and an i-SIGMA Certification Compliance Officer (ICCO). The designation of a DPO is an increasingly common regulatory requirement. The ICCO is already an administrative requirement within i-SIGMA’s certifications, which the respective committees believe should be an official specification. The DPO and ICCO could be the same individual. On the other hand, while the DPO could be outsourced, an ICCO could not.

Once finally approved and made effective, i-SIGMA will provide guidance and resources to members to help them understand the implications and obligations of assigning a DPO and ICCO.

At this time, i-SIGMA welcomes member comment on the specifications listed. Members may return any feedback using the provided survey in the Members Only Portal, My Digital Library. The Open Comment period runs through 15 July 2021.

At the conclusion of the comment period, the i-SIGMA Certification Rules Committee will issue a report to the board, responding to comments received along with any recommendations that result.