The i-SIGMA Compliance Monitoring Service Has Arrived
The eagerly awaited i-SIGMA Compliance Monitoring Service has arrived. Starting immediately, many service providers will use it, and soon clients around the world will begin seeing promotions encouraging them to use it too. And, if the underlying assumptions behind its creation are correct, they will eventually come to rely on it as a vital demonstration of their own regulatory compliance.
Why Did i-SIGMA Create This Service?
All data protection regulations require clients to demonstrate initial and ongoing due diligence when selecting third-party service providers to process personal information. The key word there is “demonstrate.” In fact, when a large investment firm was recently fined after its discarded electronics exposed personal information about its clients, the judgment was based on the fact that they failed to employ “adequate due diligence in selecting a vendor and monitoring its performance.” This new, free service from i-SIGMA helps organizations fulfill that regulatory obligation by sending out comprehensive compliance reports detailing the qualifications of vendors offering records storage, imaging, scanning, secure shredding, and electronic media recycling.
Of course, the challenge to clients (such as the investment firm) of complying with such regulations is that, 1) they rarely have the bandwidth to perform such due diligence and, 2) even if they did have the bandwidth, they can hardly be expected to know what to look at. Enter i-SIGMA certification programs, which are not only designed to review the relevant regulatory and security overlap, but to do so on an ongoing basis.
By obtaining the automatic reports issued by the i-SIGMA Compliance Monitoring Service, the client has evidence by which they can demonstrate both initial and ongoing compliance of their service provider. In short, the client themselves gets the tangible benefit of being able to demonstrate their own vendor-selection compliance requirements.
“We began the service when customers requested that we email them alerts when their service provider renewed or lapsed,” says i-SIGMA CEO Bob Johnson.
“Now, we’ve taken that concept a step further. The service is based on the fact that many data controllers are required to demonstrate initial and ongoing due diligence when they use data-related service providers,” Johnson continues. “And, because NAID AAA and PRISM Privacy+ Certifications address the relevant security vulnerabilities and regulatory overlap, the information verified during audits mirrors what that due diligence should look like.”
“Essentially,” Johnson added, “they’re supposed to do it, but often don’t what to look at or don’t take the time, so we can do it for them even better than they can.”
Clearly, any client will see the value of obtaining this free report, and once they are aware it is available will come to insist on it.
Users of the service will first be brought to a welcome screen, and next will be able to choose their provider that they wish to monitor (as shown below). If the user does not have a provider in mind, they can also find a local service provider.
Once the user has selected their service provider, all they have to do is enter their email address (stored anonymously). The report will show up in the user’s inbox within minutes. Future reports will be sent annually as each company renews its certification and whenever they make changes in their serviceswhich may impact the details of their certification on file.
i-SIGMA is very excited to announce and roll out this eagerly awaited program. For information on certification programs, contact: [email protected]. For technical assistance regarding this tool, please contact: [email protected].