Home
Domains
Privacy
Information Security
Awareness
Compliance audit
Customer Stories
Inspire
Blogs
Whitepaper
About us
About Audittrailgroup
Partners
FAQ
NL
Contact
Home
Domains
Privacy
Information Security
Awareness
Compliance audit
Customer Stories
Inspire
Blogs
Whitepaper
About us
About Audittrailgroup
Partners
FAQ
NL
Contact

Educational institution on the road to compliance

Healthcare institution improves quality: focus on privacy and information security | Audittrailgroup

Organization

A large regional institution for higher education was highly aware of their responsibility for proper processing of personal data from all students and employees. Changes in ICT-facilities were an important impulse for the desire to improve on information security and raise awareness.

Audittrail was requested to perform a baseline status assessment in 2017 for both privacy and InfoSec to prepare for the impact of the GDPR legislation that was coming. The results from this assessment were used to gain insight in the risks involved and make recommendations on the necessary improvements to become GDPR secure and compliant. As a result, starting 2018 an Audittrail DPO was appointed. Simultaneously, Audittrail took on the role as project leader for the Taskforce IBP (InfoSec and Privacy), and to set up and execute a long-term awareness strategy.

  • Baseline status assessment privacy and information security.
  • DPO
  • Taskforce IBP and awareness campaign
  • E-Learning
  • DPO continued

Challenge

The organization had already done a lot in terms of InfoSec and Privacy compliance. In order to assure structural improvement, they asked Audittrail to deliver a project leader for an internal Taskforce. Our project leader, together with expert consultants, gave advice on reorganizing the internal governance for privacy and security compliance. Moreover, the Taskforce aimed to lift the organization to the next level of compliance.

In addition to mapping out a new governance organization, Audittrail was asked to plan and implement an awareness campaign. The general awareness campaign was expanded with social engineering (Mystery calling and phishing test), as well as a lecture by a well-known security-journalist. At a later stage we launched an e-Learning platform, specifically designed for Privacy and Security.

Healthcare institution improves quality: focus on privacy and information security | Audittrailgroup

Solution

We delivered multiple documents at the end of the project. Firstly, a Security action plan for 2019-2020 was delivered. This included an extensive plan for an organization-encompassing audit cycle divided into multiple sprints.

For Privacy we delivered an overview of the different types of (sensitive) personal data that different departments processed. This insight was an important part of the register of data processing activities the organization aimed to maintain. In line with our philosophy to transfer knowledge and leave an organization fit to manage compliance independently, the organization was able to stay in control of privacy and security even after we completed the program.

Results

  • Clear audit plan for security
  • Increased awareness among employees
  • Structural awareness maintenance through e-learning
  • Basic privacy documentation in order
  • Organization fit to update documentation independently
  • GDPR-compliant through Audittrail DPO.
Back to overview
Edit page Dashboard Settings Website Design Page cached on Sat. 21 Dec 11:52
Renew cache
Cookies
We use cookies on our website to keep the user experience optimal. Privacy policy
Functional only
Accept all
Cookie instellingen
Privacy policy
Voorkeuren opslaan