To protect privacy of personal information from unauthorized use, disclosure, modification or misuse, DSCI conceptualized its approach towards privacy in the DSCI Privacy Framework (DPF©) which is based on the global privacy best practices and frameworks. The framework was released in December, 2010. To assess the privacy implementation in an organization, DSCI Assessment Framework for Privacy (DAF-P)© was released in December, 2012. It consists of two parts, with each focusing on distinct aspects of privacy implementation – one focuses on Assessment of Organizational Competence in Privacy based on practice areas defined in DPF© while the other - Privacy Principles based Assessment, focuses on implementation of global privacy principles. The first part is based on the nine practice areas listed under DPF© and the assessment questionnaire is thus designed to help organizations assess and mature their privacy program. The second part is intended to help organizations assess and improve maturity in the implementation of global privacy principles across all the organizational processes that deal with personal information and in the process optimize their efforts while implementing privacy principles across global operations. DSCI has designed a training program for potential assessors to assess implementation of privacy in organizations that meets the requirements laid down in DPF©.

To equip the potential assessors with necessary knowledge and tools to assess an organization privacy implementations in accordance with DSCI Assessment Framework for Privacy (DAF-P)©and DSCI Privacy Framework (DPF©). The training program intends to explain the intent behind each of the practices defined under the nine practice areas of (DPF©), to help the assessors understand, analyze, investigate and appreciate the various aspects of privacy implementation within organizations. The training program aims to provide a common platform for potential assessors from different organizations to have a common understanding and expectations for privacy implementations. The program will also help organizations desirous of DSCI certification; better understand the expectation of privacy implementation, and requirements for DSCI certification.

Training Content

Visibility over Personal Information (VPI)

This module will help participants evaluate the organization’s visibility and understanding over handling of personal information during its complete lifecycle from collection to deletion including types of personal information handled, organizational processes / functions / relationships involved, ownership, access channels and patterns, technical & physical environment, among others.

Privacy Organization and Relationship (POR)

This module will help participants evaluate the adequacy of the privacy function established by the organization to design, implement and monitor privacy program and successfully meet the privacy obligations. The assessment includes evaluation of the organizational structure of the privacy function, governance mechanisms, responsibilities and tasks, coordination and collaboration with other organizational function, among others.

Privacy Policy and Processes (PPP)

This module will help participants evaluate the privacy policy and processes established by the organization to provide direction and consistency in implementation of privacy initiatives. The assessment includes evaluation of the privacy objectives, process followed for designing privacy policy, policy contents, privacy processes established for deploying policy, communicating policy to relevant stakeholders, monitoring of policy implementation & enforcement and policy review mechanism for identifying and improving deficiencies.

Regulatory Compliance Intelligence (RCI)

This module will help participants evaluate organization’s capability to track applicable privacy legislations and determine their applicability through appropriate interpretation of regulatory requirements, thereby ensuring alignment of organization’s privacy initiatives to the evolving regulatory landscape. The assessment also includes evaluation of organizational efforts for employee awareness vis-à-vis their responsibilities and the liabilities of non-compliances and the management of compliance related knowledge.

Privacy Contract Management (PCM)

This module will help participants assess organization’s competence in managing privacy risks when sharing personal information with third parties (for data controllers) OR when receiving personal information from client organizations (for data processors). The assessment includes evaluation of organizational processes for establishing visibility over organization’s external or client relationships, understanding and incorporating adequate privacy protection related clauses in the contracts signed with third parties or clients, identification of contractual liabilities and obligations, ensuring compliance with regulatory requirements, understanding impact of non-compliances, demonstrating compliance to contractual requirements, among others.

Privacy Monitoring and Incident Management

(MIM)This module will help participants evaluate privacy monitoring and incident management capabilities of an organization to detect, contain and communicate privacy breaches or incidents and includes assessment of designing, contents and execution of privacy monitoring and incident management plan, with a focus on evaluating coordination and collaboration mechanisms established to respond to a privacy breach / incident.

Information Usage and Access (IUA)

This module will help participants evaluate policy, processes, set of rules and technical controls deployed by the organization for limiting personal information collection, access and usage, thereby ensuring lawful and fair handling of personal information.

Privacy Awareness and Training (PAT)

his module will help participants evaluate the organizational efforts in creating privacy awareness and training within and outside (external relationships) the organization in order to inculcate a strong privacy culture. The assessment includes evaluation of designing of awareness & training programs, contents of the programs, channels & platforms to deliver the contents, mechanisms to measure effectiveness of such programs, among others.

Personal Information Security (PIS)

This module will help participants evaluate how an organization's information security initiatives address security risks specifically to personal information. The assessment includes evaluation of organization’s security initiatives such as data classification techniques, data leakage scenario based planning, security controls & practices for protecting personal information, data centric IT architecture, integration of privacy in IT/ security initiatives (e.g. privacy enhancing technologies), among others. The assessment also covers organizational efforts for managing privacy implications emerging from use of security technologies.

Nine Practice Areas of DPF©


  • Assessors from DSCI partner and / or accredited assessing organizations that have been authorized by DSCI to conduct third party assessments of organizations desiring DSCI certification.
  • Personnel nominated by organizations who would like to get DSCI certified or conduct self-assessments based on DSCI Self-Assessment Program
  • Freelancers / independent consultants interested in assisting organizations conduct self-assessment or provide consulting services for privacy implementation


3 Days Program (Classroom Training + Examination)



  • DSCI Certified Privacy Lead Assessor’ Certificate post successful completion of training
  • Access to necessary knowledge and tools for conducting privacy assessments and / or implementing Privacy
  • Soft copies of DSCI Privacy Framework and DSCI Assessment Framework for Privacy
  • Better understanding of expectation of privacy implementation, and requirements for DSCI certification (for organizations desirous of DSCI certification for privacy)
  • Authorization for conducting self-assessments as per DSCI Self-Assessment Program
  • Access to DSCI experts and peers for resolution of privacy assessment or implementation related queries


Standard Fee Per Participant- INR 28,000 Plus 18% GST(as applicable)


  • No individual discount on Standard fee
  • Group discount – 10% on 20 or more than 20 candidates from same organization.
  • The fee to be paid in advance once batch is announced. Without advance fee candidates will not be registered for the training batch.
  • Training would be of 3 days, At the end of the 3rd day, there would be an examination, on the basis of which participants will be awarded ‘DCPLA certificate.

Upcoming Training

Location: Hotel IBIS, Hyderabad

Date: 12th to 14th June 2019

For further information please contact

Akshat Vatsayan
Email: akshat[dot]vatsayan[at]dsci[dot]in
Tel: 0120 4990265

Register your interest

DCPLA - Show Your Interest