DSCI Certified Privacy Lead Assessor (DCPLA©) - Training and Certification Program

DSCI Certified Privacy Lead Assessor - Training and Certification Program (DCPLA©) To protect privacy of personal information from unauthorized use, disclosure, modification or misuse, DSCI conceptualized its approach towards privacy in the DSCI Privacy Framework (DPF©)

Objectives

To protect privacy of personal information from unauthorized use, disclosure, modification or misuse, DSCI conceptualized its approach towards privacy in the DSCI Privacy Framework (DPF©) which is based on the global privacy best practices and frameworks. The framework was released in December, 2010. To assess the privacy implementation in an organization, DSCI Assessment Framework for Privacy (DAF-P)© was released in December, 2012. It consists of two parts, with each focusing on distinct aspects of privacy implementation – one focuses on Assessment of Organizational Competence in Privacy based on practice areas defined in DPF© while the other - Privacy Principles based Assessment, focuses on implementation of global privacy principles. The first part is based on the nine practice areas listed under DPF© and the assessment questionnaire is thus designed to help organizations assess and mature their privacy program. The second part is intended to help organizations assess and improve maturity in the implementation of global privacy principles across all the organizational processes that deal with personal information and in the process optimize their efforts while implementing privacy principles across global operations. DSCI has designed a training program for potential assessors to assess implementation of privacy in organizations that meets the requirements laid down in DPF©.

To equip the potential assessors with necessary knowledge and tools to assess an organization privacy implementations in accordance with DSCI Assessment Framework for Privacy (DAF-P)©and DSCI Privacy Framework (DPF©). The training program intends to explain the intent behind each of the practices defined under the nine practice areas of (DPF©), to help the assessors understand, analyze, investigate and appreciate the various aspects of privacy implementation within organizations. The training program aims to provide a common platform for potential assessors from different organizations to have a common understanding and expectations for privacy implementations. The program will also help organizations desirous of DSCI certification; better understand the expectation of privacy implementation, and requirements for DSCI certification.

Please write to assessment@dsci.in for any query

Training Content

The training will be organized in the following main nine modules based on nine areas of DPF© supported by case studies:

  • Visibility over Personal Information (VPI)

    This module will help participants evaluate the organization’s visibility and understanding over handling of personal information during its complete lifecycle from collection to deletion including types of personal information handled, organizational processes / functions / relationships involved, ownership, access channels and patterns, technical & physical environment, among others.

  • Privacy Organization and Relationship (POR)

    This module will help participants evaluate the adequacy of the privacy function established by the organization to design, implement and monitor privacy program and successfully meet the privacy obligations. The assessment includes evaluation of the organizational structure of the privacy function, governance mechanisms, responsibilities and tasks, coordination and collaboration with other organizational function, among others.

  • Privacy Policy and Processes (PPP)

    This module will help participants evaluate the privacy policy and processes established by the organization to provide direction and consistency in implementation of privacy initiatives. The assessment includes evaluation of the privacy objectives, process followed for designing privacy policy, policy contents, privacy processes established for deploying policy, communicating policy to relevant stakeholders, monitoring of policy implementation & enforcement and policy review mechanism for identifying and improving deficiencies.

  • Regulatory Compliance Intelligence (RCI)

    This module will help participants evaluate organization’s capability to track applicable privacy legislations and determine their applicability through appropriate interpretation of regulatory requirements, thereby ensuring alignment of organization’s privacy initiatives to the evolving regulatory landscape. The assessment also includes evaluation of organizational efforts for employee awareness vis-à-vis their responsibilities and the liabilities of non-compliances and the management of compliance related knowledge.

  • Privacy Contract Management (PCM)

    This module will help participants assess organization’s competence in managing privacy risks when sharing personal information with third parties (for data controllers) OR when receiving personal information from client organizations (for data processors). The assessment includes evaluation of organizational processes for establishing visibility over organization’s external or client relationships, understanding and incorporating adequate privacy protection related clauses in the contracts signed with third parties or clients, identification of contractual liabilities and obligations, ensuring compliance with regulatory requirements, understanding impact of non-compliances, demonstrating compliance to contractual requirements, among others.

  • Privacy Monitoring and Incident Management (MIM)

    This module will help participants evaluate privacy monitoring and incident management capabilities of an organization to detect, contain and communicate privacy breaches or incidents and includes assessment of designing, contents and execution of privacy monitoring and incident management plan, with a focus on evaluating coordination and collaboration mechanisms established to respond to a privacy breach / incident.

  • Information Usage and Access (IUA)

    This module will help participants evaluate policy, processes, set of rules and technical controls deployed by the organization for limiting personal information collection, access and usage, thereby ensuring lawful and fair handling of personal information.

  • Privacy Awareness and Training (PAT)

    This module will help participants evaluate the organizational efforts in creating privacy awareness and training within and outside (external relationships) the organization in order to inculcate a strong privacy culture. The assessment includes evaluation of designing of awareness & training programs, contents of the programs, channels & platforms to deliver the contents, mechanisms to measure effectiveness of such programs, among others.

  • Personal Information Security (PIS)

    This module will help participants evaluate how an organization's information security initiatives address security risks specifically to personal information. The assessment includes evaluation of organization’s security initiatives such as data classification techniques, data leakage scenario based planning, security controls & practices for protecting personal information, data centric IT architecture, integration of privacy in IT/ security initiatives (e.g. privacy enhancing technologies), among others. The assessment also covers organizational efforts for managing privacy implications emerging from use of security technologies.

Who Should Attend?
  • Assessors from DSCI partner and / or accredited assessing organizations that have been authorized by DSCI to conduct third party assessments of organizations desiring DSCI certification.
  • Personnel nominated by organizations who would like to get DSCI certified or conduct self-assessments based on DSCI Self-Assessment Program
  • Freelancers / independent consultants interested in assisting organizations conduct self-assessment or provide consulting services for privacy implementation
  • Participating
    Organisation

FEE
DSCI Certified privacy Lead Assessor (Per Individual) 
DSCI Corporate Members26,000 + Taxes
Others30,000 + Taxes

Duration

3 days. At the end of the 3rd day, there would be an examination, on the basis of which participants will be awarded ‘DSCI Certified Privacy Lead Assessor’ certificate.

Benefits

Benefits

  • DSCI Certified Privacy Lead Assessor’ Certificate post successful completion of training
  • Access to necessary knowledge and tools for conducting privacy assessments and / or implementing Privacy
  • Soft copies of DSCI Privacy Framework and DSCI Assessment Framework for Privacy
  • Better understanding of expectation of privacy implementation, and requirements for DSCI certification (for organizations desirous of DSCI certification for privacy)
  • Authorization for conducting self-assessments as per DSCI Self-Assessment Program
  • Access to DSCI experts and peers for resolution of privacy assessment or implementation related queries

Please write to assessment@dsci.in for any query

Testimonials
  • An excellent course, the first of its kind in the country. Covers the whole ambit of the Indian Data Privacy Rules, and a comparison with the global Privacy landscape. A must have certification for the Privacy professionals.

    Arun Kumar Anand Vice President & CISO, NIIT Technologies Limited
  • I have known DSCI since its inception. I am extremely happy to see their consistent endeavor to make a difference in data security and privacy with initiatives happening within the industry in a big way.

    Seema Bangera CISO, Serco Global Services
  • Extremely helpful initiative. DSCI being the first in India to clarify Privacy aspects & improve industry understanding as privacy & its road map.

    Anindya ChatterjeeDeputy Manager, Vodafone
  • A good initiative by DSCI to strengthen India with respect to privacy right & enforcement.

    Vishnu KesarwaniInformation Security & Compliance, iGate Global Solutions Ltd.
  • A great initiative ‘must for the nation & industries/organizations now. It is high time we addressed privacy concerned by a structured framework & this is a step in the right direction.

    Vivek KaushikGCP Consultant, TCS
  • Wonderful training program. It gives a 360 degree view on privacy framework.

    Sridhar G.IMRC, Wipro
  • This training is a mint for all the execution who in any way deal with PI. There can be no other place in India other than DSCI to get the best out of privacy of related info.

    Joshi JosephSr. Info Risk Manager-IRM, ING Vyasa Bank
  • This was a very good & informative program. It built an awareness of what was happening in industry.

    Megha MadnaniAVP- Data Privacy, Genpact
Write Us

Write to Us

Image CAPTCHA
Enter the characters shown in the image.