DSCI Assessment Framework - Privacy (DAF-P)

To assess the privacy implementation in an organization, DSCI Assessment Framework for Privacy (DAF-P)© was released in December, 2012. It consists of two parts, with each focusing on distinct aspects of privacy implementation – one focuses on Assessment of Organizational Competence in Privacy based on practice areas defined in DPF© while the other – Privacy Principles based Assessment, focuses on implementation of global privacy principles. The first part is based on the nine practice areas listed under DPF© and the assessment questionnaire is thus designed to help organizations assess and mature their privacy program. The questionnaire is based on the practices defined in DPF©, with suggestive guidance parameters to aid the assessors when conducting assessments. The assessment could be conducted in either modes: Self-Assessment or External Assessment. The external assessment through DSCI empanelled auditors could help organizations attain DSCI Certification.

The second part is intended to help organizations assess and improve maturity in the implementation of global privacy principles across all the organizational processes that deal with personal information and in the process optimize their efforts while implementing privacy principles across global operations. To address the specific needs of the organizations having operations in India, this part of the (DAF-P)© also contains an assessment questionnaire that has been designed to help assess compliance against the privacy principles prescribed under section 43A of the IT (Amendment) Act, 2008. This part of the (DAF-P)© is intended for self-assessment only and, for now, will not entitle to any sort of DSCI Privacy Certification/Seal.