This chart represents our methodology and outlines a proven strategy for creating required privacy documentation and validating the contents with agency stakeholders. Our 3 phased PII methodology applies to systems in development, production or systems affected by significant change. Systems and information are evaluated using existing security program documentation, federal standards and subject-matter-experts.
Privacy information relating to an individual with one Tier 1 or two or more Tier 2 unique identifiers is PII. Systems that process, store, retrieve and transmit PII must have Management, Operational and Technical controls evaluated and documented.Privacy documentation cannot be evaluated or developed in a vacuum. Our consulting professionals apply this methodology and templates to produce:
- Privacy Threshold Analysis (PTA)
- Privacy Impact Assessments (PIA)
- System of Record Notices (SORN)