Skip to main content

Data Mapping for Security and Privacy | Improve Decision Making

Data – It’s Much More than Just Consumer Data

But it’s not only consumer data for which organizations need to be concerned about, it’s also internal employee data, highly sensitive IP driven data – perhaps even federal data (if you’re a contractor providing services to the U.S. government). In reality, it’s about ensuring the safety and security of any type of data resident in your environment.

The safety and security of data (all types and all formats) is now more important than ever, thanks in large part to growing data privacy and cybersecurity regulations that are impacting organizations all throughout the globe. The General Data Protection Regulation (GDPR), along with the California Consumer Privacy Act (CCPA), are just the beginning of what’s sure to be a global onslaught of data privacy laws and regulations headed to every organization’s doorstep.

Doing a Deep Dive on Data – A Proven Methodology

With Centris, our data mapping assessments take a deep dive into all things data – specifically – how your organization collects, uses, shares & discloses, stores, protects, retains, and disposes of data. Centris’ data mapping assessments consist of the following phases:
 

Phase I: Analysis & Scoping

Measures to undertake include having a solid understanding of why such an assessment is being undertaken, what departments, systems, and personnel are considered in scope, and more. Additional factors to consider for this initial phase:

  • Identifying data groups (i.e., consumer data, federal data, internal employee data, corporate IP, etc.) and the relevant data types associated with each group.
  • Beginning to conceptualize and understand the data flows for the data groups – specifically - how data is collected, used, shared & disclosed, stored, protected, retained, and disposed of.
  • Assigning key roles, responsibilities, high-level deliverables, and overall expectation with both Centris consultants and your internal employees.
  • Assessing information security/cybersecurity controls, along with third-party entities deemed in scope.
  • Assessing regulatory compliance requirements (i.e., GDPR, CCPA, PIPEDA, federal agency compliance, etc.).
 

Phase II: Information Flow

Measures to undertake include conceptualizing, confirming - and then documenting – the information flow of all data groups and associated data types throughout the organization. When documenting the information flow, it’s critical to touch on the following elements: data items, format of data, location of data, access to data, and more. Additional factors to consider for this phase include the following:

  • Collection – Where is data being collected from, in what manner, from what external entities, transmission protocols, etc?
  • Used – What is the overall use and lawful purpose of the data being collected?
  • Shared & Disclosed – Who is data being shared with – both internally and externally (i.e., third-parties), the specific data sets being shared, the rationale why?
  • Storage and Protection – For data resident in an organization's information systems, how is it being stored and protected (i.e., encryption, etc.)?
  • Retention – What established data retention periods are in place and the rationale for it?
  • Disposal – How is data disposed of when no longer needed?

CENTRIS

Leaders in Security & Regulatory Compliance

Risk Strategies & Methodologies
Risk management planning reduces exposure to a wide-range of issues that could have detrimental effects on a business. Not knowing, planning, or responding to risks and related issues can leave an organization with few options in combating risks when they actually surface.
Strategic Planning & Integration
Every organization is moving towards a digitized business model, so isn’t it time to strategize on some of the most critically important elements for your business?
Regulatory Compliance Experts
Build scalable, adaptable, and efficient compliance solutions for increased organizational efficiency, while also improving core InfoSec, cybersecurity, operational and data privacy controls and best practices.

Data mapping services to secure & manage your data complete lifecycle


The safety and security of data (all types and all formats) is now more important than ever, thanks in large part to growing data privacy and cybersecurity regulations that are impacting organizations all throughout the globe. The General Data Protection Regulation (GDPR), along with the California Consumer Privacy Act (CCPA), are just the beginning of what’s sure to be a global onslaught of data privacy laws and regulations headed to every organization’s doorstep.
 

Phase III: Reporting

With Centris, our data mapping reports provide organizations with a wealth of information for making informed decisions on how to best manage their data. Key sections included within our report include the following:

  • Initial findings for all in-scope data groups and data sets.
  • Recommendations and requirements to be implemented for the entire data flow lifecycle.
  • Formalized action plan, complete with milestones and deliverables necessary for successful data management.
 

Phase IV: Remediation

With Centris, we can assist in remediation by offering expert guidance, tools, and other support for creating sound controls for how your data is being collected, used, shared & disclosed, stored, protected, retained, and disposed of. In terms of remediation, we can fully assist with the following:

  • Properly classifying data into correct categories.
  • Developing information and data flow diagrams.
  • Developing data privacy program policies and procedures.
  • Assistance with implementing various security tools & solutions.

With Centris, we offer a wide range of data privacy, cybersecurity, and regulatory compliance solutions and services, including assessments & programsdata governancedata mappingPIADPIAGDPR assessments, CCPA/CPRA assessments, international international privacy assessments, U.S. state privacy assessments, EU Cloud Code of Conduct, Microsoft SSPA/DPR, along with data privacy programs.

"Leaders use data mapping techniques to improve data-driven decision making."
- Gartner

Why Centris For Data Mapping?

  • Proven methodology for documenting data lifecycles.
  • Experts at remediating control gaps and documentation deficiencies.
  • Experience in working with all industries and sectors for data mapping.

Additional Related Services


    Protect Your Digital Systems & Ensure Compliance at All Levels

    From robust security and compliance solutions to risk analysis and corporate strategy - partner with CENTRIS for enterprise resilience.