Convergent Risks: A Holistic Approach to Privacy and Data Protection Compliance

Follow Convergent Risks on :

Chris Johnson, President & CEO
Once you’re compliant, you’re done.

This is a questionable interpretation of compliance in the world that businesses operate in today. With ever-changing sources of data, organisations often miss out on maintaining ongoing compliance and overlook an organic component of their daily processes— security. According to Chris Johnson, CEO and President, Convergent Risks, ensuring adequate security controls exist for internal workflows and third-party vendors should be considered a priority in order to prevent privacy breaches as vulnerabilities within process and supply chains can pose a significant risk to the protection of the confidentiality of personal information from improper usage and sharing. Whilst organisations and their vendors usually have adequate policies and procedures in place, they often neglect or fall short in the implementation of appropriate physical, digital, and logical security measures to protect their personal data, leaving organisations vulnerable to breaches, which can prove costly in terms of financial and reputational risk. Against this backdrop, what organisations require is an ongoing commitment to compliance and efficient management of internal and third-party workflows.

“Compliance will continue to be a process that evolves over time and requires an ongoing commitment” begins Stephanie Iyayi, Sr. VP, Business and Legal Affairs, Convergent Risks—a specialist consultancy focused on security, risk and compliance services. “We are only now beginning to see how enforcement will work, meaning that compliance will continue to be a process that evolves over time and will require an ongoing commitment to actively adjust to the terms of the law as necessary. Change can be frightening, but it can also highlight places where your own data handling practices have been lacking and help bring you in line with today’s requirements on both a legal and technical front.” However, it is easy to underestimate the commitment needed and the complexity of maintaining PII, Privacy and GDPR compliance. Often, companies struggle with the technical and organisational measures for achieving compliance and lack the understanding to implement security throughout their vendor supply chain and multiple workflows. This is precisely what Convergent intends to change.

A global multidisciplinary team of qualified subject matter experts, including international privacy lawyers, cloud and application security consultants, qualified auditors and seasoned risk and cybersecurity professionals, Convergent is trusted by some of the world’s largest organisations to handle their most sensitive content and data protection issues and cover all aspects of PII, Privacy and GDPR best practice compliance. The team draws on its extensive experience in developing and managing secure information asset workflows from both an enterprise and a third-party perspective to empower clients with privacy and cybersecurity best-practice solutions. The company helps clients operationalise their day-to-day data protection activities, securely migrate data from on-prem to on cloud, prepare for, and respond to the emerging reality of personal data breaches and efficiently manage its vendor supply chain, saving on time and budget.

Convergent offers the proper mix of guidance, support, and oversight to ensure privacy compliance when processing is conducted outside of the organisation through the implementation of its Privacy Control Framework. Iyayi explains, “The controls provide a structure for managing and processing personal data as well as securing the physical and logical environments where such assets are stored, accessed or processed. This helps to build a greater internal understanding of the information being shared and the risk exposure, enabling organisations to prioritise further compliance efforts.” “In some cases, we have implemented an ongoing programme of compliance for personal data and combined it with existing information security compliance as a number of controls tend to be common,” Johnson adds.
Stephanie Iyayi, Senior Vice President, Business and Legal Affairs
An assessment against Convergent’s Privacy Control Framework includes analysis of a detailed vendor questionnaire mapped to the framework and review of contracts, policies, and other relevant documentation. Where relevant, Convergent also carry out a site visit to validate responses provided and conduct interviews with third-party personnel. The end product being a user-friendly report documenting the findings and any correction plans. Johnson explains, “The amount of time and resources required for a vendor audit depends in large part on the risks that a third-party may pose within the organisation. Entrusting this process to a specialist such as Convergent can provide both peace of mind as well as cost and operational efficiencies.”


Compliance will continue to be a process that evolves over time and requires an ongoing commitment


He continues to emphasise that while privacy incidents continue to make headline news and result in substantial fines and reputational damage, organisations must adopt appropriate preventative physical and logical security measures, besides compliant policies. Companies should regularly test policies, processes, and systems against real-life threat scenarios. “By complying with a robust privacy control framework, our clients can clearly demonstrate that it takes data privacy seriously and is managing it within industry best practice. Carrying out such an exercise provides a practical and relatively inexpensive way to identify and manage risks to personal data, whilst supporting regulatory compliance with data protection legislation, enhancing customer loyalty and protecting your reputation,” informs Johnson.

Given the robust features and methodologies, Convergent’s Privacy Control Framework is already creating ripples in the market. Iyayi illustrates, “Backed by Convergent, organisations of any size or structure can utilise the GDPR controller, GDPR processor or CCPA control frameworks as applicable, to demonstrate it meets the requirements of the relevant legislation to stakeholders and customers alike.” Apart from its uniquely experienced global multidisciplinary team, the uniqueness of Convergent also stems from its ability to support clients in related areas such as penetration testing, preparatory security assessments, remediation, secure workflow strategy, and training. “We also make use of appropriate technology as far as possible to streamline our administrative processes, which enables us to pass on cost savings to our clients,” adds Johnson.

Convergent is further enhancing its service with the introduction of its web-based application in the coming months, a compliance tool that enables clients to manage large-scale assessments against relevant privacy and security control frameworks. The app allows users to access helpful guidance and implementation materials and download templates and policies from the platform. To evaluate the security systems, the app will also enable penetration testing and vulnerability scanning, thereby offering a holistic tool toward privacy and cybersecurity compliance.

Company
Convergent Risks

Headquarters
Los Angeles, CA

Management
Chris Johnson, President & CEO and Stephanie Iyayi, Senior Vice President, Business and Legal Affairs

Description
A global multidisciplinary team of qualified subject matter experts, including international privacy lawyers, cloud and application security consultants, qualified auditors and seasoned risk and cybersecurity professionals, Convergent is trusted by some of the world’s largest organisations to handle their most sensitive content and data protection issues. The team draws on its extensive experience in developing and managing secure information asset workflows from both an enterprise and a third-party perspective to empower clients with privacy and cybersecurity best-practice solutions. Convergent offers the proper mix of guidance, support, and oversight to ensure privacy compliance when processing is conducted outside of the organisation through the implementation of its Privacy Control Framework

Convergent Risks