Assess Current Business Policy

• Use a combination of manual reviews, sampling, and scorecard metrics to assess your current design controls and related information-handling practices
• Conduct company interviews, on-site visits (where required), and data discovery to identify data collection and residency issues
• Evaluate whether a privacy or security control exists, and whether the privacy activities or controls have been properly designed
• Compare your solution architecture, related information-handling practices, and operational processes against control activities

Prepare PbD Guidelines

• Identifies any deficiencies or gaps in information system design, policies, and practices and provide remediation steps to incorporate PbD principles
• Steps to be followed for compliance requirements with all relevant policies, practices, laws, codes, and contracts
• Provides detailed observations and recommendations to management for closing identified privacy gaps

Privacy Review Note

• Verifies if the privacy gaps were identified and closed before project 'go live'