3 hours 39 minutes
Welcome to Mulele 2.3, developing a strategy and vision.
In this module
we will discuss developing a strategy,
developing a vision
and gaining approval
when we're developing a privacy strategy.
It's incredibly important to ensure
that business alignment is something that is considered with our strategy.
If our privacy strategy does not align with our business strategy or overall organizational strategy, it's going to be very difficult
to have the roots of your strategy really get in bed embedded within your organization,
Finalize operational business case for privacy.
So if you haven't created a business case for why privacy exists, we'll discuss some of the elements of that throughout this course. However, it's important to make sure that you've proved your case to key stakeholders or shareholders, that privacy needs to be taken seriously throughout your organization,
we identify stakeholders, don't forget those external stakeholders
leverage key functions,
creative process for interacting with the community
and align and adjust the culture as needed
as time goes on.
Culture certainly has to play a role in how you manage your program internally and externally,
we develop your privacy strategy. We have to make sure you obtain funding,
putting a program together not only cost money in individuals but also at times
and other expenses related to ensuring that your program
solid and kemet sure.
Development development statements on collection, authorized use, access and destruction of information is important.
Privacy inquiry, complaint handling is something that also needs to be considered within your strategy and program flexibility due to external factors. Whether the legislative, regulatory market or business requirements that may change
in creating a vision, privacy vision should align with the organizational objectives,
should provide feedback to key stakeholders.
It should be short and succinct a few sentences at most, maybe about 30 seconds to read to audience understands the overall vision of your program.
Keep in mind the strategy is going to be a much more detailed explanation of what your program needs to accomplish. The vision is something that not only internal but also external stakeholders could see
here's an example of a vision statement put out by the stanford University privacy office.
You can see here,
they work to protect the privacy of the university employee patient and other confidential information.
Our office helps to ensure proper use and disclosure of such information, as well as fostering culture that values privacy through awareness. The privacy office provides meaningful advice and guidance on privacy, best practices and expectations for the university community.
Now you don't have to copy verbatim their vision.
You have to make sure it, of course it aligns with your organization, but you can see here that they covered a lot of the items we discussed previously under creating a vision.
It's important to gain executive approval or leadership approval for your strategy and Vision.
The Vision can and should be approved before an actual program is developed.
That is key.
Vision can be amended before the program is running. It's okay to make changes as you find out more throughout creating your program, sea level and border directors should provide written approval of the vision. It's important to have the approval. So people know throughout your organization and externally
you are operating with the authority necessary to create the privacy program within the organization.
Evaluate the objective is a vision attainable. What major obstacles exist is funding required? Does a vision reach all stakeholders?
We talk about funding here in Bullet three. There could be some statements made for some quote unquote promises made within the statement of the vision. That may not necessarily align with the strategy of the program or with the organization. So it's important to make sure we don't overstate
what is included in the vision because it could change
the scope or the budget requirements of putting our program together.
And last does the vision reach all stakeholders. It's important to make sure we're including those external stakeholders. You noticed within the privacy statement provided by the university or stanford University, that they reference patient. So they must have a medical school that is at Stanford University and that that medical school is certainly covered under that privacy vision.
So they did a great job of understanding what functions and all their stakeholders that are required to reach that vision and to include in that vision,
stakeholders and shareholders can come in many different ways to an organization. So it's important to make sure you have an open discussion about all of the stakeholders and shareholders potentially that are required to be part of your privacy program development
before the privacy vision is announced, it should be one written in times new roman to agreed upon by the committee
Or three have executive approval.
Of course, the answer is three have executive approval.
It's important to make sure that you are operating with the authority. You need to
to go out and preach about what your program does and how you can help the organization.
In this module, we discussed developing a privacy strategy and vision. We also discussed the importance of organizational structure and approval for your program
as it relates to the strategy envisions.
MS-500: Microsoft 365 Security Administration
Are you a system administrator who wants to get a certification that is globally recognized ...
7 CEU/CPE Hours Available
Certificate of Completion Offered
Become a CISO
Taught by CISOs for CISOs, this Career Path has developed thousands of executives worldwide. Interact ...