Data Protection (Privacy) & Secure Engineering

While the European Union General Data Protection Regulation (EU GDPR) continues to make headlines for its requirements and the looming California Consumer Protection Act (CCPA) approaches, there are many other reasons to have program-level documentation to demonstrate how cybersecurity and privacy principles are designed and implemented by default. It goes beyond compliance and is just good business practice. 

Can You Honestly Answer HOW Privacy or Security Are Implemented At Your Organization?

When you "peel back the onion" and prepare for an audit, there is a need to address "the how" for certain topics, such as how Security by Design (SbD) and Privacy by Design (PbD) principles are managed. While policies and standards are designed to describe WHY something is required and WHAT needs to be done, many companies fail to create documentation to address HOW the policies and standards are actually implemented. We did the heavy lifting and created a program-level document to address this need and the Security & Privacy by Design (SPBD) is that solution. 



Managing Privacy & Cybersecurity Principles Does Not Have To Be Hard

If you can use Microsoft Word and Excel, then you can perform both Security by Design (SbD) and Privacy by Design (PbD) by simply following the instructions and editing the template to suit your specific requirements. While this is a template, we did the hard work of creating the formatting, bringing together the correct scope of information that needs to be addressed!

  Operationalize Security by Design (O-SbD)  

 operationalize cybersecurity by design

  Operationalize Privacy by Design (O-PbD)  

data privacy documentation - privacy by design 

Security by Design (SbD) requirements come from numerous sources. In this context, the most important are:

  • International Organization for Standardization (ISO)
  • National Institute for Standards & Technology (NIST)
  • US Government (HIPAA & FedRAMP)
  • Information Systems Audit and Control Association (ISACA)
  • Cloud Security Alliance (CSA)
  • Center for Internet Security (CIS)
  • Open Web Application Security Project (OWASP)

Privacy by Design (PbD) requirements come from numerous sources. In this context, the most important are:

  • Fair Information Practice Principles (FIPPs)
  • European Union (EU) General Data Protection Regulation (GDPR)
  • Organization for the Advancement of Structured Information Standards (OASIS
  • International Organization for Standardization (ISO)
  • National Institute for Standards & Technology (NIST)
  • Information Systems Audit and Control Association (ISACA)
  • US Government (HIPAA & FTC Act)


Click on the image below to open a PDF document that shows you what the Security & Privacy By Design (SPBD) contains, as well as a look at the worksheets used to generate the checklist.

Editable Excel Checklists


Click For An Example

Editable Excel Checklists


Click For An Example

  • The main SPBD document is an editable Microsoft Word document.
  • It is written at a program-level to provide direction and authority.
  • Defines how both Security by Design (SbD) and Privacy by Design (PbD) are going to be operationalized.
  • The SPBD comes with editable “paint by numbers” checklists for managing both privacy and security lifecycles.
  • Security checklists are based on NIST 800-160.
  • Privacy checklist is based on the OASIS Privacy Management Reference Model and Methodology (PMRM).

Professionally-Written, Editable NIST 800-160 & OASIS PMRM-Based Cybersecurity For Privacy by Design (C4P) Program

The Security & Privacy By Design (SPBD) product is designed to support your company’s existing policies and standards. Our solution is focused at the procedural and guideline levels.

Editable Microsoft Word Documentation & Excel Checklists 

 The SPBD Excel checklists provide a wealth of experience to bake in security and privacy principles by establishing methodical and repeatable processes. 

In addition to logically organizing steps, we went the extra mile by calling out the deliverables expected and tied it to task #:  

Central to Cybersecurity For Privacy By Design Requires Leveraging Common Touch Points

Unfortunately, most companies fail to see the common touch points that exist in both project lifecycles and this can lead to either gaps in coverage or duplication of efforts. Through our experience in cybersecurity and privacy, we understand these touch points and call those out to enable a "paint by numbers" approach to baking in both cybersecurity and privacy controls into development and project management processes.

This is where aligning your company’s Security by Design (SbD) efforts with the Risk Management Framework (RMF) (e.g., NIST 800-37) can be very beneficial, since the RMF provides a well-established format to securely engineer and maintain systems throughout the entire life cycle of the asset. Utilizing common linkages, Privacy by Design (PbD) is incorporated into the RMF cycle.

NIST RMF privacy framework

"Paint By Numbers" Approach To Cybersecurity & Privacy Requirements

What we've done is simply handle the heavy lifting to integrate security and privacy controls into standard project management processes. This allows your teams to have a "paint by numbers" approach to demonstrating that both cybersecurity and privacy principles are baked into the process! We identified the stages where both cybersecurity and privacy requirements are expected as part of project development. This can enable your teams to work more effectively together and reduce the negative effect of teams working in silos. 

All too often, when projects are commenced, involvement from key stakeholders is siloed, as compared to operating as a cohesive team. We want to help your company avoid the following security & privacy pitfalls where:

Cybersecurity project management phases



Browse Our Products

  • Data Privacy Program - privacy program editable template

    Data Privacy Program (DPP)


    Data Privacy Program (DPP) - Editable Privacy Program Template What Is The Data Protection Program (DPP)? The Data Privacy Program (DPP) is an editable "privacy program template" that exists to ensure data protection-related controls are adequately...

    Choose Options
  • NIST 800-160 and OASIS-based Security and Privacy By Design (SPBD)

    Security & Privacy By Design (SPBD)


    Security & Privacy By Design  What Is The Security & Privacy by Design (SPBD)?  With the European Union General Data Protection Regulation (EU GDPR) effective in mid-2018 and the California Consumer Privacy Act (CCPA) on the...

    Choose Options
  • Information Assurance Program (IAP) Template

    Information Assurance Program (IAP)


    Cybersecurity & Data Privacy Control Validation Testing What Is The Information Assurance Program (IAP)? The IAP is focused on pre-production testing. ComplianceForge's IAP is based on established processes used by the US Government (e.g., FISMA,...

    Choose Options

Find Out Exclusive Information On Cybersecurity