The Security & Privacy by Design (SPBD) is program-level documentation that provides what your organization needs to comply with EU GDPR and other requirements that mandate companies demonstrate how they implement both security and privacy by design. This is a "best in class" approach to leading frameworks on the topic of secure engineering and privacy management. The goal is to operationalize both Security by Design (SbD) and Privacy by Design (PbD).
What makes the SPBD unique is that not only provide guidance at a program level in editable Microsoft Word format, but we provide an Excel spreadsheet with several editable checklists that provide a "paint by numbers" approach to being able to walk through the steps required to build systems and projects in a secure manner, which incorporates both security and privacy principles. On top of that, the secure engineering steps map to applicable NIST 800-160, NIST 800-53 and ISO 27002 controls!
The SPBD draws on expertise from NIST 800-160, OASIS, GAPP, and other leading frameworks. This enables you to point to best practices if you are ever audited, so that you can demonstrate adherence to reasonable expectations for security and privacy principles.
The NIST 800-171 Compliance Criteria (NCC) is an Excel spreadsheet that contains clear expectations and guidance on what is required to become compliant with NIST 800-171. This is NIST 800-171 Made Easy!
If you can use Microsoft Excel, then you can use the NCC to understand your requirements for compliance with NIST 800-171 rev1. There is no magic to it - it is a fully-editable Excel spreadsheet that contains exactly what a consultant will tell you:
We offer several other program-level documents that can help companies comply with common compliance requirements:
These documents fill a crucial need between high-level policies and the procedures in place to perform tasks. These documents provide evidence of forethought that describe HOW the organization's policies and standards are actually implemented.