Celebrate the Changes:
New Rules and New Tools Lend to Certifications Critical Value Proposition By Bob Johnson
No Pain/No Gain While the ongoing evolution of the i-SIGMA certification program’s requirements might pose a challenge to service providers, at the end of the day, those changes are the key to its value for them and their customers. Most certifications – even some circling the secure destruction and ITAD arena – reassure their participants that changes will be introduced every 3 to 5 years, then give year-long windows to required compliance. NAID AAA and PRISM Privacy+ Certification, however, do not have that luxury. Because i-SIGMA certifications are intended to verify regulatory compliance, changes to the specifications are dictated by the lawmakers and regulators.
i-SIGMA CEO Bob Johnson explains why members should celebrate the continued evolution of certification requirements and how the association intends to make service provider qualifications the imperative that regulators want. _________________________ 16
iG Journal 2021 Issue 2
Any certification that declares changes will be introduced on some arbitrary, multi-year schedule is putting the service provider’s interests above the client’s, and in so doing, is putting that client at risk. This is why service providers that are either NAID AAA or PRISM Privacy+ Certified have recently been required to add a Data Subject Response Policy, and why in the coming weeks they will be required to identify a Data Protection Officer.
