Skip Ribbon Commands
Skip to main content
Home > Services > Audit and Compliance > Privacy GAP Assessment Pre Audit


Privacy Gap Assessment - Pre Audit


Evolving US Federal law provides protections to consumer information, such as HIPAA, Gramm-Leach-Bliley Act (GLBA), and Fair and Accurate Credit Transactions Act (FACTA, including Red Flags).  States have enacted their own laws providing additional protection. For example, 48 states have breach laws, such as Massachusetts’ 201 CMR 17. Similarly, numerous international laws have been adopted, such as: European Directive, Personal Information Protection and Electronic Documents Act (PIPEDA), and the more than 50 countries that have enacted omnibus data privacy laws covering the private sector (e.g., Mexico’s Federal Law on the Protection of Personal Data Held by Private Parties). The SecureState Privacy Gap Assessment compares your privacy program against applicable law and industry best practices.

Privacy Principles

  • Management
  • Notice
  • Choice and consent
  • Collection
  • Use, retention, and disposal
  • Access
  • Disclosure to third parties
  • Security for privacy
  • Quality
  • Monitoring and enforcement


  • Identification and compliance with applicable privacy law and regulatory guidance
  • Proper 3rd party objective demonstration of compliance
  • Avoidance of fines and regulatory action
  • Client-centric program for safeguarding personally identifiable information
  • Reduction of the cost, confusion, and complexity of compliance


SecureState’s Audit & Compliance consultants are experts in understanding both the technical aspects as well as the business aspects of your organization. Our experience and knowledge, developed while working with some of the top Fortune 500 financial institutions in the country and a governing body, provides your organization with a true picture of your compliance with GLBA.

Did You Know?

  • The Privacy Maturity Model(PMM) was coauthored by International Privacy Task Force sponsored by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA)
  • The Privacy Task Force was instrumental in the development of Generally Accepted Privacy Principles (GAPP)
  • PMM is based on the requirements in GAPP
  • The Capability Maturity Model (CMM) – created and service-marked by Carnegie Mellon University – is a 1988 methodology leveraging data collected by US Department of Defense contracted organizations
  • PMM is based on assessment levels of the recognized CMM
  • A Privacy Gap Assessment – Pre-Audit should be performed annually.

Our Approach and Methodology

SecureState’s Gap Assessment/Pre-Audit approach maps critical information processes and data flow to determine applicable law and business impact. This risk based approach:

  • Evaluates the effectiveness of your privacy program
  • Leverages the Privacy Maturity Model
  • Validates privacy controls
  • Remediation cost-justification

The stages of our Privacy Gap Assessment/Pre-Audit, with limited descriptions, are as follows:

Pre-Onsite Visit:

  • Introduce engagement participants and define roles
  • Review engagement activities
  • Review any applicable documentation

Process Mapping:

  • Document the high level in-scope systems and technical infrastructure

Requirements Analysis:

  • Document the existing controls used to protect in-scope data assets
  • Identify gaps against applicable law


  • On-site interview and information gathering to assess compliance status
  • Outline strategic recommendations to mitigate identified control gaps
  • Upload remediation activities to “MyState Portal”
  • Risk based compliance gaps to build a remediation roadmap

What Makes Us Different


  • Provides comprehensive, on-demand Privacy and Security expertise during the engagement and throughout the year
  • Supports its clients’ GLBA compliance program with our proprietary” MyState Portal” and a team of qualified security specialists
  • Maintains close relationships with our clients because we care about the outcome of the assessment
  • Works with some of the top U.S. financial institutions on GLBA compliance

Related Blog Posts