ISO auditors have been one of the class of professionals who have been productively engaged in the audit and assessment services. ISO gives many opportunities for certification but one of the major activities has been ISO 27001. Now as the ISO 27001:2019 moves to ISO 27001: 2022, post 1st November, auditors have to gear up for the new framework. A few of these auditors had stepped into ISO 27701 and offering their services for GDPR compliance to Indian companies.
So far, we could tell a company that India does not have a data protection law and therefore go for GDPR compliance and implementation of ISO 27701 which along with ISO 27001 can be certified.
But the scenario has now changed. India has passed DPDPA 2023 which is applicable to collection of personal data in India. It will therefore be foolish to apply GDPR to Indian Personal Data and feel that compliance is achieved.
If so, how can an Indian Data Fiduciary go for compliance? particularly if it intends to get third party certified?
Enter DGPSI the Futuristic framework
Thanks to forward looking organizations like FDPPI, an unique framework for implementation of Compliance by Design, Certifiable third party audit and Maturity assessment is now available for organizations.
The framework is called DGPSI (Digital Governance and Protection Standard of India) and the system built under DGPSI guidance is the DGPMS or Digital Governance and Protection Management System.
So, DGPMS is now the organizational goal pushing aside ISMS and PIMS.
In this scenario, ISO auditors cannot depend on ISO 27001/ISO 27701 audit for their bread and butter. They need to find new avenues to leverage their years of experience.
DGPSI is the biggest disruptor in the IT audit domain. It brings three kinds of professionals namely the Business Managers, the CISOs and the DPOs into one platform and own the implementation.
Audit or implementation s no longer a proposal from CISO or DPO which the CFO or CMO shoots down. It is a proposal in which the CFO and CMO have equal interest along with CISO or DPO or even the CRO or CCO.
DGPSI directly addresses the compliance of DPDPA 2023 with about 35 controls.
At the same time it also picks up the 25 compliance requirements related to Privacy Risks identified by the Bureau of Indian Standards in their draft standard document released at the same time when DPDPA 2023 was passed by the Parliament and 33 controls required for ITA 2000 compliance.
The DGPSI additionally addresses the requirements of 93 controls of ISO 27001 and 49 controls of ISO 27701 which are suggested for application to Personal Data protection.
Thus, a Total of 200 non DPA controls are merged with 35 DPDPA specific controls and addressed through only 50 Model Implementation specification under DGPSI.
It is simpler but effectively includes the essence of the essence. More over the DTS component of assessment provides a maturity assessment of the organization’s compliance status also.
DGPSI is therefore likely to be the only choice of wise Business Managers in the industry.
Before organizations gear up to opt for DGPSI compliance, professionals need to transform themselves from their current expertise to DGPSI expertise and an opportunity is flying past you.
On October 28/29 and November 4 and 5, FDPPI/Naavi is conducting a 12 hour Virtual program to impart the necessary requirements of this DGPSI framework the best practices of the industry.
Visit www.fdppi.in and register yourself today .
Don’t miss the bus… board the C.DPO.DA band wagon today….