CAPP uses the Project Management Institute (PMI) and the International Association of Privacy Professionals (IAPP) Certified Information Privacy Manager (CIPM) method as our foundation for privacy project management. The CIPM is accredited by ANSI under ANSI/ISO 17024: 2012 and recognized worldwide through a multilateral agreement with the International Accreditation Forum (IAF). Using CAPP to meet your project’s goals and objectives will leave you better equipped to update existing policies and procedures, enhance your long-term data-protection strategy, support privacy-by-design in new products and services and be better prepared to respond to regulatory actions and implement sustainable practices.
While there can be a large number of workstreams taking place in parallel in a CAPP project, the work can typically be subdivided into four distinct phases. This initial phase consists of four important elements:
The second primary phase of this project is where designing, unpacking, and planning take place. This is also the phase in which the Privacy Officer or sponsor is most engaged in providing direction and setting expectations. Tasks include:
We like to get buy-in for privacy projects from stakeholders by selling it as more than just a compliance exercise and by emphasizing the customer experience.
This is the phase when creating project deliverables, transformation, and workstreams occur.
During the execution phase, the project also has to monitor and measure the work’s progress with Key Performance Indicators (KPI’s) and control changes to the work and plans. We look at this as a separate stage of work performed in parallel with the execution phase, but in practice, it’s indistinguishable from the execution phase.During this period, the projects’ primary functions include directing and managing the project staff’s work, managing and mitigating risks that threaten project success, and ensuring that external stakeholders are engaged appropriately and that their expectations are being met.
The last step of a project is the formal close-out of external and internal procurement efforts.
We deliver the project’s product scope to the customer (including formal sign-off for delivery) with a punch list that documents key lessons learned and then formally closes the project.