Data Trust Score (DTS) is a measure of the effectiveness of compliance of an organization to data protection law as assessed by an auditor. This brings visibility to the common man of how reliable are the data protection measures in an organization. It also brings accountability to the data audit system by requiring the auditor to convert the subjective assessments to a common objective number.
In the Corporate and Investment world, “Credit Rating” is a common measure of the safety of investment in an instrument and has been widely used. DTS now brings this concept to the world of “Personal Data” which is like a currency which public invest and Data Fiduciaries collect and use for generating business revenue.
Naavi has been working on developing a DTS system based on the PDPB 2018 which later became PDPB 2019 and DPB 2021. In this process, Naavi developed a framework referred to as “Data Protection Compliance Standard of India” (DPCSI) which incorporates the best of the various frameworks for implementation of ISMS or PIMS and extends it with some other unique concepts.
The two components of DPCSI are PDPCSI (Personal Data Protection Standard of India) and NPDP-CSI (Non Personal Data Compliance Standard of India). The basis for the PDPCSI framework is DPDPB 2023 (Digital Data Protection Bill 2023). The basis for NPD-CSI is the Information Technology Act 2000/8.
Now, Naavi has tried to simplify the process of DPCSI audit by enabling DTS evaluation online. This online DTS computation has been enabled by Ujvala Consultants Private Limited.
The process is enabled as a “Self Evaluation” based on certain assessment questions, submitted for review to Ujvala Consultants for validation. During the process of this self evaluation, a trained mentor would be available from Ujvala to explain the implication of a question. During this stage, the organization would self evaluate it’s compliance status by assigning a DTS score between 1-10 for each of the 50 Model Implementation Specifications (MIS). The organization will also indicate their current level of documentation to support this self evaluation.
Validation of this self score of DTS can be further strengthened by review of policy documents by Ujvala and conversion of the self evaluation into a into a summary assessment of DTS.
Finally the system merges with a Certifiable audit by a FDPPI certified auditor who may do an online audit of the facilities.
The pricing of the service for each of these different levels of assessment.
The online Link to self assessment will be available on the payment of a prescribed fee.
The assessment goes through different steps over 50 model implementation specifications (MIS 1-50) and covers five responsibility centers in the organization namely,
General Instructions for use of the “My DTS” system
The assessment has been divided into five sections corresponding to the five different responsibility centers, so that different representatives of the company can complete the assessment in each of the sections. Each section covers the Implementation Specifications related to the specific responsibility center. The user is expected to complete the questionnaire with reference to the current practices in the organization.
The questionnaire consists of one or more questions related to each of the Model Implementation Specifications followed by a self assessment of an evaluation score for the specific implementation specification on a scale of 1-10. For each assessment, a list of documents referred may be indicated.
When these individual scores for each implementation specification is totalled, one arrives at the total score for the section.
It is envisaged that each section would be completed by a designated person.
The completion of the questionnaire can be stopped and continued as per the convenience of the responder. It can be reviewed internally before it is finally committed for submission.
The summation of the assessment scores for each of the five sections provides the first raw estimation of DTS of the organization based on self declaration.
When this assessment is submitted to Ujvala, Ujvala will apply a weightage system and compute an “Adjusted DTS” and communicate it to the organization along with some critical recommendations if any for further action. A Certificate would be issued in support of this “Self Assessment”. A general feedback on the next action required will also be provided by Ujvala along with the self assessment certificate.
Summary Assessment
Additionally, the organization may chose to elevate the self assessment into a “Summary Assessment” by Ujvala based on submission of evidentiary documents such as policy documents etc for review.
This would be separately Certified as “Provisional DTS” for the organization.
FDPPI Certification
If the Company opts to go for a full fledged audit of their compliance under the DPCSI framework which should meet the standards of Section 29 Data Audit, the audit will be conducted by an FDPPI accredited Certification body and may be certified by FDPPI under its norms for Certification.
Pricing
Will be provided on case to case basis.
The cost of Summary assessment by Ujvala with a review of the documents submitted would be based on the documents to be reviewed and an estimate would be provided after the basic DTS is provided.
The cost of final Certification audit would depend on the estimate of the work involved and as per FDPPI guidelines if any.
(Similar assessment audit for GDPR-DTS as well as ITA 2008-DTS would also be available. )
Naavi
Confidentiality of Information Submitted:
Kindly Note that the information submitted for assessment will be available for the team of consultants of Ujvala which consists of Naavi and his associates who provide their assurance for confidentiality of data through Ujvala.
Since the evaluation questionnaire is hosted on an external website and the security of data entered there in is subject to the security provided by the said website, an option is made available to the respondent organization to seek an Pseudonymous ID while making the payment which can be used on the website where the responses are completed. The responses donot contain any corporate data once the name of the organization is pseudonymized.
For any further clarification, kindly contact Naavi
Naavi
Confidentiality of Information Submitted:
Kindly Note that the information submitted for assessment will be available for the team of consultants of Ujvala which consists of Naavi and his associates who provide their assurance for confidentiality of data through Ujvala.
Since the evaluation questionnaire is hosted on an external website and the security of data entered there in is subject to the security provided by the said website, an option is made available to the respondent organization to seek an Pseudonymous ID while making the payment which can be used on the website where the responses are completed. The responses donot contain any corporate data once the name of the organization is pseudonymized.
For any further clarification, kindly contact Naavi