The AvePoint Solution
H3 Solutions chose to implement the AvePoint Privacy Impact Assessment (APIA) system for its PIA needs. Exclusively available through the International Association of Privacy Professionals (IAPP), APIA mitigates the risk inherent with manual privacy impact assessments, helping organizations understand and automate the process of evaluating, assessing, and reporting on the privacy implications of their enterprise IT systems. “I have a background in the IT compliance industry, so I have worked with the IAPP in the past and have known AvePoint for a long time,” said Lisa Ruff, Mobile Entrée Business Development Manager. “When we learned APIA was available, we knew the technology could help us automate the process of conducting PIAs for our cloud service.”
APIA allows users to select questions from a prepopulated bank of PIA questions or create their own, meaning they can build and save PIA templates to be reused and reported out. Ruff was able to set up the PIA process using a combination of questions available through APIA as well as the company’s own customized questions. Within two weeks, H3 Solutions created a PIA process through APIA that consisted of approximately 30 privacy and security questions that would ensure customers that privacy regulations were met with Mobile Entrée 365. “The questions available in APIA were very relevant and gave us a great framework to start our PIA process,” Ruff said. “We can report on the questions to our customers and give them confidence through the third-party validation APIA provides that we are not accessing or collecting any sensitive data, such as Personally Identifiable Information.”
Ruff also appreciated APIA’s built-in workflows and ability to automatically generate organization-specific PIA reports to distribute to key stakeholders throughout H3 Solutions for review. The relevant stakeholders at H3 Solutions include developers, product managers, and business development managers. “As a company that is task-oriented, APIA’s workflow capabilities and automation of the stakeholder review process is very helpful,” Ruff said. “The system’s ability to send email reminders to stakeholders is also valuable as it helps ease the process of ensuring all aspects of PIAs are completed.”
In addition to time savings, APIA’s ability to automate PIAs also helped H3 Solutions reduce the risk of human error inherent with manual processes. “APIA gives us peace of mind that all aspects of our PIAs are carried out fully and that everything is tracked and coordinated through one system,” Ruff said.