A very large component of the Department of Defense needed to streamline the process of managing privacy compliance across nearly 400 information technology systems, several of which contain personally identifiable information (PII). For those systems containing PII, the agency needed to prepare the proper privacy compliance documentation and then track and report on privacy compliance key performance indicators (KPIs) as those systems completed the various mandated privacy compliance documentation. Until the Phoenix Cyber solution was delivered, the Agency was using email to manage this process, which was slow, tedious, and difficult to track. The Agency’s Privacy Office did not have a real-time, accurate tracking and reporting system for this documentation, and it took searching through emails and shared file directories to find all of the necessary information.
Phoenix Cyber analyzed the Agency’s former email-based process and presented the Agency with a tailored, automated system based on their custom workflows. A no-code/low-code platform was leveraged to decrease development time and costs with Phoenix Cyber and the Agency working together through an agile, rapid development and prototyping process to ensure all requirements and deadlines were met.
The resulting “first-of-its-kind” federal privacy compliance management tool was lauded by senior officials and independent third-party viewers as “thoughtful and intelligent design,” the likes of which they had not seen in their 20 years of conducting Agency reviews. The solution includes:
- An intuitive, engaging user interface with helpful information and useful documentation links to understand the compliance requirements
- Business workflows employing role-based access controls, along with task tracking and user notifications
- Mail merge functionality to generate the necessary documentation and forms required to be completed for each system
- Integration with the Agency’s information system inventory application to import data elements and identify key stakeholders for each system
- Business intelligence with KPIs, workflow monitoring, and management reporting
This new tool results in a simpler process for system owners and program managers to complete required privacy compliance documentation while providing critical transparency and real-time reporting to the Agency’s Privacy Office.