Management Tools                                                     
These tools will help your company manage the security and privacy of non-public information,
business partners, and compliance.  I've created and used these tools to help my clients, and
I am confident that they will help your organization too.

The Privacy Professor's Privacy Breach Impact Calculator         
Privacy breaches are costing businesses increasingly large amounts of money; many times more than
what the safeguards would have cost to prevent them. How much could a privacy breach cost your
business? Most organizations are not aware of the many factors that can contribute to the financial impact
of a data privacy breach. In 2002 I created the original Privacy Breach Impact Calculator.  I included it in
Privacy Management Toolkit  in 2005. I've since updated the calculator and now provide it as a stand-alone tool
that provides 40 variable items that contribute to the financial impact of a privacy breach.  This has been used by
many organizations to effectively raise awareness of the business executives for the potential impact of a breach.
The cost (less than the average cost of one hour of consulting time for most consultants): $200. Contact me
for more information.
Sign Up For Free Monthly Privacy Awareness Tips
For Email Newsletters you can trust
Privacy Management Toolkit                               
The Privacy Management Toolkit, Version 1.0 is a complete resource for managing customer
and employee data privacy while maintaining compliance with international data protection
laws. The Privacy Management Toolkit addresses all of the critical components of a privacy
management program for less than the cost of one day of outside consulting advice. The
Privacy Management Toolkit has everything you need to save money while building a privacy
governance program based on the international O.E.C.D. Privacy Principles upon which most
data protection laws throughout the world are based.  

For more information see or get in touch
with me
Vendor Security Assessment Kit                        
These are tools I developed and that I use for the assessments I am contracted to perform.  I have used
them for over 150 vendor and business partner security program reviews, and they have worked
exceptionally well for me.  

Here is some additional information about my Vendor Security Assessment Kit:
  • The vendor questionnaire is an Excel spreadsheet.
  • The beginning section collects information about the vendor (name of company, contact info, website,
    size of company, etc.), along with identifying the specific types personally identifiable information (PII)
    from your organization that the vendor accesses/handles/stores/etc.
  • There is a worksheet for the information security section and a worksheet for the privacy section.
  • There are a total of 136 questions following the vendor information collection beginning section. The
    questions use the international frameworks of ISO 27002 and the OECD privacy principles, which
    the government oversight agencies view as best practices and encourage organizations to follow.
  • The 136 questions are within 16 well-defined topics. I have found this helps the vendor to answer
    the questions; often they will assign the different topics to different people to expedite getting the
    questionnaire completed, as well as to ensure that those most knowledgeable
    about the topic are the ones answering the questions.
  • I also include a template to create the vendor security review results report within the kit.
    The format is a Word document which includes directions for how to complete it.
  • I also include the following within the Vendor Security Assessment Kit:
    1. A set of 21 sample security and privacy clause issues to include within vendor contracts
    2. A set of 15 sample vendor security and privacy management policies
For more information, contact me
© 2017 Rebecca Herold & Associates, LLC.  All rights reserved.
Privacy Notice  
Email Rebecca Herold