A portrait of Rebecca Herold

Rebecca Herold & Associates, LLC

Your trusted source for effective information security,
privacy and compliance tools, education and consulting.
The Privacy Professor

Mangement Tools

These tools will help your company manage the security and privacy of non-public information, business partners, and compliance. I've created and used these tools to help my clients, and I am confident that they will help your organization too.

The Privacy Professor's Privacy Breach Impact Calculator

Privacy breaches are costing businesses increasingly large amounts of money; many times more than what the safeguards would have cost to prevent them. How much could a privacy breach cost your business? Most organizations are not aware of the many factors that can contribute to the financial impact of a data privacy breach. In 2002 I created the original Privacy Breach Impact Calculator. I included it in my Privacy Management Toolkit in 2005. I've since updated the calculator and now provide it as a stand-alone tool that provides 40 variable items that contribute to the financial impact of a privacy breach. This has been used by many organizations to effectively raise awareness of the business executives for the potential impact of a breach.
The cost (less than the average cost of one hour of consulting time for most consultants): $200.
Contact me for more information.

Privacy Management Toolkit

The Privacy Management Toolkit, Version 1.0 is a complete resource for managing customer and employee data privacy while maintaining compliance with international data protection laws. The Privacy Management Toolkit addresses all of the critical components of a privacy management program for less than the cost of one day of outside consulting advice. The Privacy Management Toolkit has everything you need to save money while building a privacy governance program based on the international O.E.C.D. Privacy Principles upon which most data protection laws throughout the world are based.
Contact me for more information.

Vendor Security Assessment Kit

These are tools I developed and that I use for the assessments I am contracted to perform. I have used them for over 150 vendor and business partner security program reviews, and they have worked exceptionally well for me.

Here is some additional information about my Vendor Security Assessment Kit:

  • The vendor questionnaire is an Excel spreadsheet.
  • The beginning section collects information about the vendor (name of company, contact info, website, size of company, etc.), along with identifying the specific types personally identifiable information (PII) from your organization that the vendor accesses/handles/stores/etc.
  • There is a worksheet for the information security section and a worksheet for the privacy section.
  • There are a total of 136 questions following the vendor information collection beginning section. The questions use the international frameworks of ISO 27002 and the OECD privacy principles, which the government oversight agencies view as best practices and encourage organizations to follow.
  • The 136 questions are within 16 well-defined topics. I have found this helps the vendor to answer the questions; often they will assign the different topics to different people to expedite getting the questionnaire completed, as well as to ensure that those most knowledgeable about the topic are the ones answering the questions.
  • I also include a template to create the vendor security review results report within the kit. The format is a Word document which includes directions for how to complete it.
  • I also include the following within the Vendor Security Assessment Kit:
    1. A set of 21 sample security and privacy clause issues to include within vendor contracts
    2. A set of 15 sample vendor security and privacy management policies

Contact me for more information.