In preparation for GDPR, Tueoris mapped personal data processing activities for a software-as-a-service company that provides online scheduling and business management software for the health and wellness services industry. In addition to GDPR compliance, including creation of Records of Processing Activities, maps were used to identify data limitation and security control improvements, as well as to support development of policies and procedures reflective of actual personal data processing practices.

Tueoris created maps of personal data flows to support preparation for GDPR compliance for a US-based international air carrier. Data maps focused on flows within the airline’s internal network and to its considerable outsourced/third-party ecosystem in order to facilitate responses to data subject rights requests. Mapping exercise included the development of process workflows for data subject rights requests (intake, analysis and fulfilment), including communication of requests to in-scope third party processors and sub-processors.

In preparation for CCPA, Tueoris conducted a data mapping exercise to document the flow of personal data within the commercial data infrastructure of an online vitamin retailer. Mapping included documenting the flow of data through internal systems and to third-party service providers. Mapping results were leveraged to create a personal data inventory; to support improvements to data security controls; and to identify opportunities to optimize data value and data use.

A worldwide provider of global business technology solutions sought our assistance in preparing to meet the requirements of the EU General Data Protection Regulation (GDPR). In order to assist the client in meeting its objectives, the Tueoris team first conducted an assessment of a “sample group” of high-risk business processes against GDRP requirements in order to identify existing gaps. A highly detailed remediation roadmap was then designed to enable the client to undertake and successfully execute remediation activities in order to gain GDPR compliance. The roadmap focused on narrowly defined activities assigned to functional owners and provided recommended resourcing models, estimated timelines and dependencies. Finally, the Tueoris team led several threads of the remediation activities and actively supported the client in executing others, resulting in a GDPR compliance program that will meet customer and regulator expectations.

Tueoris was selected to develop an Identity and Access Management strategy and roadmap. Tueoris provided independent quality oversight to this strategy/roadmap engagement and provided program leadership and management services for the implementation phases of the IAM program.

Through our experience with this client we learned that clients may have an important need for independent quality oversight in some key IAM initiatives, especially those that are of strategic and foundational implications. Consulting organizations like to bring ideas from elsewhere and apply them at an organization. Often, this is done without a critical evaluation of whether those ideas can help deliver the outcomes for the particular context of the client and the constraints with which the client organization may be faced. An independent quality and performance oversight (of such key initiatives) may only cost a small fraction of the initiative itself but could be extremely useful in assuring the quality and success of the project or program later on.

Tueoris was selected to develop an Identity and Access Management strategy and roadmap. Tueoris provided independent quality oversight to this strategy/roadmap engagement and provided program leadership and management services for the implementation phases of the IAM program.

Through our experience with this client we learned that clients may have an important need for independent quality oversight in some key IAM initiatives, especially those that are of strategic and foundational implications. Consulting organizations like to bring ideas from elsewhere and apply them at an organization. Often, this is done without a critical evaluation of whether those ideas can help deliver the outcomes for the particular context of the client and the constraints with which the client organization may be faced. An independent quality and performance oversight (of such key initiatives) may only cost a small fraction of the initiative itself but could be extremely useful in assuring the quality and success of the project or program later on.