The National Institute of Standards and Technology (NIST) has developed a comprehensive privacy framework that can help organizations assess and improve their privacy practices. The framework consists of three main components: the core, the profiles, and the implementation tiers. In this blog post, we will focus on implementation tier 2, which is the second of four tiers in the NIST privacy framework.
Implementation tier 2 is the next level of the NIST privacy framework after implementation tier 1. It is intended for organizations that have implemented the essential activities in at least two of the five privacy outcome profiles: individual participation, transparency, security, integrity, or accountability.
To achieve implementation tier 2, organizations must implement the recommended activities in at least one of the privacy outcome profiles that they have already implemented. This means that they must go beyond the minimum requirements for that privacy outcome and implement additional activities that can help improve their privacy practices.
For example, if an organization has already implemented the essential activities in the security profile, they can move on to implementing the recommended activities in that profile. This might include things like implementing security incident response and reporting procedures, conducting regular security assessments, and establishing a privacy governance program.
Once an organization has achieved implementation tier 2, they can move on to higher tiers to further improve their privacy practices. The next tier, implementation tier 3, requires organizations to implement the recommended activities in at least two privacy outcome profiles, and the higher tiers have additional requirements.
Overall, implementation tier 2 is an important step in the NIST privacy framework. By achieving this tier, organizations can take additional steps to protect individuals’ personal information and improve their privacy practices.
The Personal Blog of Sean Goodwin 