Since we launched our PDPA services last week, we have received multiple calls/emails on the PDPA Starter Pack Documentation. It’s true that we generally do not include support for the documents (hence the very low cost), but we ended up doing it anyway because we just can’t help ourselves.
Anyway, we’ve decided to provide some samples on how some of these documents look like. We’ve actually been doing corporate policies for years, as part of our ISO27001 or PCI-DSS implementation, but for PDPA, we did come up with some new ones to address the specifics of PDPA.
We generally break our policies structure into tiers which is consistent to the document hierarchy of ISMS with a few changes. First tier policies are in general where other standards can refer to, and itself can refer to lower tiers for more granular instructions. In this case, we have the Personal Data Policy. The information security policy can also be on this tier, but in this case, we put the security policy and other policies on tier 2, where the Personal Data Policy reference to. Under this arrangement, changes can be made for instance in a Tier 2 policy, without changing in Tier 1, because Tier 1 only reference and point to the corresponding policy in Tier 2 for details. Management of policies and updates now become easier. Tier 3 will be documents, such as access forms, change forms etc.
Other companies can also incorporate into their own existing structure of documents, depending on the needs. Every document also has clearly marked areas for user input, as well as comments at the side for further instructions or references to the section in the PDPA document or/and the subregulations. All policies and standards will be in word format for editing purposes.
You can download the samples here, that consists of the README files and 2 policies and 2 documents. These are incomplete documents as a sample, but it should give you an idea how is it like for the starter pack.
PDPA Samples Starter Pack – DOWNLOAD!
As always, if you have any questions, feel free to drop us a note at firstname.lastname@example.org.