The successful proponent must provide the following experience:
1. The Proponent should have at least 5 years relevant experience in IT security and must be familiar with the RCMP Harmonized Threat Risk Assessment methodology and with Privacy Impact Assessment standards used by the Government of Canada.
2. Preference will be given to proponents with experience in a public sector environment, in particular a Shared Service model.
3. The resource can be directly employed or subcontracted by the Proponent..
Conduct a threshold assessment.
b. Research and review any laws, legislation, regulations, etc. relevant to the intended use of the O365 environment.
c. Interview designates and collect information regarding the intended use of the O365 technical detail design.
d. Identify and consult with stakeholders.
e. Map the personal information flow.
f. Provide a data classification as it relates to privacy based on the solution areas of the O365 implementation.
g. Assessment of potential privacy issues, Identify options to address the privacy risks and recommend action for each solution area to limit the potential privacy issue.
h. Produce a PIA report, and;
i. Present the PIA report and review.
6. PIA deliverables
a. Develop and deliver the Privacy Impact Assessment, its report and presentation.
b. Complete in detail a plan, which also outlines the commitment of required roles from Government to complete both the TRA and PIA assessments.