Privacy concerns exist wherever personally identifiable information is collected
and stored – in digital form or otherwise. Improper or non-existent disclosure
control can be the root cause for privacy issues. Data privacy issues can arise
in response to information from a...
Risk management is the identification, assessment, and prioritization of risks
followed by coordinated and economical application of resources to minimize,
monitor, and control the probability and/or impact of events or to maximize the
realization of opportunities. Why Risk...
Information security means protecting information and information systems
from unauthorized access, use, disclosure, disruption, modification, perusal,
inspection, recording or destruction. The terms information security, computer
security and information assurance are...
Thank you for contacting us. We will reach out to you shortly regarding your inquiry.
An error has occurred. Please try again later.
Privacy concerns exist wherever personally identifiable information is collected and stored – in
digital form or otherwise. Improper or non-existent disclosure control can be the root cause for
privacy issues. Data privacy issues can arise in response to information from a wide range of
sources, such as:
Health care records
Criminal justice investigations and proceedings
Financial institutions and transactions
Biological traits, such as genetic material
Residence and geographic records
Privacy is a business concern and it affects the brand of the organization. Privacy is best
addressed by having a good governance and compliance program within an organization. Policies
and procedures that provide guidelines and/or guidance are an essential step towards privacy.
Understanding and defining sensitive data within each organization gives each user the ability
to participate in the privacy program. Education, training, and awareness are cornerstones of a
good privacy program for an organization.
Risk management is the identification, assessment, and prioritization of risks followed by
coordinated and economical application of resources to minimize, monitor, and control the
probability and/or impact of events or to maximize the realization of opportunities.
Why Risk Management?
Risk Management does the following for an organization:
Creates value – resources expended to mitigate risk should be less than the consequence of
inaction, or (as in value engineering), the gain should exceed the pain
Is an integral part of operations
Helps in meeting regulatory requirements
Explicitly address uncertainty and assumptions
Provides structure to enterprise operations
Is helpful in moving an enterprise towards standards (NIST, ISO)
Takes human factors into account
Is dynamic, iterative and responsive to change
An organization streamlines its operations and addresses security and privacy due to a well run
risk management program. It provides management the ability to stay ahead of change and address
all areas of the data lifecycle.
Information security means protecting information and information systems from unauthorized
access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
The terms information security, computer security and information assurance are frequently used
interchangeably. These fields are interrelated often and share the common goals of protecting the
confidentiality, integrity and availability of information; however, there are some subtle
differences between them.
These differences lie primarily in the approach to the subject, the methodologies used, and the
areas of concentration. Information security is concerned with the confidentiality, integrity and
availability of data regardless of the form the data may take: electronic, print, or other forms.
Computer security can focus on ensuring the availability and correct operation of a computer system
without concern for the information stored or processed by the computer. Information assurance
focuses on the reasons for assurance that information is protected, and is thus reasoning about
SecureFLO Consulting Group and its affiliates (collectively referred to
as “SecureFLO”) respect the privacy of your personal information. This
from you at its web sites (each referred to as “the Site”), what we do
with that information, and with whom we may share the information.
Each visitor to the Site (“the User”) is encouraged to review this Privacy
password-protected web sites created by SecureFLO for specific SecureFLO
clients, which by their nature require different uses of personal information.
The policy also does not apply to the web sites to which this web site
may link. If you choose to follow a link to another web site, please consult
for changes. When amendments are made, the “revised” date at the top of
Site after an amendment constitutes your acceptance of the amendment.
Collection and use of User information
SecureFLO collects two types of User information: computer information
that is collected automatically, and personal information that you enter
Automatic collection of computer information
When you visit the Site, SecureFLO does not automatically collect personal
information from you or about you (such as your name or mailing address).
However, the Site does place small files called “cookies” on your computer
to automatically collect and store certain types of data from the computer
that you use to access the Site. This information includes but is not limited
to the following: browser and platform type (e.g., Internet Explorer browser
on a PC platform); the Internet Service Provider, or “ISP” (e.g., AT&T);
the Internet Protocol (IP) address unique to the computer; the number and
length of visits; the pages visited; and the referral source (e.g., Google)
and search terms that led to the Site page. SecureFLO uses this computer
information to assess interest in the Site and its pages, and for other
internal business purposes.
Collection of voluntarily provided personal information
SecureFLO also may request and collect certain personal information from
Users who wish to be contacted by SecureFLO or to receive SecureFLO publications
such as white papers and newsletters. This personal information may include
the User’s name, email address, telephone number, and mailing address.
SecureFLO does not request or collect other personal information such as
social security numbers, driver’s license numbers, or financial account
numbers. You are under no obligation to provide any information about yourself,
though certain information may be needed in order to respond to a request
for information or publications. We will not attempt to match this personal
information with IP addresses and other automatically collected information,
except as may be necessary to police misuse of the Site. You may opt out
of receiving communications from SecureFLO by contacting the Site Administrator
(see Section 10).
Disclosure of User information
User information collected through the Site is stored securely within
the SecureFLO network. SecureFLO does not sell or transfer your information
to unaffiliated third parties, except for the purposes of the operation
of the Site, to comply with applicable law (including subpoena requests),
and to respond to your request. For example, all information transmitted
to or from the Site, including your computer information and User-entered
personal information, may be accessible to nonaffiliated third-party vendors
and contractors who provide services to SecureFLO relating to the operation
of the Site or the supply of requested information (e.g., analytics and
optimization services). SecureFLO has security agreements in place with
these vendors and contractors. User information also may be disclosed in
connection with a merger or the sale of SecureFLO assets, and User information
posted by the User on a SecureFLO blog may be accessible to anyone visiting
the blog. Aggregated or otherwise anonymous data may be used and shared
for any purpose.
Disposal of User information
Upon its determination that records containing User information are no
longer are of use to SecureFLO, SecureFLO will dispose of such records
by secure means so that any personal information is no longer readable.
Review and changes to personal data
A User may review and update the personal information that SecureFLO has
collected regarding him or her by contacting the Site Administrator.
Links to other sites
For your convenience, the Site may contain links to other web sites of
interest that are not owned, controlled, or managed by SecureFLO, including
social media sites. These non-SecureFLO web sites are not subject to this
Maintaining the security of your personal information is of utmost concern
to SecureFLO. SecureFLO uses reasonable security measures to protect your
personal information from unauthorized access. However, no system can be
absolutely secure. Consequently, you should not transmit to the Site any
health information or other information that you consider sensitive. SecureFLO
cannot warrant the security of your personal information transmitted to
the Site, and you do so at your own risk.
The Site is administered by SecureFLO’s webmaster. The webmaster can be
contacted by email at firstname.lastname@example.org or by regular mail at: