Governments Practitioners Public

Privacy & Security

Accerta's Privacy & Security Program

At Accerta, privacy and security are not just a simple “check the box” exercise for legal and regulatory matters. Accerta takes meaningful effort to foster a culture which is respectful and accountable for the safeguarding of the personal information it manages.  Accerta will always comply with specific privacy requirements outlined in its service agreements with plan sponsors, while also adhering to those legislated provisions and rules which provide the highest level of privacy controls for the collection, use and disclosure of personal information and personal health information.

The Accerta Privacy & Security program is built on a framework which includes:

  1. A robust set of operationalized policies and procedures developed with consideration to Privacy by Design principles;
  2. Privacy and Security Training for all new Accerta team members and annual refresher training;
  3. Compliance with privacy legislation and contractual requirements;
  4. Security clearance checks for all Accerta personnel;
  5. Management of risks through evaluation of existing practices/programs, enhancement of controls and engagement of privacy and security resources on all new Accerta projects; and
  6. Management of vendors that support service delivery and any other third parties that may have access to plan sponsor data.

Accerta is a strong advocate for continuous improvement and believes in proactive monitoring, auditing and testing of existing controls.  In the spirit of continuous improvement, Accerta conducts privacy impact assessments (PIAs), threat and risk assessments (TRAs) as well as vulnerability and penetration testing for information systems, thereby illustrating Accerta’s commitment to information security and personal information protection.  Assessments are conducted to align with relevant privacy and security standards and methodology, such as the Royal Canadian Mounted Police (RCMP) Harmonized TRA Methodology, the CSA Model Code for the Protection of Personal Information and the ISO 27001 information security standards.