Privacy Program Health Suite — Consultant-Grade Assessment, Risk & Roadmap Platform (App + Cloud Sync)
▶ Try it first: open the free interactive demo — run the full scope screener, answer one question per domain, and watch your program health and company risk score live in your browser. Nothing to install.
An entire privacy consulting engagement in a single file. The Privacy Program Health Suite takes any organization from "how healthy is our privacy program?" to a board-ready answer in one sitting — nine steps, four billable-grade artifacts, zero backend. Built by a working privacy practitioner who runs these engagements for real.
The nine-step engagement:
- Scope screener — 12 plain-language questions map your footprint to GDPR, UK GDPR/DUAA, CCPA/CPRA, 20+ US state laws, HIPAA, India DPDP, PIPL, LGPD, transfer rules, the EU AI Act, minors' and employment provisions. Scope makes domains critical, which reweights everything downstream.
- 44-question maturity assessment across 11 domains — including AI & automated decision governance as a first-class domain.
- Systems, apps & platform module — score every system holding personal data against seven controls, weighted by data sensitivity and volume. "Non-compliant · priority" flags the dangerous quadrant: weak controls on high-exposure data.
- Program health score (0–100 gauge) and a composite company risk index with an auto-generated executive narrative naming the drivers.
- Framework crosswalk — every domain and finding mapped to HIPAA citations, NIST Privacy Framework categories, ISO/IEC 27002:2022 controls, and SOC 2 Trust Services Criteria, so findings translate straight into your auditors' language.
- 59 regime-specific compliance suggestions, each flagged where legal obligation meets program weakness.
- Auto-generated findings and a four-phase roadmap, foundations sequenced before dependents.
- 5×5 risk register with heat map — seed it from weak domains and priority systems in one click.
- Print-ready executive report compiling all of it.
Connect anywhere: push and pull the full engagement state to infrastructure you already control — GitHub (versioned commits), Azure Blob, Amazon S3, Google Apps Script (backend script included), or any REST endpoint including Power Automate for SharePoint/Teams. Credentials live in session memory only and are never written into save files.
Privacy architecture you can verify: one HTML file, runs in any browser on any OS, fully offline. No accounts, no telemetry, no cookies, no analytics — the tool contacts nothing until you configure a sync endpoint and click. It practices what it assesses, and the claim survives view-source.
Includes: the suite (single-file web app), the Google Apps Script sync backend, a consultant methodology guide, and the security scan report.
Re-assessable by design: save the engagement as a JSON baseline, re-run in six months, and the delta is your progress narrative.
Assessment tooling for program planning — not legal advice.