Patrick F. Sullivan, Ph.D.

Principal Consultant

Patrick F. Sullivan is an IRCA-certified ISO 27001 auditor with proven experience in Information Security Management System implementation and Information Privacy and Security consulting. His clients have included Fortune 500 companies in the pharmaceutical, financial services and telecommunications industries, as well as work with government agencies and regulatory oversight bodies in the U.S., Hong Kong and Canada. 

An early career in academic teaching and research led to a focus on ethical uses of information technologies and the practical problems organizations face in managing the balance between protecting critical information assets and using those assets to achieve business goals. This lead to a career transition helping organizations solve those problems with effective information governance, risk management and compliance strategies.

Patrick maintains his academic interests as a sought after speaker at professional conferences, and has published articles on information security and privacy management in numerous professional and industry publications.

Career Accomplishments

+ Expand - Collapse
  • Provided Information Security Management System (ISMS) implementation consulting during project execution and through registration for an industry-leading company that achieved ISO 27001 certification on the first audit
  • Assisted a major U.S. pharmaceutical company with updating its information security compliance framework to reflect ISO 27001 process requirements and controls and coordinating its information security compliance processes with the Global Privacy Office efforts in successful certification to the U.S. Department of Commerce Safe Harbor Framework for international data transfers in the clinical division
  • Collaborated on legal and regulatory review for ISO 27001 ISMS implementation for a major U.S. credit card issuer (ISMS certified in 2006) as well as for a major U.S. life and annuities company (ISMS certified in 2008)
  • Developed and delivered information security management workshop for a retail industry leadership group
  • Assisted the Ontario Information and Privacy Commissioner’s Office with development of its Privacy Diagnostic Tool for self assessment with PIPEDA
  • Assisted the Hong Kong Office of the Privacy Commissioners for Personal Data with development of its compliance inspection methodology for the Hong Kong Personal Data (Privacy) Ordinance
  • Developed legal and regulatory content for policy management software as Senior Vice President of Policy Advisory Services for a Montreal-based privacy and security compliance technology company
  • Ensured appropriate integration of information privacy and security consulting methodologies as Vice President of Privacy and Information Policy at a start-up information security and managed services company
  • Helped launch the global Privacy Practice as a senior manager at PricewaterhouseCoopers
  • Founding executive director of the Washington DC-based Computer Ethics Institute

Skills and Expertise:

+ Expand - Collapse
  • Designing, and implementing business-driven, standards-based Information Security Management programs
  • Developing and implementing information security risk management methodologies, and risk-based control objectives and controls for defined business and information environments
  • Experience with privacy and security governance, risk management, and compliance program design and deployment consistent with U.S. and international law, regulation and industry standards affecting the management and protection of information assets by organizations
  • Over fifteen years experience in university level teaching and academic research