Abstract: Methods, software and devices for scoring privacy protection processes implemented by an organization are disclosed. Implementation metrics and evidence indicators are received from units of the organization. Implementation metrics each represent extent of implementation of one of the privacy protection processes. Evidence indicators each indicate an electronic document providing evidence of extent of implementation of one of the privacy protection processes. Each electronic document is associated with at least one of the implementation metrics for which the electronic document provides supporting evidence. For each particular privacy protection process implemented by each particular organizational unit, applicable privacy protection rules are identified and a user interface is provided to facilitate assessing compliance of that organizational unit with applicable privacy protection rules.