PR.PT-P

Protective Technology (PR.PT-P): Technical security solutions are managed to ensure the security and resilience of systems/products/services and associated data, consistent with related policies, processes, procedures,…

PR.MA-P

Maintenance (PR.MA-P): System maintenance and repairs are performed consistent with policies, processes, and procedures.

PR.DS-P

Data Security (PR.DS-P): Data are managed consistent with the organization’s risk strategy to protect individuals’ privacy and maintain data confidentiality, integrity, and availability.

PR.AC-P

Identity Management, Authentication, and Access Control (PR.AC-P): Access to data and devices is limited to authorized individuals, processes, and devices, and is managed consistent with…

PR.PO-P

Security and privacy policies (e.g., purpose, scope, roles and responsibilities in the data processing ecosystem, and management commitment), processes, and procedures are maintained and used…

CM.AW-P

Data Processing Awareness (CM.AW-P): Individuals and organizations have reliable knowledge about data processing practices and associated privacy risks, and effective mechanisms are used and maintained…

CM.PO-P

Data Processing Awareness (CM.AW-P): Individuals and organizations have reliable knowledge about data processing practices and associated privacy risks, and effective mechanisms are used and maintained…

CT.DP-P

Data processing solutions increase dissociability consistent with the organization’s risk strategy to protect individuals’ privacy and enable implementation of privacy principles (e.g., data minimization).

CT.DM-P

Data are managed consistent with the organization’s risk strategy to protect individuals’ privacy, increase manageability, and enable the implementation of privacy principles (e.g., individual participation,…

CT.PO-P

Policies, processes, and procedures are maintained and used to manage data processing (e.g., purpose, scope, roles and responsibilities in the data processing ecosystem, and management…

GV.MT-P

The policies, processes, and procedures for ongoing review of the organization’s privacy posture are understood and inform the management of privacy risk

GV.AT-P

Awareness and Training (GV.AT-P): The organization’s workforce and third parties engaged in data processing are provided privacy awareness education and are trained to perform their…

GV.RM-P

The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions

GV.PO-P

Governance Policies, Processes, and Procedures (GV.PO-P): The policies, processes, and procedures to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are…

Get Started

About

Subscribe

Sign-up and receive the latest news

>

Subscribe

Sign-up and receive the latest news

>