ID.
Identify data privacy universe
ID.IM
Identify scope of privacy program
ID.IM-1
Identify data processing activities
ID.IM-2
Identify process owners and operators
ID.IM-3
Identify providers of personal data
ID.IM-4
Identify data processing actions
ID.IM-5
Identify the purpose of each action
ID.IM-6
Identify the elements of each action
ID.IM-7
Identify data processing environment
ID.IM-8
Identify data processing flows and roles
ID.BE
Identify your business environment
ID.BE-1
Identify data processing ecosystem
ID.BE-2
Identify your organization’s priorities
ID.BE-3
Identify organization’s requirements
ID.RA Identify
privacy risks and responses
ID.RA-1
Identify your data privacy context
ID.RA-2
Identify privacy risks by finding bias
ID.RA-3
Identify problematic data actions
ID.RA-4
Identify and prioritize privacy risks
ID.RA-5
Identify and prioritize responses
ID.DE Identify
risk management processes
ID.DE-1
Identify ways of managing privacy risks
ID.DE-2
Identify data processing ecosystem parties
ID.DE-3
Identify objectives for your ecosystem parties
ID.DE-4
Identify how to manage ecosystem privacy risks
ID.DE-5
Identify how well data processing parties perform
GV.
Establish governance structure
GV.PO Establish
privacy governance methods
GV.PO-1
Establish your privacy values and policies
GV.PO-2
Establish processes to instill privacy values
GV.PO-3
Establish privacy roles and responsibilities
GV.PO-4
Establish privacy management ecosystem
GV.PO-5
Establish external privacy requirements
GV.PO-6
Establish privacy management practices
GV.RM
Establish privacy management strategy
GV.RM-1
Establish your risk management processes
GV.RM-2
Establish your organization’s risk tolerance
GV.RM-3
Establish your tolerance for ecosystem risks
GV.AT
Establish privacy skills and competence
GV.AT-1
Establish awareness programs for your workforce
GV.AT-2
Establish awareness programs for your executives
GV.AT-3
Establish awareness programs for privacy people
GV.AT-4
Establish awareness programs for third parties
GV.MT
Establish privacy monitoring program
GV.MT-1
Establish data privacy evaluation program
GV.MT-2
Establish data privacy review program
GV.MT-3
Establish data privacy assessment program
GV.MT-4
Establish data privacy communications program
GV.MT-5
Establish data privacy response control program
GV.MT-6
Establish data privacy change management program
GV.MT-7
Establish data privacy complaint resolution program
CT.
Control how risks are managed
CT.PO
Control how data privacy is protected
CT.PO-1
Control how data processing is authorized
CT.PO-2
Control how data processing is managed
CT.PO-3
Control how data processing is enabled
CT.PO-4
Control how data processing is changed
CT.DM Control
how data privacy is handled
CT.DM-1
Control your organization’s data reviews
CT.DM-2
Control your organization’s data disclosures
CT.DM-3
Control your organization’s data alterations
CT.DM-4
Control your organization’s data deletions
CT.DM-5
Control your organization’s data destruction
CT.DM-6
Control your organization’s data transmission
CT.DM-7
Control your organization’s data permissions
CT.DM-8
Control your organization’s data audit logs
CT.DM-9
Control your organization’s data assessments
CT.DM-10
Control your organization’s data preferences
CT.DP
Control how data privacy is achieved
CT.DP-1
Control how easy it is to observe personal data
CT.DP-2
Control how easy it is to identify specific people
CT.DP-3
Control how easy it is to infer personal details
CT.DP-4
Control how easy it is to hoard personal data
CT.DP-5
Control how easy it is to see personal identifiers
CM.
Develop communication program
CM.PO
Develop communications capability
CM.PO-1
Develop your privacy communication controls
CM.PO-2
Develop your privacy communication functions
CM.AW Develop
communication techniques
CM.AW-1
Develop ways of sharing information about privacy
CM.AW-2
Develop ways of obtaining feedback about privacy
CM.AW-3
Develop ways of ensuring data processing visibility
CM.AW-4
Develop ways of monitoring data sharing activities
CM.AW-5
Develop ways of communicating with data ecosystem
CM.AW-6
Develop ways of determining provenance and lineage
CM.AW-7
Develop ways of notifying people about privacy breaches
CM.AW-8
Develop ways of managing the impact of privacy problems
PR.
Implement processing protections
PR.PO Implement
data protection policies
PR.PO-1
Implement baseline configurations for information technologies
PR.PO-2
Implement configuration management for information
technologies
PR.PO-3
Implement appropriate information backup processes and
procedures
PR.PO-4
Implement policies and regulations to protect your information
assets
PR.PO-5
Implement methods to identify protection improvement
opportunities
PR.PO-6
Implement ways of sharing information about protection
technologies
PR.PO-7
Implement incident response, continuity, recovery, and
restoration plans
PR.PO-8
Implement incident response, continuity, recovery, and
restoration tests
PR.PO-9
Implement privacy procedures and ask human resources to
include them
PR.PO-10
Implement a management plan to address your privacy
vulnerabilities
PR.AC Implement
access control measures
PR.AC-1
Implement measures to control identities of authorized
entities
PR.AC-2
Implement measures to control access to your data and devices
PR.AC-3
Implement measures to control remote access to data and
devices
PR.AC-4
Implement measures to control access permissions and
authorizations
PR.AC-5
Implement measures to control and protect the integrity of
networks
PR.AC-6
Implement measures to control identity authentication methods
PR.DS Implement
data security mechanisms
PR.DS-1
Implement methods and techniques to control data-at-rest
PR.DS-2
Implement methods and techniques to control data-in-transit
PR.DS-3
Implement methods and techniques to control data movements
PR.DS-4
Implement methods and techniques to control data availability
PR.DS-2
Implement methods and techniques to control data disclosure
PR.DS-5
Implement methods and techniques to control data integrity
PR.DS-6
Implement methods and techniques to control data habitat
PR.DS-7
Implement methods and techniques to control data devices
PR.MA Implement
maintenance procedures
PR.MA-1
Implement methods to control maintenance and repair
PR.MA-2 Implement
methods to control remote maintenance work
PR.PT Implement
protective technologies
PR.PT-1
Implement measures to control removable media
PR.PT-2
Implement measures to strengthen configurations
PR.PT-3
Implement measures to safeguard network systems
PR.PT-4
Implement measures to ensure operational resilience
|
