CT-P: Control-P

Description

Develop and implement appropriate activities to enable organizations or individuals to manage data with sufficient granularity to manage privacy risks.

The Control-P Function considers data processing management from the standpoint of both organizations and individuals.

Framework Categories

CT.PO-P: Data Processing Policies, Processes, And Procedures

Policies, processes, and procedures are maintained and used to manage data processing (e.g., purpose, scope, roles and responsibilities in the data processing ecosystem, and management commitment) consistent with the organization’s risk strategy to protect individuals’ privacy.

CT.DM-P: Data Processing Management

Data are managed consistent with the organization’s risk strategy to protect individuals’ privacy, increase manageability, and enable the implementation of privacy principles (e.g., individual participation, data quality, data minimization).

CT.DP-P: Disassociated Processing

Data processing solutions increase disassociability consistent with the organization’s risk strategy to protect individuals’ privacy and enable implementation of privacy principles (e.g., data minimization).