CT.PO-P: Data Processing Policies, Processes, And Procedures
Description
Policies, processes, and procedures are maintained and used to manage data processing (e.g., purpose, scope, roles and responsibilities in the data processing ecosystem, and management commitment) consistent with the organization’s risk strategy to protect individuals’ privacy.
Framework Subcategories
CT.PO-P1: Policies, processes, and procedures for authorizing data processing (e.g., organizational decisions, individual consent), revoking authorizations, and maintaining authorizations are established and in place
[csf.tools Note: Subcategories do not have detailed descriptions.]
CT.PO-P2: Policies, processes, and procedures for enabling data review, transfer, sharing or disclosure, alteration, and deletion are established and in place (e.g., to maintain data quality, manage data retention)
[csf.tools Note: Subcategories do not have detailed descriptions.]
CT.PO-P3: Policies, processes, and procedures for enabling individuals’ data processing preferences and requests are established and in place.
[csf.tools Note: Subcategories do not have detailed descriptions.]
CT.PO-P4: A data life cycle to manage data is aligned and implemented with the system development life cycle to manage systems
[csf.tools Note: Subcategories do not have detailed descriptions.]