GV-P: Govern-P


Develop and implement the organizational governance structure to enable an ongoing understanding of the organization’s risk management priorities that are informed by privacy risk.

The Govern-P Function is similarly foundational, but focuses on organizational-level activities such as establishing organizational privacy values and policies, identifying legal/regulatory requirements, and understanding organizational risk tolerance that enable an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs.

Framework Categories

GV.RM-P: Risk Management Strategy

The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.

GV.AT-P: Awareness And Training

The organization’s workforce and third parties engaged in data processing are provided privacy awareness education and are trained to perform their privacy-related duties and responsibilities consistent with related policies, processes, procedures, and agreements and organizational privacy values.

GV.MT-P: Monitoring And Review

The policies, processes, and procedures for ongoing review of the organization’s privacy posture are understood and inform the management of privacy risk.