GV.MT-P4: Policies, processes, and procedures for communicating progress on managing privacy risks are established and in place

Develop a plan of action and milestones for the system to document the planned remediation actions of the organization to correct weaknesses or deficiencies noted during the assessment of the controls and to reduce or eliminate known vulnerabilities in the system; and Update existing plan of action and milestones [Assignment: organization-defined frequency] based on the…

Implement a process to ensure that plans of action and milestones for the information security, privacy, and supply chain risk management programs and associated organizational systems: Are developed and maintained; Document the remedial information security, privacy, and supply chain risk management actions to adequately respond to risk to organizational operations and assets, individuals, other organizations,…

Develop [Assignment: organization-defined privacy reports] and disseminate to: [Assignment: organization-defined oversight bodies] to demonstrate accountability with statutory, regulatory, and policy privacy mandates; and [Assignment: organization-defined officials] and other personnel with responsibility for monitoring privacy program compliance; and Review and update privacy reports [Assignment: organization-defined frequency].