GV.PO-P: Governance Policies, Processes, And Procedures

Description

The policies, processes, and procedures to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of privacy risk.

Framework Subcategories

GV.PO-P1: Organizational privacy values and policies (e.g., conditions on data processing such as data uses or retention periods, individuals’ prerogatives with respect to data processing) are established and communicated.

[csf.tools Note: Subcategories do not have detailed descriptions.]

GV.PO-P2: Processes to instill organizational privacy values within system/product/service development and operations are established and in place

[csf.tools Note: Subcategories do not have detailed descriptions.]

GV.PO-P3: Roles and responsibilities for the workforce are established with respect to privacy

[csf.tools Note: Subcategories do not have detailed descriptions.]

GV.PO-P4: Privacy roles and responsibilities are coordinated and aligned with third-party stakeholders (e.g., service providers, customers, partners)

[csf.tools Note: Subcategories do not have detailed descriptions.]

GV.PO-P5: Legal, regulatory, and contractual requirements regarding privacy are understood and managed

[csf.tools Note: Subcategories do not have detailed descriptions.]

GV.PO-P6: Governance and risk management policies, processes, and procedures address privacy risks

[csf.tools Note: Subcategories do not have detailed descriptions.]