ID.IM-P: Inventory And Mapping
Description
Data processing by systems, products, or services is understood and informs the management of privacy risk.
Framework Subcategories
ID.IM-P1: Systems/products/services that process data are inventoried
[csf.tools Note: Subcategories do not have detailed descriptions.]
ID.IM-P2: Owners or operators (e.g., the organization or third parties such as service providers, partners, customers, and developers) and their roles with respect to the systems/products/services and components (e.g., internal or external) that process data are inventoried
[csf.tools Note: Subcategories do not have detailed descriptions.]
ID.IM-P3: Categories of individuals (e.g., customers, employees or prospective employees, consumers) whose data are being processed are inventoried
[csf.tools Note: Subcategories do not have detailed descriptions.]
ID.IM-P4: Data actions of the systems/products/services are inventoried
[csf.tools Note: Subcategories do not have detailed descriptions.]
ID.IM-P5: The purposes for the data actions are inventoried
[csf.tools Note: Subcategories do not have detailed descriptions.]
ID.IM-P6: Data elements within the data actions are inventoried
[csf.tools Note: Subcategories do not have detailed descriptions.]
ID.IM-P7: The data processing environment is identified (e.g., geographic location, internal, cloud, third parties)
[csf.tools Note: Subcategories do not have detailed descriptions.]
ID.IM-P8: Data processing is mapped, illustrating the data actions and associated data elements for systems/products/services, including components; roles of the component owners/operators; and interactions of individuals or third parties with the systems/products/services
[csf.tools Note: Subcategories do not have detailed descriptions.]