ID.IM-P5: The purposes for the data actions are inventoried

Develop and document a map of system data actions.

Develop, document, and disseminate to [Assignment: organization-defined personnel or roles]: [Assignment (one or more): organization-level, mission/business process-level, system-level] personally identifiable information processing and transparency policy that: Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and Procedures…

Determine and document the [Assignment: organization-defined authority] that permits the [Assignment: organization-defined processing] of personally identifiable information; and Restrict the [Assignment: organization-defined processing] of personally identifiable information to only that which is authorized.

Identify and document the [Assignment: organization-defined purpose(s)] for processing personally identifiable information; Describe the purpose(s) in the public privacy notices and policies of the organization; Restrict the [Assignment: organization-defined processing] of personally identifiable information to only that which is compatible with the identified purpose(s); and Monitor changes in processing personally identifiable information and implement [Assignment:…