Develop and implement appropriate data processing safeguards.
The Protect-P Function covers data protection to prevent cybersecurity-related privacy events,the overlap between privacy and cybersecurity risk management.
Security and privacy policies (e.g., purpose, scope, roles and responsibilities in the data processing ecosystem, and management commitment), processes, and procedures are maintained and used to manage the protection of data.
Access to data and devices is limited to authorized individuals, processes, and devices, and is managed consistent with the assessed risk of unauthorized access.
Data are managed consistent with the organization’s risk strategy to protect individuals’ privacy and maintain data confidentiality, integrity, and availability.
System maintenance and repairs are performed consistent with policies, processes, and procedures.
Technical security solutions are managed to ensure the security and resilience of systems/products/services and associated data, consistent with related policies, processes, procedures, and agreements.