Govern
Develop and implement the organizational governance structure to enable an ongoing understanding of the organization's risk management priorities regarding privacy.
GV.PO-P
Governance Policies
GV.PO-P1
Privacy policies are established and communicated.
AMP.GV.1
Are privacy policies established and communicated?
Notes
GV.PO-P2
Privacy policies are reviewed and updated.
AMP.GV.2
Are privacy policies reviewed and updated regularly?
Notes
GV.PO-P3
Roles and responsibilities for privacy are defined and communicated.
AMP.GV.3
Are roles and responsibilities for privacy defined and communicated?
Notes
GV.OV-P
Oversight
GV.OV-P1
Privacy audits are conducted.
AMP.GV.4
Does the organization conduct regular privacy audits?
Notes
GV.OV-P2
Corrective actions are taken.
AMP.GV.5
Are corrective actions taken when privacy deficiencies are identified?
Notes