ID.IM-P7: The data processing environment is identified (e.g., geographic location, internal, cloud, third parties). ID.IM-P6: Data elements within the data actions are inventoried. ID.IM-P5: The purposes for the data actions are inventoried. ID.IM-P4: Data actions of the systems/products/services are inventoried. ID.IM-P3: Categories of individuals (e.g., customers, employees or prospective employees, consumers) whose data are being processed are inventoried.ĥ.2.2 – Needs and expectations of interested parties ![]() ID.IM-P2: Owners or operators (e.g., the organization or third parties such as service providers, partners, customers, and developers) and their roles with respect to the systems/products/services and components (e.g., internal or external) that process data are inventoried.ĥ.2.1 – Understanding the organization and its context ![]() ID.IM-P1: Systems/products/services that process data are inventoried.ħ.2.8 – Records related to Processing PII ![]() Inventory and Mapping (ID.IM-P): Data processing by systems, products, or services is understood and informs the management of privacy risk. IDENTIFY-P (ID-P): Develop the organizational understanding to manage privacy risk for individuals arising from data processing. NIST Privacy Framework Preliminary Draft Core+A2:F24
0 Comments
Leave a Reply. |