Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPM 2.0 - IAPP > CH 10 - Measure, Monitor & Audit Program Performance > Flashcards

CH 10 - Measure, Monitor & Audit Program Performance Flashcards

1
Q

What is the first step to select relevant metrics?

A

Identify intended metric audience.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Who makes up the primary metric audience?

A

Legal and privacy officers, senior leadership, CIO, program managers, system owners, security officers, and other managers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Who makes up the secondary metric audience?

A

CFO, training organizations, HR, inspectors general, HIPAA security officials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Who makes up the tertiary metric audience?

A

External watchdog groups, sponsors, stakeholders.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Metric owner

A

Responsible for metric throughout the metric life cycle. Should have privacy knowledge, training and experience. Asks why the metric is important and how it fits into business objectives. Monitors performance with the metric. Keeps process documentation up to date for metric.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Trend analysis

A

Metric to analyze privacy program performance. Ensures data relationships are meaningful and significant (e., time series, cyclical component, irregular component)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ROI

A

Metric to analyze privacy program performance. Provides quantitative measurement for costs, benefits, strengths and weaknesses of organization’s privacy controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Business resiliency

A

Metric to analyze privacy program performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Program maturity

A

Metric to analyze privacy program performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What should an organization consider when determining the value of information assets?

A

Cost of producing information, value on open market, cost of reproducing if it is lost/damaged/destroyed,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Continuous monitoring

A

Are you protecting personal information? Following policies, etc? Minimizing consequences? Providing feedback? Demonstrating commitment?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Forms of monitoring

A

Active scanning tools, audits, dashboards, complaint tracking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Privacy audit

A

A systematic and independent examination to determine whether activities involving the processing of personal data are carried out in accordance with an organization’s data protection policies and procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Audit planning (auditor selection), audit preparation (schedule, scope), audit, report, and follow-up

A

Five phases of privacy program audit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Self assessment - performed by internal employees. self certification does not exempt an organization from fulfilling obligations under laws or regulations.

A

First party audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Supplier audits

A

Second party audits

17
Q

Conducted by independent outside sources. Required under consent decree or by regulator.

A

Third party audits

18
Q

Periodic review process - build triggers at what points?

A

When does your governance structure need revamping? What triggers a policy review? How often do audits happen? What in an audit triggers follow up?

CIPM 2.0 - IAPP (21 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions