CIPM Sustain Flashcards

1
Q

3 sustain elements

A
  1. monitor continuously
  2. audit
  3. communicate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Things a Privacy Professional needs to monitor:

A
  1. ID gaps in privacy program
  2. changes in legislative/regulatory framework and update policy
  3. compliance/risk monitoring
  4. environmental monitoring: data loss prevention (DLP)(including contractors and CSP)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Forms of monitoring

A
  1. active (IT) scanning tools for DLP
  2. audit
  3. breach monitoring, detection, notification
  4. complaint monitoring
  5. data management/retention strategies
  6. dashboards
  7. control based monitoring
  8. employee/visitor entry/exit strategy
  9. monitor external conditions
  10. monitor internal conditions
  11. regulatory based monitoring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How does a Privacy Professional audit for risk management?

A

Check whether data processing carried out in accordance with organisations’s policies and procedures by systems level, operational level, processes level, and people level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the 5 steps of a privacy audit?

A
  1. planning
  2. preparation
  3. actual audit
  4. report to stakeholders
  5. follow up monitoring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

3 categories of a privacy audits

A

1) 1st party (internal): This is a self evaluation.
2) 2nd party (EU): This ensures supplier or sub-contractor meets documented requirements.
3) 3rd party (external)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What should a Privacy Professional Communicate to contractors, vendors, and the workforce?

A
  1. create awareness of privacy program internally and externally (training, brand marketing)
  2. ensure flexibility, communicate changes
  3. ID documents requiring updates as PP changes: policies (internal) and notices (external)
  4. targeted employee, management, contractor training
How well did you know this?
1
Not at all
2
3
4
5
Perfectly