Sustain Flashcards
1
Q
3 sustain elements
A
- monitor continuously
- audit
- communicate
2
Q
monitor
A
- ID gaps in privacy program
- monitor changes in legislative/regulatory framework and update policy
- compliance/risk monitoring
- environmental monitoring: data loss prevention (DLP)(including contractors and CSP)
3
Q
Forms of monitoring
A
- active (IT) scanning tools for DLP
- audit
- breach monitoring, detection, notification
- complaint monitoring
- data management/retention strategies
- dashboards
- control based monitoring
- employee/visitor entry/exit strategy
- monitor external conditions
- monitor internal conditions
- regulatory based monitoring
4
Q
audit (for risk management)
A
Check whether data processing carried out in accordance with organisations’s policies, procedures (systems, operations, processes, people)
5
Q
5 steps of audit
A
- planning
- preparation
- audit
- report to stakeholders
- follow up
6
Q
3 categories of audits
A
1st party (internal): self evaluation 2nd party (EU): ensure supplier or sub-contractor meets requirements 3rd party (external)
7
Q
Communicate (to contractors, vendors, workforce)
A
- create awareness of privacy program internally and externally (training, brand marketing)
- ensure flexibility, communicate changes
- ID documents requiring updates as PP changes: policies (internal) and notices (external)
- targeted employee, management, contractor training