Sustain

Question 1

3 sustain elements

Answer 1

1. monitor continuously
2. audit
3. communicate

Question 2

monitor

Answer 2

1. ID gaps in privacy program
2. monitor changes in legislative/regulatory framework and update policy
3. compliance/risk monitoring
4. environmental monitoring: data loss prevention (DLP)(including contractors and CSP)

Question 3

Forms of monitoring

Answer 3

1. active (IT) scanning tools for DLP
2. audit
3. breach monitoring, detection, notification
4. complaint monitoring
5. data management/retention strategies
6. dashboards
7. control based monitoring
8. employee/visitor entry/exit strategy
9. monitor external conditions
10. monitor internal conditions
11. regulatory based monitoring

Question 4

audit (for risk management)

Answer 4

Check whether data processing carried out in accordance with organisations’s policies, procedures (systems, operations, processes, people)

Question 5

5 steps of audit

Answer 5

1. planning
2. preparation
3. audit
4. report to stakeholders
5. follow up

Question 6

3 categories of audits

Answer 6

1st party (internal): self evaluation
2nd party (EU): ensure supplier or sub-contractor meets requirements
3rd party (external)

Question 7

Communicate (to contractors, vendors, workforce)

Answer 7

1. create awareness of privacy program internally and externally (training, brand marketing)
2. ensure flexibility, communicate changes
3. ID documents requiring updates as PP changes: policies (internal) and notices (external)
4. targeted employee, management, contractor training