Filter

Data Security and Privacy Lifecycle Management (DSP)

Define, implement and evaluate processes, procedures and technical measures for the transfer and sub-processing of personal data within the service supply chain, according to any applicable laws and regulations.


Login

Data Security and Privacy Lifecycle Management (DSP)

Define, implement and evaluate processes, procedures and technical measures to disclose the details of any personal or sensitive data access by sub-processors to the data owner prior to initiation of that processing.


Login

Data Security and Privacy Lifecycle Management (DSP)

Obtain authorization from data owners, and manage associated risk before replicating or using production data in non-production environments.


Login

Data Security and Privacy Lifecycle Management (DSP)

Data retention, archiving and deletion is managed in accordance with business requirements, applicable laws and regulations.


Login

Data Security and Privacy Lifecycle Management (DSP)

Define and implement, processes, procedures and technical measures to protect sensitive data throughout it's lifecycle.


Login

Data Security and Privacy Lifecycle Management (DSP)

The CSP must have in place, and describe to CSCs the procedure to manage and respond to requests for disclosure of Personal Data by Law Enforcement Authorities according to applicable laws and regulations. The CSP must give special attention to the notification procedure to interested CSCs, unless otherwise prohibited, such as a prohibition under criminal law to preserve confidentiality of a law enforcement investigation.


Login

Data Security and Privacy Lifecycle Management (DSP)

Level N/A

Define and implement, processes, procedures and technical measures to specify and document the physical locations of data, including any locations in which data is processed or backed up.


Login

Governance Risk and Compliance (GRC)

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for an information governance program, which is sponsored by the leadership of the organization. Review and update the policies and procedures at least annually.


Login

Governance Risk and Compliance (GRC)

Establish a formal, documented, and leadership-sponsored Enterprise Risk Management (ERM) program that includes policies and procedures for identification, evaluation, ownership, treatment, and acceptance of cloud security and privacy risks.


Login

Governance Risk and Compliance (GRC)

Review all relevant organizational policies and associated procedures at least annually or when a substantial change occurs within the organization.


Login