Eleos | Home

Data Security and Privacy Lifecycle Management (DSP)

Limitation of Purpose in Personal Data Processing

Level N/A

Define, implement and evaluate processes, procedures and technical measures to ensure that personal data is processed according to any applicable laws and regulations and for the purposes declared to the data subject.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DSP-12

Related

Compliance Framework

NIST 800-53 Rev 5

Secure Controls Framework 2023.4

Control Number

PM-23

PM-27

PM-32

PT-2

PT-2(1)

PT-3

PT-3(1)

PT-3(2)

PT-4

PT-4(2)

PT-4(3)

PT-6

PT-6(1)

PT-6(2)

SI-12

SI-12(1)

SI-19

SI-19(1)

PRI-02.1

PRI-04.1

PRI-05.1

PRI-05.4

Solutions
Community

Data Security and Privacy Lifecycle Management (DSP)

Personal Data Sub-processing

Level N/A

Define, implement and evaluate processes, procedures and technical measures for the transfer and sub-processing of personal data within the service supply chain, according to any applicable laws and regulations.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DSP-13

Related

Compliance Framework

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

CM-13

PT-3

PT-3(1)

SA-9

SA-9(1)

SA-9(3)

SA-9(5)

SR-3

SR-3(3)

SR-4

SR-4(1)

ID.SC-3

PRI-07

PRI-07.1

PRI-07.2

PRI-07.3

Solutions
Community

Data Security and Privacy Lifecycle Management (DSP)

Disclosure of Data Sub-processors

Level N/A

Define, implement and evaluate processes, procedures and technical measures to disclose the details of any personal or sensitive data access by sub-processors to the data owner prior to initiation of that processing.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DSP-14

Related

Compliance Framework

NIST 800-53 Rev 5

Secure Controls Framework 2023.4

Control Number

PM-22

PT-6

PT-6(1)

PT-6(2)

PT-8

SR-4

SR-4(1)

PRI-01

PRI-02

Solutions
Community

Data Security and Privacy Lifecycle Management (DSP)

Limitation of Production Data Use

Level N/A

Obtain authorization from data owners, and manage associated risk before replicating or using production data in non-production environments.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DSP-15

Related

Compliance Framework

NIST 800-53 Rev 5

Secure Controls Framework 2023.4

Control Number

SA-3

SA-3(2)

SI-19

SI-19(3)

PRI-05.1

Solutions
Community

Data Security and Privacy Lifecycle Management (DSP)

Data Retention and Deletion

Level N/A

Data retention, archiving and deletion is managed in accordance with business requirements, applicable laws and regulations.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DSP-16

Related

Compliance Framework

CIS v8.0

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

3.4

3.5

5.33

SI-12

SI-12(1)

SI-12(2)

SI-12(3)

SI-18

SI-18(1)

SI-18(4)

SI-18(5)

SI-19

SI-19(2)

PR.DS-3

PR.IP-6

ID.GV-3

DCH-18

PRI-05

Solutions
Community

Data Security and Privacy Lifecycle Management (DSP)

Sensitive Data Protection

Level N/A

Define and implement, processes, procedures and technical measures to protect sensitive data throughout it's lifecycle.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DSP-17

Related

Compliance Framework

CIS v8.0

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

CIS v8.0

Control Number

3.1

3.14

PL-2

PM-22

PM-24

PT-7

PT-7(1)

PT-7(2)

PT-8

SC-8

SC-8(1)

SC-8(2)

SC-8(3)

SC-8(4)

SC-8(5)

SC-28

SC-28(1)

PR.DS-1

PR.DS-2

PR.DS-5

CLD-10

DCH-01

DCH-02.1

DCH-06.2

DCH-06.4

DCH-13.3

IAC-20.1

IAO-03.2

PRI-05.4

SAT-03.3

3.3

Solutions
Community

Data Security and Privacy Lifecycle Management (DSP)

Disclosure Notification

Level N/A

The CSP must have in place, and describe to CSCs the procedure to manage and respond to requests for disclosure of Personal Data by Law Enforcement Authorities according to applicable laws and regulations. The CSP must give special attention to the notification procedure to interested CSCs, unless otherwise prohibited, such as a prohibition under criminal law to preserve confidentiality of a law enforcement investigation.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DSP-18

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

Secure Controls Framework 2023.4

Control Number

6.8

IR-6

IR-6(3)

PM-21

SR-8

CPL-05

CPL-05.1

CPL-05.2

DCH-03.1

PRI-07.4

PRI-14.1

PRI-14.2

Solutions
Community

Data Security and Privacy Lifecycle Management (DSP)

Data Location

Level N/A

Define and implement, processes, procedures and technical measures to specify and document the physical locations of data, including any locations in which data is processed or backed up.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DSP-19

Related

Compliance Framework

NIST 800-53 Rev 5

Secure Controls Framework 2023.4

Control Number

CA-3

CA-3(6)

CM-8

CM-8(8)

CM-12

CM-12(1)

PM-5

PM-5(1)

PM-22

PM-24

SA-9

SA-9(5)

SA-9(8)

CLD-09

DCH-19

Solutions
Community

Governance Risk and Compliance (GRC)

Governance Program Policy and Procedures

Level N/A

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for an information governance program, which is sponsored by the leadership of the organization. Review and update the policies and procedures at least annually.

Parent

Compliance Framework

CCM v4.0.10

Control Number

GRC-01

Related

Compliance Framework

CIS v8.0

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

3.1

PL-1

PM-1

PM-17

AC-1

AT-1

AU-1

CA-1

CM-1

CP-1

IA-1

IR-1

MA-1

MP-1

PE-1

PS-1

PT-1

RA-1

SA-1

SC-1

SI-1

SR-1

ID.GV-1

ID.GV-4

GOV-02

GOV-03

Solutions
Community

Governance Risk and Compliance (GRC)

Risk Management Program

Level N/A

Establish a formal, documented, and leadership-sponsored Enterprise Risk Management (ERM) program that includes policies and procedures for identification, evaluation, ownership, treatment, and acceptance of cloud security and privacy risks.

Parent

Compliance Framework

CCM v4.0.10

Control Number

GRC-02

Related

Compliance Framework

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

PL-1