Termination - Commitments - User Termination, v1.0

Defines privacy requirements related to organizations documenting their commitments with respect to the protection or destruction of users' sensitive information.

Assessment Step

1
Termination - Commitments - User Termination (Termination-Commitments-UserTermination)
Does the organization have a written policy or plan that contains commitments with respect to the protection or destruction of the user's sensitive information including personally identifiable information in the event that a user ceases to use the organization's services?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.
Parameter
Information Typesrequired
ENUM_MULTI : Select the type(s) of sensitive information that apply.
  • PII
  • PHI
  • III
  • IIHI
  • Other

Conformance Criteria (1)

C-1
The organization has a written policy or plan that contains commitments with respect to the protection or destruction of the user's sensitive data including personally identifiable information in the event that a user ceases to use the organization's services.
Citation
FICAM-TFPAP
Section 3.2.5