| Trustmark Definition Name | Version |
|---|---|
|
Defines privacy requirements organizations to document the methods notify an originating party when the organization reviews the quality of the information it has received and identifies issues.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization disposes of, destroys, erases, and/or anonymizes the PII, regardless of the method of storage, in accordance with a NARA-approved record retention schedule.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization retains each collection of personally identifiable information (PII) for organization-defined time period to fulfill the purpose(s) identified in the notice or as required by law.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization anonymizes the PII, regardless of the method of storage in a manner that prevents loss, theft, misuse, or unauthorized access.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization disposes of, destroys, and/or erases PII, regardless of the method of storage in a manner that prevents loss, theft, misuse, or unauthorized access.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization uses organization-defined techniques or methods to ensure secure deletion or destruction of PII (including originals, copies, and archived records).
|
1.0 |
|
Defines privacy requirements for organizations to have documented procedures for addressing authorized users' noncompliance with its privacy policy.
|
1.0 |
|
Defines privacy requirements for organizations to have documented procedures for addressing personnel's noncompliance with its privacy policy.
|
1.0 |
|
Defines privacy requirements for organizations to have documented procedures for addressing third parties' noncompliance with its privacy policy.
|
1.0 |
|
Defines privacy requirements for organizations to identify who is responsible for ensuring that enforcement procedures of the privacy policy are adequate and enforced.
|
1.0 |
|
Defines privacy requirements for organizations to identify who is responsible for sanctions for noncompliance with the privacy policy and that they are adequate and enforced.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes an inventory that contains a listing of all programs and information systems identified as collecting, using, maintaining, or sharing personally identifiable information (PII).
|
1.0 |
|
Defines privacy requirements for exceptions to privacy principles to be limited and proportional to meeting the objectives to which they relate.
|
1.0 |
|
Defines privacy requirements for an organization's Privacy Officer or privacy oversight committee to review all analytical products.
|
1.0 |
|
Defines privacy requirements for organizations to incorporate the gathering, processing, reporting, analyzing, and sharing of terrorism-related suspicious activities and incidents (SAR process) into existing processes and systems used to manage other crime related information and criminal intelligence.
|
1.0 |
|
Defines privacy requirements for organizations that receive or collect tips and leads and/or suspicious activity report (SAR) information to maintain and adhere to policies and procedures for information collection and handling.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides individuals the ability to have access to their personally identifiable information (PII) maintained in its system(s) of records.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization adheres to U.S. Office of Management and Budget (OMB) policies and guidance for the proper processing of U.S. Privacy Act requests.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization adheres to Privacy Act requirements for the proper processing of Privacy Act requests.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization publishes procedures for accessing PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization publishes procedures for accessing PII in System of Records Notices (SORNs).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization publishes rules and regulations governing how individuals may request access to records maintained.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization publishes rules and regulations governing how individuals may request access to records maintained in a Privacy Act system of records.
|
1.0 |
|
Defines privacy requirements for organizations to categorize information based on its nature, usability, and quality.
|
1.0 |
|
Defines privacy requirements for organizations conducting investigations to adhere to a policy regarding the investigative techniques the organization will follow when acquiring information.
|
1.0 |
