| Trustmark Definition Name | Version |
|---|---|
|
Defines privacy requirements for organizations to provide training for their security officers.
|
1.0 |
|
Defines privacy requirements for an organization to use a separate repository system for tips, leads, and SAR information.
|
1.0 |
|
Defines privacy requirements for organizations to document their technical safeguards for ensuring the security of organization data.
|
1.0 |
|
Defines privacy requirements for organizations to store vulnerability assessments separately from publicly available data.
|
1.0 |
|
Defines privacy requirements for organizations to store and maintain vulnerability assessments within the organization.
|
1.0 |
|
Defines privacy requirements for organizations to require users to agree to comply with its privacy policy in writing.
|
1.0 |
|
Defines privacy requirements for organizations to require users to acknowledge receipt of its privacy policy in writing.
|
1.0 |
|
Defines privacy requirements for organizations to maintain a record of the sources of information sought and collected.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization where appropriate, enters into Memoranda of Understanding, Memoranda of Agreement, Letters of Intent, Computer Matching Agreements, or similar agreements, with third parties that specifically describe the personally identifiable information (PII) covered and specifically enumerate the purposes for which the PII may be used.
|
1.0 |
|
Defines privacy requirements for organizations to provide the title of the individual who will serve as the Privacy Officer.
|
1.0 |
|
Defines privacy requirements for organizations to document which personnel they require to participate in training programs regarding implementation of and adherence to their privacy policies.
|
1.0 |
|
Defines privacy requirements for organizations to provide training to personnel authorized to share protected information through the ISE.
|
1.0 |
|
Defines privacy requirements for organizations to document their training programs.
|
1.0 |
|
Defines privacy requirements for organizations to document what information it may seek, retain, share, disclose, or disseminate.
|
1.0 |
|
Defines privacy requirements for organizations to document what information it may NOT seek, retain, share, disclose, or disseminate.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization updates, at an organization-defined frequency, an inventory that contains a listing of all programs and information systems identified as collecting, using, maintaining, or sharing personally identifiable information (PII).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization includes U.S. Privacy Act Statements on its forms that collect PII to provide additional formal notice to individuals from whom the information is being collected.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization includes U.S. Privacy Act Statements on separate forms that can be retained by individuals to provide additional formal notice to individuals from whom the information is being collected.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization audits internal privacy policy organization-defined frequency to ensure effective implementation.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization audits privacy controls organization-defined frequency to ensure effective implementation.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization administers basic privacy training at least annually.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization administers targeted, role-based privacy training for personnel having responsibility for activities that involve PII at least annually.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization administers targeted, role-based privacy training for personnel having responsibility for personally identifiable information (PII) at least annually.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops a comprehensive training and awareness strategy aimed at ensuring that personnel understand privacy responsibilities and procedures.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a comprehensive training and awareness strategy aimed at ensuring that personnel understand privacy responsibilities and procedures.
|
1.0 |
