| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization ensures that personnel electronically certify acceptance of responsibilities for privacy requirements at least annually.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that personnel manually certify acceptance of responsibilities for privacy requirements at least annually.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization updates a comprehensive training and awareness strategy aimed at ensuring that personnel understand privacy responsibilities and procedures.
|
1.0 |
|
Defines privacy requirements for exceptions to privacy principles are in accordance with applicable law.
|
1.0 |
|
Defines privacy requirements for exceptions to privacy principles to be made known to the public.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization documents a privacy risk management process that assesses privacy risk to individuals resulting from the collection, sharing, storing, transmitting, use, and disposal of personally identifiable information (PII).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a privacy risk management process that assesses privacy risk to individuals resulting from the collection, sharing, storing, transmitting, use, and disposal of personally identifiable information (PII).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization conducts Privacy Impact Assessments (PIAs) for information systems, programs, or other activities that pose a privacy risk in accordance with applicable law, OMB policy, or any existing organizational policies and procedures.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides an organized and effective response to privacy incidents in accordance with the organizational Privacy Incident Response Plan.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops a Privacy Incident Response Plan.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a Privacy Incident Response Plan.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization monitors internal privacy policy organization-defined frequency to ensure effective implementation.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization monitors privacy controls organization-defined frequency to ensure effective implementation.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides effective notice to the public and to individuals regarding the ability to access PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides effective notice to the public and to individuals regarding the choices, if any, individuals may have regarding how the organization uses PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides effective notice to the public and to individuals regarding the consequences of exercising or not exercising choices regarding the organization's use of PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides effective notice to the public and to individuals regarding the ability to have PII amended or corrected if necessary.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides effective notice to the public and to individuals regarding its activities that impact privacy, including its collection, use, sharing, safeguarding, maintenance, and disposal of personally identifiable information (PII).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides effective notice to the public and to individuals regarding its authority for collecting PII.
|
1.0 |
|
Specifies requirements for part of the contents of the privacy notice for individuals. The organization must promptly revise and distribute its notice whenever there is a material change to the privacy notice.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's Privacy Notice describes the PII the organization collects and the purpose(s) for which it collects that information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's Privacy Notice describes how the organization uses PII internally.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's Privacy Notice describes whether the organization shares PII with external entities, the categories of those entities, and the purposes for such sharing.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's Privacy Notice describes how individuals may obtain access to PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's Privacy Notice describes whether individuals have the ability to consent to specific uses or sharing of PII and how to exercise any such consent.
|
1.0 |
