| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization reviews and reevaluates privileges at an organization-defined frequency.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews information system changes to determine whether unauthorized changes have occurred.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prevents the installation of unsigned software and firmware components.
|
1.0 |
|
Access To Designated Secure Area For Accessing Sensitive Information Limited To Authorized Personnel
Defines conformance and assessment criteria for verifying that an organization limits access to controlled areas during sensitive information processing times to only those personnel authorized to access or view sensitive information.
|
1.0 |
|
Specifies that a covered entity must have policies and procedures to ensure that an individual has a right of access, in a timely manner, to inspect and obtain a copy of protected health information about the individual, subject to certain restrictions and limitations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that access control mechanisms used to enable access sensitive information restricted by object.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for account creation approvals as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for account manager notification as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for account managers as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for account monitoring as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization monitors accounts for atypical usage.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization defines usage conditions for accounts.
|
1.0 |
|
Defines privacy requirements for controllers of sensitive information to be accountable for complying with the APEC Privacy Principles.
|
1.0 |
|
Defines privacy requirements related the enforcement of adherence to privacy polices through audit logs.
|
1.0 |
|
Defines privacy requirements organizations to ensure that parties most able to mitigate potential privacy risks are authorized to do so.
|
1.0 |
|
Defines privacy requirements organizations to ensure that parties most able to mitigate potential privacy violation incidents are authorized to do so.
|
1.0 |
|
Defines privacy requirements related to the promotion of accountability for how sensitive information is collected.
|
1.0 |
|
Defines privacy requirements related to monitoring for internal compliance for access and disclosure of sensitive information.
|
1.0 |
|
Defines privacy requirements organizations to ensure that parties most able to mitigate potential privacy risks are equipped to do so.
|
1.0 |
|
Defines privacy requirements organizations to ensure that parties most able to mitigate potential privacy violation incidents are equipped to do so.
|
1.0 |
|
Defines privacy requirements for controllers of sensitive information to be accountable for complying with their organization's privacy policy.
|
1.0 |
|
Defines privacy requirements for enforcing adherence to privacy policies through independent audits.
|
1.0 |
|
Defines privacy requirements for enforcing adherence to privacy policies through internal reviews.
|
1.0 |
|
Defines privacy requirements for organizations to promote accountability for how sensitive information is maintained.
|
1.0 |
|
Defines privacy requirements related to monitoring for internal compliance for reasonable mitigation measures.
|
1.0 |
