https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-privacy-control-ar-1_-governance-and-privacy-program/4/NIST SP 800-53 r4 Privacy Control AR-1: Governance and Privacy Program4Profile of requirements corresponding to NIST Special Publication 800-53 r4, Privacy Control AR-1: Governance and Privacy Program.2021-04-26T00:00:00.000ZfalseThis document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.https://trustmarkinitiative.org/TMIPRIMARYhelp@trustmarkinitiative.org555-555-5555https://trustmarkinitiative.org/800-53AccountabilityAuditGovernanceNISTPrivacyPrivacy ProgramRisk Managementhttps://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---organizational-privacy-plan/1.0/1Governance and Privacy Program - Organizational Privacy Plan1.0Defines conformance and assessment criteria for verifying that an organization develops a strategic organizational privacy plan for implementing applicable privacy controls, policies, and procedures.https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---implements-privacy-policies/1.0/2Governance and Privacy Program - Implements Privacy Policies1.0Defines conformance and assessment criteria for verifying that an organization implements operational privacy policies that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---develops-privacy-policies/1.0/3Governance and Privacy Program - Develops Privacy Policies1.0Defines conformance and assessment criteria for verifying that an organization develops operational privacy policies that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---privacy-procedures-update/1.0/4Governance and Privacy Program - Privacy Procedures Update1.0Defines conformance and assessment criteria for verifying that an organization updates privacy procedures organization-defined frequency, at least biennially.https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---disseminates-privacy-procedures/1.0/5Governance and Privacy Program - Disseminates Privacy Procedures1.0Defines conformance and assessment criteria for verifying that an organization disseminates operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---monitoring-of-regulations-_general_/1.0/6Governance and Privacy Program - Monitoring of Regulations (General)1.0Defines conformance and assessment criteria for verifying that an organization monitors applicable privacy laws and policy for changes that affect its privacy program.https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---monitoring-of-regulations-_federal_/1.0/7Governance and Privacy Program - Monitoring of Regulations (Federal)1.0Defines conformance and assessment criteria for verifying that an organization monitors federal privacy laws and policy for changes that affect its privacy program.https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---disseminates-privacy-policies/1.0/8Governance and Privacy Program - Disseminates Privacy Policies1.0Defines conformance and assessment criteria for verifying that an organization disseminates operational privacy policies that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---senior-official-accountable-for-developing-privacy-program/1.0/9Governance and Privacy Program - Senior Official Accountable for Developing Privacy Program1.0Defines conformance and assessment criteria for verifying that an organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for developing an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---develops-privacy-procedures/1.0/10Governance and Privacy Program - Develops Privacy Procedures1.0Defines conformance and assessment criteria for verifying that an organization develops operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---privacy-policy-update/1.0/11Governance and Privacy Program - Privacy Policy Update1.0Defines conformance and assessment criteria for verifying that an organization updates privacy policies organization-defined frequency, at least biennially.https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---privacy-plan-updates/1.0/12Governance and Privacy Program - Privacy Plan Updates1.0Defines conformance and assessment criteria for verifying that an organization updates the strategic organizational privacy plan at an organization-defined frequency, at least biennially.https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---implements-privacy-procedures/1.0/13Governance and Privacy Program - Implements Privacy Procedures1.0Defines conformance and assessment criteria for verifying that an organization implements operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---senior-official-accountable-for-maintaining-privacy-program/1.0/14Governance and Privacy Program - Senior Official Accountable for Maintaining Privacy Program1.0Defines conformance and assessment criteria for verifying that an organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for maintaining an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---privacy-program-resources/1.0/15Governance and Privacy Program - Privacy Program Resources1.0Defines conformance and assessment criteria for verifying that an organization allocates sufficient budget and staffing resources to implement and operate the organization-wide privacy program.https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---senior-official-accountable-for-implementing-privacy-program/1.0/16Governance and Privacy Program - Senior Official Accountable for Implementing Privacy Program1.0Defines conformance and assessment criteria for verifying that an organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for implementing an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.SP800-53R4NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at <a href="http://dx.doi.org/10.6028/NIST.SP.800-53r4">http://dx.doi.org/10.6028/NIST.SP.800-53r4</a>.