Goal: according to business requirements and related laws and regulations, to provide PII protection management guidance and support,
Control
Participate in the handling of PII organization shall use and protection of PII strategy,
The implementation of the protection PII guide
Privacy policy should include: the support and commitment to comply with applicable PII protection laws, contract requirements, and other internal policy statement slightly (separate privacy policy or addition to the existing strategy),
The theme of the privacy and security policy might not cover each other, although they are closely related to information security policy and privacy policy should be slightly involves information confidentiality, integrity, and availability, in addition, the privacy policy should also involve topics such as agreed and personal access,
ISO/IEC 29100 provides guidance for the implementation of privacy framework, PII protection strategy should be:
- suitable for the purpose of the organization;
- the organization collection and handling PII transparent;
- to provide framework for protecting PII target;
For the problem of protecting PII decision-making rules;
- define privacy risk acceptance criteria (see ISO/IEC 29134 6.3.1);
- including the commitment to meet the requirements of the applicable privacy protection;
- including the commitment to continual improvement;
- communicate in the organization; And
- discretionary provided to interested parties,
If you want to more detailed understanding of system certification guidelines, please search China grand coalition, fast one step, the achievements management style,