CIPM Sustain Flashcards
1
Q
3 sustain elements
A
- monitor continuously
- audit
- communicate
2
Q
Things a Privacy Professional needs to monitor:
A
- ID gaps in privacy program
- changes in legislative/regulatory framework and update policy
- compliance/risk monitoring
- environmental monitoring: data loss prevention (DLP)(including contractors and CSP)
3
Q
Forms of monitoring
A
- active (IT) scanning tools for DLP
- audit
- breach monitoring, detection, notification
- complaint monitoring
- data management/retention strategies
- dashboards
- control based monitoring
- employee/visitor entry/exit strategy
- monitor external conditions
- monitor internal conditions
- regulatory based monitoring
4
Q
How does a Privacy Professional audit for risk management?
A
Check whether data processing carried out in accordance with organisations’s policies and procedures by systems level, operational level, processes level, and people level.
5
Q
What are the 5 steps of a privacy audit?
A
- planning
- preparation
- actual audit
- report to stakeholders
- follow up monitoring
6
Q
3 categories of a privacy audits
A
1) 1st party (internal): This is a self evaluation.
2) 2nd party (EU): This ensures supplier or sub-contractor meets documented requirements.
3) 3rd party (external)
7
Q
What should a Privacy Professional Communicate to contractors, vendors, and the workforce?
A
- create awareness of privacy program internally and externally (training, brand marketing)
- ensure flexibility, communicate changes
- ID documents requiring updates as PP changes: policies (internal) and notices (external)
- targeted employee, management, contractor training
