Content library
SOC 2 (Systems and Organization Controls)
P6.1: Disclosure of personal information to third parties with consent of the data subjects

How to fill the requirement

SOC 2 (Systems and Organization Controls)

P6.1: Disclosure of personal information to third parties with consent of the data subjects

Task name
Priority
Status
Theme
Policy
Other requirements
Listing of non-recurring data disclosures and contractual commitment to informing them to customers
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Informing and data subject requests
requirements

Task is fulfilling also these other security requirements

A.6.1: PII disclosure notification
ISO 27018
A.6.2: Recording of PII disclosures
ISO 27018
A.6: Use, retention and disclosure limitation
ISO 27018
A.8.5.1: Basis for PII transfer between jurisdictions
ISO 27701
A.8.5.4: Notification of PII disclosure requests
ISO 27701
1. Task description

The organization must have clear procedures for situations where the organization is required by law to disclose personal information to the authorities. In addition, a list must be kept of these individual data disclosures.

The organization shall pay particular attention to the communication of these situations and the timing of the communication to interested customers, unless this is illegal due to, for example, an ongoing investigation or other legal matter.

These practices must be describeable to interested customers upon request. Procedures and reporting obligations must be described, e.g. contracts for offered digital services.

Documentation of data disclosures for data stores
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Data transfer and disclosure
requirements

Task is fulfilling also these other security requirements

30. Records of processing activities
GDPR
28. Data processor
GDPR
12. Transparent information, communication and modalities for the exercise of the rights of the data subject
GDPR
A.6.2: Recording of PII disclosures
ISO 27018
A.7.3.7: PII controllers' obligations to inform third parties
ISO 27701
1. Task description

The data in a data store are, in principle, only available to that controller and under the same responsibility. If you pass data on to another organization for other use, you must clearly inform about it and state e.g. the recipient of the transfer and the legal basis.

No items found.