Content library
SOC 2 (Systems and Organization Controls)
P6.4: Obtaining privacy commitments from third parties and assesment of compliance

How to fill the requirement

SOC 2 (Systems and Organization Controls)

P6.4: Obtaining privacy commitments from third parties and assesment of compliance

Task name
Priority
Status
Theme
Policy
Other requirements
Data processing partner listing and owner assignment
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Partner management
Agreements and monitoring
requirements

Task is fulfilling also these other security requirements

28. Data processor
GDPR
44. General principle for transfers
GDPR
26. Joint controllers
GDPR
15.1.1: Information security policy for supplier relationships
ISO27 Full
8.1.1: Inventory of assets
ISO27 Full
1. Task description

The organization must maintain a list of partners who have access to confidential information. System vendors and processors of personal data are listed separately from other stakeholders because they play an active role in the processing of data.

Inventory and documentation of data processing agreements
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Data transfer and disclosure
requirements

Task is fulfilling also these other security requirements

28. Data processor
GDPR
15.1.2: Addressing security within supplier agreements
ISO27 Full
13.2.2: Agreements on information transfer
ISO27 Full
A.8.2.4: Infringing instruction
ISO 27701
5.14: Information transfer
ISO27k1 Full
1. Task description

The processors of personal data (e.g. providers of data systems, other partners using our employee or customer data) and the agreements related to the processing of personal data have been documented. The documentation includes e.g.:

  • Processor name and location
  • Purpose of processing data
  • Status of agreement
Partners' data protection commitments and its monitoring
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Security and responsibilities
requirements

Task is fulfilling also these other security requirements

P6.4: Obtaining privacy commitments from third parties and assesment of compliance
SOC 2
1. Task description

Data protection commitments are collected from partners who process personal data, through which they assure the correct processing of personal data. These commitments may be part of an agreement on the processing of personal data.

The organization itself has also defined operating methods for monitoring these commitments with regard to partners and for taking the necessary measures.

No items found.