Content library
SOC 2 (Systems and Organization Controls)
P7.1: Collection and maintainment of accurate and relevant personal information

How to fill the requirement

SOC 2 (Systems and Organization Controls)

P7.1: Collection and maintainment of accurate and relevant personal information

Task name
Priority
Status
Theme
Policy
Other requirements
Ensuring and documenting the accuracy of personal data
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Privacy by design and default
requirements

Task is fulfilling also these other security requirements

A.7.4.3: Accuracy and quality
ISO 27701
TSU-12: Täsmällisyys
Julkri
P7.1: Collection and maintainment of accurate and relevant personal information
SOC 2
1. Task description

The organization should have a process for regularly assessing the accuracy and correctness of personal data, making necessary updates, and notifying data recipients of corrections.

The more important the accuracy of the information is, the more measures the controller must take to ensure the correctness of the information. Ensuring the correctness of the information is particularly important when decisions relevant to the individual are made on the basis of personal information. In this case, inaccurate and incorrect information can seriously endanger the data subject's rights (e.g. lead to incorrect treatment decisions).

Reviewing the execution of data minimisation
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Privacy by design and default
requirements

Task is fulfilling also these other security requirements

A.7.4.1: Limit collection
ISO 27701
TSU-10: Tietojen minimointi
Julkri
P7.1: Collection and maintainment of accurate and relevant personal information
SOC 2
1. Task description

The organization should limit the collection of personal data to the minimum level that is essential and necessary for the purpose of processing the personal data collected.

The realization of the principle should be ensured regularly from the point of view of all processing by comparing the documentation of the management system (e.g. the purposes of use of the data) with the personal data held by the organization in practice.

No items found.