Content library
SOC 2 (Systems and Organization Controls)
P8.1: Periodic monitoring of privacy compliance

How to fill the requirement

SOC 2 (Systems and Organization Controls)

P8.1: Periodic monitoring of privacy compliance

Task name
Priority
Status
Theme
Policy
Other requirements
Notification channel for the registered for reporting privacy problems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Informing and data subject requests
requirements

Task is fulfilling also these other security requirements

P8.1: Periodic monitoring of privacy compliance
SOC 2
1. Task description

The organization has created and communicated to registered users a process through which they can report questions, complaints or disputes related to data protection.

The organization has rules of procedure for handling, resolving and communicating issues that come to this channel. Valid issues that arise can be handled, for example, through the general non-conformity management process.

Tietosuojan seuranta ja valvontasuunnitelma
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Security and responsibilities
requirements

Task is fulfilling also these other security requirements

6.6.1: Tietoturvan ja tietosuojan seuranta ja valvonta
Self-monitoring
12: Digiturvan tilan seuraaminen
Sec overview
P8.1: Periodic monitoring of privacy compliance
SOC 2
6.8: Asiakas- ja potilastietojärjestelmien pääsynhallinnan ja käytön seurannan käytännöt
Tietoturvasuunnitelma
9.2.1: Data protection responsibilities
TISAX
1. Task description

Organisaation on määriteltävä, miten tehdään säännöllistä henkilötietojen käytön seurantaa (esim. tietoja voivat katsella ja käsitellä vain siihen oikeutetut henkilöt) ja miten toimitaan, jos väärinkäytöksiä ilmenee.

Treatment process and documentation of identified non-conformities
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Risk management
requirements

Task is fulfilling also these other security requirements

10.2: Non-conformity and corrective action
ISO27k1 Full
23: Häiriöiden- ja poikkeamienhallintaprosessi
Sec overview
CC4.2: Evaluation and communication of internal control deficiencies
SOC 2
21.4: Non-conformities and corrective actions
NIS2
P8.1: Periodic monitoring of privacy compliance
SOC 2
1. Task description

From the point of view of the information security management system, non-conformities are situations in which:

  • the organisation's security requirements are not matched by the management system
  • the procedures, tasks or guidelines defined in the management system are not complied with in the organisation's day-to-day operations

In systematic security work, all detected non-conformities must be documented. To treat the non-conformity, the organization must identify and implement improvements that correct it.

Regular, internal review of privacy policies
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Privacy by design and default
requirements

Task is fulfilling also these other security requirements

25. Data protection by design and by default
GDPR
A.7.2.1: Identify and document purpose
ISO 27701
TSU-15: Osoitusvelvollisuus
Julkri
P8.1: Periodic monitoring of privacy compliance
SOC 2
1. Task description

The task of the Data Protection Officer (or other responsible person) is to monitor that the Data Protection Regulation and other data protection requirements are complied with in the organisation's operations.

In making her assessment, the responsible person shall take into account the risk associated with the processing operations and of the nature, extent, context and purposes of the processing of personal data.

Regular external auditing of privacy policies
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Privacy by design and default
requirements

Task is fulfilling also these other security requirements

P8.1: Periodic monitoring of privacy compliance
SOC 2
1. Task description

The organization regularly conducts privacy audit. For example, the audit identifies shortcomings and development needs related to the processing of personal data and the processing of personal data.

No items found.