Approve and sign the Statement of Compliance.

Back

CONTROL ID
12392

CONTROL TYPE
Establish/Maintain Documentation

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Establish, implement, and maintain a Statement of Compliance., CC ID: 12499

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

Review and sign-off of results by personnel assigned responsibility for the PCI DSS compliance program. (12.4.2.1 Bullet 3, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
Review and sign-off of results by personnel assigned responsibility for the PCI DSS compliance program. (12.4.2.1 Bullet 3, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
Where the organization has chosen self-assessment, such verification must demonstrate that its privacy policy regarding personal information received from the EU is accurate, comprehensive, readily available, conforms to the Principles, and is completely implemented (i.e., is being complied with). I… (III.7.c., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
Where the organization has chosen outside compliance review, such verification must demonstrate that its privacy policy regarding personal information received from the EU is accurate, comprehensive, readily available, conforms to the Principles, and is completely implemented (i.e., is being complie… (III.7.d., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
Where the organization has chosen outside compliance review, such a review must demonstrate that its privacy policy regarding personal information received from the EU conforms to the Privacy Shield Principles, that it is being complied with, and that individuals are informed of the mechanisms throu… (§ III.7.d., EU-U.S. Privacy Shield Framework Principles)
Where the organization has chosen self-assessment, such verification must demonstrate that its privacy policy regarding personal information received from Switzerland is accurate, comprehensive, readily available, conforms to the Principles, and is completely implemented (i.e., is being complied wit… (iii.7.c., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
Where the organization has chosen outside compliance review, such verification must demonstrate that its privacy policy regarding personal information received from Switzerland is accurate, comprehensive, readily available, conforms to the Principles, and is completely implemented (i.e., is being co… (iii.7.d., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
Where the organization has chosen self-assessment, such verification must demonstrate that its privacy policy regarding personal information received from the EU is accurate, comprehensive, readily available, conforms to the Principles, and is completely implemented (i.e., is being complied with). I… (III.7.c., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
Where the organization has chosen outside compliance review, such verification must demonstrate that its privacy policy regarding personal information received from the EU is accurate, comprehensive, readily available, conforms to the Principles, and is completely implemented (i.e., is being complie… (III.7.d., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
Such certification or acknowledgment shall be submitted electronically in the form set forth on the department's website and shall be signed by the covered entity's highest-ranking executive and its CISO. If the covered entity does not have a CISO, the certification or acknowledgment shall be signed… (§ 500.17 Notices to Superintendent (b)(2), New York Codes, Rules and Regulations, Title 23, Chapter 1, Part 500 Cybersecurity Requirements for Financial Services Companies, Second Amendment)