Back

Include an overview of applicable information security controls in the privacy policy, as necessary.


CONTROL ID
13117
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Define what is included in the privacy policy., CC ID: 00404

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • how the entity collects and holds personal information; (Schedule 1 Part 1 Clause 1 Subclause 1.4(b), Australian Privacy Act 1988, Compilation No. 77)
  • Document the controls for the system and environment of operation in security and privacy plans. (TASK S-4, Risk Management Framework for Information Systems and Organizations, A System Life Cycle Approach for Security and Privacy, NIST SP 800-37, Revision 2)
  • The licensee's policies and practices with respect to protecting the confidentiality and security of nonpublic personal information; and (Section 7.A(8), Privacy of Consumer Financial and Health Information Regulation, NAIC MDL-672, Q2 2017)
  • the steps being taken by the state agency to protect the confidentiality and integrity of the information. (ยง 203.1(g), New York State Technology Law, Article 2 Internet Security and Privacy Act)