SOC 2
Privacy Additional Criteria for Privacy
P1.1
The entity provides notice to data subjects about its privacy practices to meet the entity?s objectives related to privacy. The notice is updated and communicated to data subjects in a timely manner for changes to the entity?s privacy practices including changes in the use of personal information to meet the entity?s objectives related to privacy.
Communicates to Data Subjects—Notice is provided to data subjects regarding the following:— Purpose for collecting personal information— Choice and consent— Types of personal information collected— Methods of collection (for example use of cookies or other tracking techniques)— Use retention and disposal— Access— Disclosure to third parties— Security for privacy— Quality including data subjects’ responsibilities for quality— Monitoring and enforcementIf personal information is collected from sources other than the individual such sources are described in the privacy notice.Provides Notice to Data Subjects—Notice is provided to data subjects (1) at or before the time personal information is collected or as soon as practical thereafter (2) at or before the entity changes its privacy notice or as soon as practical thereafter or (3) before personal information is used for new purposes not previously identified.Covers Entities and Activities in Notice —An objective description of the entities and activities covered is included in the entity’s privacy notice.Uses Clear and Conspicuous Language—The entity’s privacy notice is conspicuous and uses clear language.
Click here to Start your FREE trial today!
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- HIPAA
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- NIST-CSF
- CIS Framework Controls V8
Click here to Start your FREE trial today!