Process Integrity Additional Criteria for Processing Integrity
The entity obtains or generates uses and communicates relevant quality information regarding the objectives related to processing including definitions of data processed and product and service specifications to support the use of products and services.
Identifies Information Specifications—The entity identifies information specifications required to support the use of products and services. Defines Data Necessary to Support a Product or Service—When data is provided as part of a service or product or as part of a reporting obligation related to a product or service:(1) The definition of the data is available to the users of the data(2) The definition of the data includes the following information:— The population of events or instances included in the data— The nature of each element (for example field) of the data (that is the event or instance to which the data element relates for example transaction price of a sale of XYZ Corporation stock for the last trade in that stock on a given day)— Source(s) of the data— The unit(s) of measurement of data elements (for example fields)— The accuracy/correctness/precision of measurement— The uncertainty or confidence interval inherent in each data element and in the population of those elements— The date the data was observed or the period of time during which the events relevant to the data occurred— The factors in addition to the date and period of time used to determine the inclusion and exclusion of items in the data elements and population(3) The definition is complete and accurate.(4) The description of the data identifies any information that is necessary to understand each data element and the population in a manner consistent with its definition and intended purpose (meta-data) that has not been included within the data.
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- CIS Framework Controls V8