1713.03c1Organizational.3-03.c 03.01 Risk Management Program
The organization mitigates any harmful effect that is known to the organization of a use or disclosure of sensitive information (e.g., PII) by the organization or its business partners, vendors, contractors, or similar third-parties in violation of its policies and procedures.
The customer is responsible for implementing this recommendation.
• Ensures Accuracy and Completeness of Personal Information — Personal information
is accurate and complete for the purposes for which it is to be used.
• Ensures Relevance of Personal Information — Personal information is relevant to
the purposes for which it is to be used.