AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

Document process to ensure integrity of PII | Regulatory Compliance - Documentation

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Document process to ensure integrity of PII

18e7906d-4197-20fa-2f14-aaac21864e71

Version

1.1.0
Details on versioning

Category

Regulatory Compliance
Microsoft Learn

Description

CMA_C1827 - Document process to ensure integrity of PII

Additional metadata

Name/Id: CMA_C1827 / CMA_C1827
Category: Documentation
Title: Document process to ensure integrity of PII
Ownership: Customer
Description: The customer is responsible for documenting processes to ensure the integrity of personally identifiable information (PII) through existing security controls.
Requirements: The customer is responsible for implementing this recommendation.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (1)
Microsoft.Resources/subscriptions

Compliance

The following 3 compliance controls are associated with this Policy definition 'Document process to ensure integrity of PII' (18e7906d-4197-20fa-2f14-aaac21864e71)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Policy#
hipaa	0943.09y1Organizational.1-09.y	hipaa-0943.09y1Organizational.1-09.y	0943.09y1Organizational.1-09.y	09 Transmission Protection	0943.09y1Organizational.1-09.y 09.09 Electronic Commerce Services	Shared	n/a	Data involved in electronic commerce and online transactions is checked to determine if it contains covered information.	4
SOC_2	P3.1	SOC_2_P3.1	SOC 2 Type 2 P3.1	Additional Criteria For Privacy	Consistent personal information collection	Shared	The customer is responsible for implementing this recommendation.	• Limits the Collection of Personal Information — The collection of personal information is limited to that necessary to meet the entity’s objectives. • Collects Information by Fair and Lawful Means — Methods of collecting personal information are reviewed by management before they are implemented to confirm that personal information is obtained (a) fairly, without intimidation or deception, and (b) lawfully, adhering to all relevant rules of law, whether derived from statute or common law, relating to the collection of personal information. • Collects Information From Reliable Sources — Management confirms that third parties from whom personal information is collected (that is, sources other than the individual) are reliable sources that collect information fairly and lawfully. • Informs Data Subjects When Additional Information Is Acquired — Data subjects are informed if the entity develops or acquires additional information about them for its use.	4
SOC_2	P4.2	SOC_2_P4.2	SOC 2 Type 2 P4.2	Additional Criteria For Privacy	Personal information retention	Shared	The customer is responsible for implementing this recommendation.	• Retains Personal Information — Personal information is retained for no longer than necessary to fulfill the stated purposes, unless a law or regulation specifically requires otherwise. • Protects Personal Information — Policies and procedures have been implemented to protect personal information from erasure or destruction during the specified retention period of the information.	2

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
HITRUST/HIPAA	a169a624-5599-4385-a696-c8d643089fab	Regulatory Compliance	GA	BuiltIn
SOC 2 Type 2	4054785f-702b-4a98-9215-009cbd58b141	Regulatory Compliance	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29	add	18e7906d-4197-20fa-2f14-aaac21864e71

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC