last sync: 2023-Jan-27 18:40:07 UTC

Azure Policy definition

Ensure privacy program information is publicly available

Name Ensure privacy program information is publicly available
Azure Portal
Id 1beb1269-62ee-32cd-21ad-43d6c9750eb6
Version 1.1.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description CMA_C1867 - Ensure privacy program information is publicly available
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Manual
Allowed
Manual, Disabled
RBAC
Role(s)
none
Rule
Aliases
Rule
ResourceTypes
IF (1)
Microsoft.Resources/subscriptions
Compliance The following 4 compliance controls are associated with this Policy definition 'Ensure privacy program information is publicly available' (1beb1269-62ee-32cd-21ad-43d6c9750eb6)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Organization of Information Security Information security roles and responsibilities Shared n/a All information security responsibilities shall be clearly defined and allocated. link 73
ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Human Resources Security Terms and conditions of employment Shared n/a The contractual agreements with employees and contractors shall state their and the organization's responsibilities for information security. link 24
ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership Leadership and commitment Shared n/a Top management shall demonstrate leadership and commitment with respect to the information security management system by: c) ensuring that the resources needed for the information security management system are available. link 10
SOC_2 P1.1 SOC_2_P1.1 SOC 2 Type 2 P1.1 Additional Criteria For Privacy Privacy notice Shared The customer is responsible for implementing this recommendation. • Communicates to Data Subjects — Notice is provided to data subjects regarding the following: — Purpose for collecting personal information — Choice and consent — Types of personal information collected — Methods of collection (for example, use of cookies or other tracking techniques) — Use, retention, and disposal — Access — Disclosure to third parties — Security for privacy — Quality, including data subjects’ responsibilities for quality — Monitoring and enforcement • Provides Notice to Data Subjects — Notice is provided to data subjects (1) at or before the time personal information is collected or as soon as practical thereafter, (2) at or before the entity changes its privacy notice or as soon as practical thereafter, or (3) before personal information is used for new purposes not previously identified. • Covers Entities and Activities in Notice — An objective description of the entities and activities covered is included in the entity’s privacy notice. • Uses Clear and Conspicuous Language — The entity’s privacy notice is conspicuous and uses clear language. 5
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add 1beb1269-62ee-32cd-21ad-43d6c9750eb6
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
SOC 2 Type 2 4054785f-702b-4a98-9215-009cbd58b141 Regulatory Compliance GA BuiltIn
JSON
changes

JSON