last sync: 2023-Jun-02 17:44:47 UTC

Azure Policy definition

Update privacy plan, policies, and procedures

Name Update privacy plan, policies, and procedures
Azure Portal
Id 96333008-988d-4add-549b-92b3a8c42063
Version 1.1.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description CMA_C1807 - Update privacy plan, policies, and procedures
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Manual
Allowed
Manual, Disabled
RBAC
Role(s)
none
Rule
Aliases
Rule
ResourceTypes
IF (1)
Microsoft.Resources/subscriptions
Compliance The following 18 compliance controls are associated with this Policy definition 'Update privacy plan, policies, and procedures' (96333008-988d-4add-549b-92b3a8c42063)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19 Data Protection & Privacy 19134.05j1Organizational.5-05.j 05.02 External Parties Shared n/a The public has access to information about the organization's security and privacy activities and is able to communicate with its senior security official and senior privacy official. 12
ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Compliance Identification applicable legislation and contractual requirements Shared n/a All relevant legislative statutory, regulatory, contractual requirements and the organization's approach to meet these requirements shall be explicitly identified, documented and kept up to date for each information system and the organization. link 30
ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance Compliance with security policies and standards Shared n/a Managers shall regularly review the compliance of information processing and procedures within their area of responsibility with the appropriate security policies, standards and any other security requirements. link 36
ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Information Security Policies Policies for information security Shared n/a A set of policies for information security shall be defined, approved by management, published and communicated to employees and relevant external parties. link 42
ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Information Security Policies Review of the policies for information security Shared n/a The policies for information security shall be reviewed at planned intervals or if significant changes occur to ensure their continuing suitability, adequacy, and effectiveness. link 29
ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Organization of Information Security Information security roles and responsibilities Shared n/a All information security responsibilities shall be clearly defined and allocated. link 73
ISO27001-2013 C.4.4 ISO27001-2013_C.4.4 ISO 27001:2013 C.4.4 Context of the organization Information security management system Shared n/a The organization shall establish, implement, maintain and continually improve an information security management system, in accordance with the requirements of this International Standard. link 5
ISO27001-2013 C.5.1.a ISO27001-2013_C.5.1.a ISO 27001:2013 C.5.1.a Leadership Leadership and commitment Shared n/a Top management shall demonstrate leadership and commitment with respect to the information security management system by: a) ensuring the information security policy and the information security objectives are established and are compatible with the strategic direction of the organization; link 6
ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership Leadership and commitment Shared n/a Top management shall demonstrate leadership and commitment with respect to the information security management system by: b) ensuring the integration of the information security management system requirements into the organization’s processes. link 28
ISO27001-2013 C.5.2.a ISO27001-2013_C.5.2.a ISO 27001:2013 C.5.2.a Leadership Policy Shared n/a Top management shall establish an information security policy that: a) is appropriate to the purpose of the organization. link 4
ISO27001-2013 C.5.2.b ISO27001-2013_C.5.2.b ISO 27001:2013 C.5.2.b Leadership Policy Shared n/a Top management shall establish an information security policy that: b) includes information security objectives (see 6.2) or provides the framework for setting information security objectives. link 4
ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Leadership Policy Shared n/a Top management shall establish an information security policy that: c) includes a commitment to satisfy applicable requirements related to information security. link 23
ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Leadership Policy Shared n/a Top management shall establish an information security policy that: d) includes a commitment to continual improvement of the information security management system. link 23
ISO27001-2013 C.5.2.e ISO27001-2013_C.5.2.e ISO 27001:2013 C.5.2.e Leadership Policy Shared n/a Top management shall establish an information security policy. The information security policy shall: e) be available as documented information. link 4
ISO27001-2013 C.5.2.f ISO27001-2013_C.5.2.f ISO 27001:2013 C.5.2.f Leadership Policy Shared n/a Top management shall establish an information security policy. The information security policy shall: f) be communicated within the organization. link 4
ISO27001-2013 C.5.2.g ISO27001-2013_C.5.2.g ISO 27001:2013 C.5.2.g Leadership Policy Shared n/a Top management shall establish an information security policy. The information security policy shall: g) be available to interested parties, as appropriate. link 1
PCI_DSS_v4.0 12.4.1 PCI_DSS_v4.0_12.4.1 PCI DSS v4.0 12.4.1 Requirement 12: Support Information Security with Organizational Policies and Programs PCI DSS compliance is managed Shared n/a Responsibility is established by executive management for the protection of cardholder data and a PCI DSS compliance program to include: • Overall accountability for maintaining PCI DSS compliance. • Defining a charter for a PCI DSS compliance program and communication to executive management. link 5
PCI_DSS_v4.0 3.1.1 PCI_DSS_v4.0_3.1.1 PCI DSS v4.0 3.1.1 Requirement 03: Protect Stored Account Data Processes and mechanisms for protecting stored account data are defined and understood Shared n/a All security policies and operational procedures that are identified in Requirement 3 are: • Documented. • Kept up to date. • In use. • Known to all affected parties. link 3
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 96333008-988d-4add-549b-92b3a8c42063
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn
JSON