last sync: 2023-Jan-27 18:40:07 UTC

Azure Policy definition

Implement methods for consumer requests

Name Implement methods for consumer requests
Azure Portal
Id b8ec9ebb-5b7f-8426-17c1-2bc3fcd54c6e
Version 1.1.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description CMA_0319 - Implement methods for consumer requests
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Manual
Allowed
Manual, Disabled
RBAC
Role(s)
none
Rule
Aliases
Rule
ResourceTypes
IF (1)
Microsoft.Resources/subscriptions
Compliance The following 2 compliance controls are associated with this Policy definition 'Implement methods for consumer requests' (b8ec9ebb-5b7f-8426-17c1-2bc3fcd54c6e)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Operations Security Event Logging Shared n/a Event logs recording user activities, exceptions, faults and information security events shall be produced, kept and regularly reviewed. link 53
SOC_2 P5.1 SOC_2_P5.1 SOC 2 Type 2 P5.1 Additional Criteria For Privacy Personal information access Shared The customer is responsible for implementing this recommendation. • Authenticates Data Subjects’ Identity — The identity of data subjects who request access to their personal information is authenticated before they are given access to that information. • Permits Data Subjects Access to Their Personal Information — Data subjects are able to determine whether the entity maintains personal information about them and, upon request, may obtain access to their personal information. • Provides Understandable Personal Information Within Reasonable Time — Personal information is provided to data subjects in an understandable form, in a reasonable time frame, and at a reasonable cost, if any. • Informs Data Subjects If Access Is Denied — When data subjects are denied access to their personal information, the entity informs them of the denial and the reason for the denial in a timely manner, unless prohibited by law or regulation. 2
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add b8ec9ebb-5b7f-8426-17c1-2bc3fcd54c6e
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
SOC 2 Type 2 4054785f-702b-4a98-9215-009cbd58b141 Regulatory Compliance GA BuiltIn
JSON
changes

JSON