AzPolicyAdvertizer

last sync: 2023-Dec-06 18:52:29 UTC

Azure Policy definition

Make accounting of disclosures available upon request | Regulatory Compliance - Operational

Source

Azure Portal

Display name

Make accounting of disclosures available upon request

d4f70530-19a2-2a85-6e0c-0c3c465e3325

Version

1.1.0
Details on versioning

Category

Regulatory Compliance
Microsoft Learn

Description

CMA_C1820 - Make accounting of disclosures available upon request

Additional metadata

Name/Id: CMA_C1820 / CMA_C1820
Category: Operational
Title: Make accounting of disclosures available upon request
Ownership: Customer
Description: The customer is responsible for making the accounting of disclosures available to the person named in the record upon request.
Requirements: The customer is responsible for implementing this recommendation.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (1)
Microsoft.Resources/subscriptions

Compliance

The following 2 compliance controls are associated with this Policy definition 'Make accounting of disclosures available upon request' (d4f70530-19a2-2a85-6e0c-0c3c465e3325)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
hipaa	1902.06d1Organizational.2-06.d	hipaa-1902.06d1Organizational.2-06.d	1902.06d1Organizational.2-06.d	19 Data Protection & Privacy	1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements	Shared	n/a	When required, consent is obtained before any PII (e.g., about a client/customer) is emailed, faxed, or communicated by telephone conversation, or otherwise disclosed to parties external to the organization.		11
SOC_2	P6.7	SOC_2_P6.7	SOC 2 Type 2 P6.7	Additional Criteria For Privacy	Accounting of disclosure of personal information	Shared	The customer is responsible for implementing this recommendation.	• Identifies Types of Personal Information and Handling Process — The types of personal information and sensitive personal information and the related processes, systems, and third parties involved in the handling of such information are identified. • Captures, Identifies, and Communicates Requests for Information — Requests for an accounting of personal information held and disclosures of the data subjects’ personal information are captured and information related to the requests is identified and communicated to data subjects to meet the entity’s objectives related to privacy.		5

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
HITRUST/HIPAA	a169a624-5599-4385-a696-c8d643089fab	Regulatory Compliance	GA	BuiltIn
SOC 2 Type 2	4054785f-702b-4a98-9215-009cbd58b141	Regulatory Compliance	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29	add	d4f70530-19a2-2a85-6e0c-0c3c465e3325

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC