last sync: 2024-May-27 19:38:21 UTC

Make SORNs available publicly | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Make SORNs available publicly
Id f3c17714-8ce7-357f-4af2-a0baa63a063f
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1865 - Make SORNs available publicly
Additional metadata Name/Id: CMA_C1865 / CMA_C1865
Category: Operational
Title: Make SORNs available publicly
Ownership: Customer
Description: The customer is responsible for publishing System of Records Notices (SORNs) on its public website.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
The following 3 compliance controls are associated with this Policy definition 'Make SORNs available publicly' (f3c17714-8ce7-357f-4af2-a0baa63a063f)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
hipaa 1906.06.c1Organizational.2-06.c hipaa-1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 19 Data Protection & Privacy 1906.06.c1Organizational.2-06.c 06.01 Compliance with Legal Requirements Shared n/a The organization documents compliance with the notice requirements by retaining copies of the notices issued by the organization for a period of six years and, if applicable, any written acknowledgements of receipt of the notice or documentation of good faith efforts to obtain such written acknowledgement. 4
hipaa 1907.06.c1Organizational.3-06.c hipaa-1907.06.c1Organizational.3-06.c 1907.06.c1Organizational.3-06.c 19 Data Protection & Privacy 1907.06.c1Organizational.3-06.c 06.01 Compliance with Legal Requirements Shared n/a The organization documents restrictions in writing and formally maintains such writing, or an electronic copy of such writing, as an organizational record for a period of six years. 4
hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 19 Data Protection & Privacy 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements Shared n/a The organization documents and maintains (i) designated record sets that are subject to access by individuals, and (ii) titles of the persons or office responsible for receiving and processing requests for access by individuals as organizational records for a period of six years. 11
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add f3c17714-8ce7-357f-4af2-a0baa63a063f
JSON compare
compare mode: version left: version right: