Manage the Privacy Management library
The Privacy Management library consists of authority documents, citations, control objectives, policies, and [PI] Information objects that help to manage the privacy content.
Authority documents
- Statutes (Bills or Acts)
- Regulations
- Audit Guidelines
Citations
Citations are records with the specific requirements cited by an authority document. A citation relates authority documents to its applicable controls. Each citation has control objectives.
Policies
Policies include control objectives. Policies can also be associated to authority documents. Policies are published and regularly updated with incremented versions. For more information on policies, refer to Policy and Compliance Management.
Risk statements
Using risk statements you can create a central risk register to manage potential privacy risks that may occur any time and any where in an organization.
Privacy assessments
Privacy assessments are used to collect information from business owners. This information helps the privacy teams to understand how personal information (PI) is being used or stored in a processing activity.
Risk assessments
The risk assessments capability enables you to determine the organizational privacy risk posture using criticality and privacy risk assessments.
PI Information objects
[PI] Information objects refer to information objects that are of type Personal information. To understand the benefit of using information objects in the Privacy Management solution, refer to Information objects in Privacy Management. Maintaining a library of [PI] Information objects and associating them with the processing activities helps the privacy teams to understand what personal information (PI) is being processed by the processing activity.
Only the information objects that are tagged with the Personal information tag are available to be added to a processing activity. For more information on how to tag information objects see, Tag an information object with personal information.