PRI-14: Documenting Data Processing Activities

PRI-14 · Documenting Data Processing Activities

Control Description

Mechanisms exist to document Personal Data (PD) processing activities that cover collecting, receiving, processing, storing, transmitting, updating, sharing and disposal actions with sufficient detail to demonstrate conformity with applicable statutory, regulatory and contractual requirements.

Control Question

Assessment question for control validation

Does the organization document Personal Data (PD) processing activities that cover collecting, receiving, processing, storing, transmitting, updating, sharing and disposal actions with sufficient detail to demonstrate conformity with applicable statutory, regulatory and contractual requirements?

Control Weighting

Validation Cadence

Semi-Annual

NIST CSF Function

Identify

Supply Chain Risk Management (SCRM) Tiers

Applicable SCRM tier levels for this control

Tier 2 - Operational

Tier 3 - Tactical

Core Control Designations

Special designations and baseline inclusions

MAD: PRI-14

AI Model: PRI-14

Additional Metadata

Applicability (Process):