AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

Document process to ensure integrity of PII | Regulatory Compliance - Documentation

Azure BuiltIn Policy definition

Source Azure Portal
Display name Document process to ensure integrity of PII
Id 18e7906d-4197-20fa-2f14-aaac21864e71
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1827 - Document process to ensure integrity of PII
Additional metadata Name/Id: CMA_C1827 / CMA_C1827
Category: Documentation
Title: Document process to ensure integrity of PII
Ownership: Customer
Description: The customer is responsible for documenting processes to ensure the integrity of personally identifiable information (PII) through existing security controls.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 3 compliance controls are associated with this Policy definition 'Document process to ensure integrity of PII' (18e7906d-4197-20fa-2f14-aaac21864e71)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
hipaa 0943.09y1Organizational.1-09.y hipaa-0943.09y1Organizational.1-09.y 0943.09y1Organizational.1-09.y 09 Transmission Protection 0943.09y1Organizational.1-09.y 09.09 Electronic Commerce Services Shared n/a Data involved in electronic commerce and online transactions is checked to determine if it contains covered information. 4
SOC_2 P3.1 SOC_2_P3.1 SOC 2 Type 2 P3.1 Additional Criteria For Privacy Consistent personal information collection Shared The customer is responsible for implementing this recommendation. • Limits the Collection of Personal Information — The collection of personal information is limited to that necessary to meet the entity’s objectives. • Collects Information by Fair and Lawful Means — Methods of collecting personal information are reviewed by management before they are implemented to confirm that personal information is obtained (a) fairly, without intimidation or deception, and (b) lawfully, adhering to all relevant rules of law, whether derived from statute or common law, relating to the collection of personal information. • Collects Information From Reliable Sources — Management confirms that third parties from whom personal information is collected (that is, sources other than the individual) are reliable sources that collect information fairly and lawfully. • Informs Data Subjects When Additional Information Is Acquired — Data subjects are informed if the entity develops or acquires additional information about them for its use. 4
SOC_2 P4.2 SOC_2_P4.2 SOC 2 Type 2 P4.2 Additional Criteria For Privacy Personal information retention Shared The customer is responsible for implementing this recommendation. • Retains Personal Information — Personal information is retained for no longer than necessary to fulfill the stated purposes, unless a law or regulation specifically requires otherwise. • Protects Personal Information — Policies and procedures have been implemented to protect personal information from erasure or destruction during the specified retention period of the information. 2
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
SOC 2 Type 2 4054785f-702b-4a98-9215-009cbd58b141 Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add 18e7906d-4197-20fa-2f14-aaac21864e71
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC