1. Home
  2. Frameworks and Standards
  3. NIST Privacy Framework
  4. NIST Privacy Framework – GOVERN-P (GV-P) – Governance Policies, Processes, and Procedures (GV.PO-P)
Searching...

NIST Privacy Framework – GOVERN-P (GV-P) – Governance Policies, Processes, and Procedures (GV.PO-P)

Control(s)

Category

Governance Policies, Processes, and Procedures (GV.PO-P): The policies, processes, and procedures to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of privacy risk.

 

Subcategory

  • GV.PO-P1: Organizational privacy values and policies (e.g., conditions on data processing such as data uses or retention periods, individuals’ prerogatives with respect to data processing) are established and communicated.
  • GV.PO-P2: Processes to instill organizational privacy values within system/product/service development and operations are established and in place.
  • GV.PO-P3: Roles and responsibilities for the workforce are established with respect to privacy.
  • GV.PO-P4: Privacy roles and responsibilities are coordinated and aligned with third-party stakeholders (e.g., service providers, customers, partners).
  • GV.PO-P5: Legal, regulatory, and contractual requirements regarding privacy are understood and managed.
  • GV.PO-P6: Governance and risk management policies, processes, and procedures address privacy risks.

 

Function

  • GOVERN-P (GV-P)

 

What is the NIST Privacy Framework

The NIST Privacy Framework is a voluntary  tool for improving privacy through Enterprise Risk Management, to enable better privacy engineering practices that support privacy by design concepts and
help organizations protect individuals’ privacy. The Privacy Framework can support organizations in:

  • Building customers’ trust by supporting ethical decision-making in product and service design or
    deployment that optimizes beneficial uses of data while minimizing adverse consequences for
    individuals’ privacy and society as a whole;1
  • Fulfilling current compliance obligations, as well as future-proofing products and services to
    meet these obligations in a changing technological and policy environment; and
  • Facilitating communication about privacy practices with individuals, business partners,
    assessors, and regulators.

Source: https://www.nist.gov/privacy-framework/privacy-framework

Note: NIST and related copyright and trademarks belong to their respective owner(s). This guide is for educational purposes only.

Updated on September 24, 2022
Was this article helpful?
Yes No

Related Articles