1. Home
  2. Frameworks and Standards
  3. NIST Privacy Framework
  4. NIST Privacy Framework – IDENTIFY-P (ID-P) – Inventory and Mapping (ID.IM-P)
Searching...

NIST Privacy Framework – IDENTIFY-P (ID-P) – Inventory and Mapping (ID.IM-P)

Requirement(s)

Category

Inventory and Mapping (ID.IM-P): Data processing by systems, products, or services is understood and informs the management of privacy risk.

Subcategory

  • ID.IM-P1: Systems/products/services that process data are inventoried.
  • ID.IM-P2: Owners or operators (e.g., the organization or third parties such as service providers, partners, customers, and developers) and their roles with respect to the systems/products/services and components (e.g., internal or external) that process data are inventoried.
  • ID.IM-P3: Categories of individuals (e.g., customers, employees or prospective employees, consumers) whose data are being processed are inventoried.
  • ID.IM-P4: Data actions of the systems/products/services are inventoried.
  • ID.IM-P5: The purposes for the data actions are inventoried.
  • ID.IM-P6: Data elements within the data actions are inventoried.
  • ID.IM-P7: The data processing environment is identified (e.g., geographic location, internal, cloud, third parties).
  • ID.IM-P8: Data processing is mapped, illustrating the data actions and associated data elements for systems/products/services, including components; roles of the component owners/operators; and interactions of individuals or third parties with the systems/products/services.

 

Function

  • IDENTIFY-P (ID-P)

What is the NIST Privacy Framework

The NIST Privacy Framework is a voluntary  tool for improving privacy through Enterprise Risk Management, to enable better privacy engineering practices that support privacy by design concepts and
help organizations protect individuals’ privacy. The Privacy Framework can support organizations in:

  • Building customers’ trust by supporting ethical decision-making in product and service design or
    deployment that optimizes beneficial uses of data while minimizing adverse consequences for
    individuals’ privacy and society as a whole;1
  • Fulfilling current compliance obligations, as well as future-proofing products and services to
    meet these obligations in a changing technological and policy environment; and
  • Facilitating communication about privacy practices with individuals, business partners,
    assessors, and regulators.

Source: https://www.nist.gov/privacy-framework/privacy-framework

Note: NIST and related copyright and trademarks belong to their respective owner(s). This guide is for educational purposes only.

Updated on September 24, 2022
Was this article helpful?
Yes No

Related Articles