4 hours 7 minutes
Welcome to Lesson two Point to Identiod Business Environment.
So in this video we're going to cover the identify category number two business environment. And look at the three subcategories of the business environment category.
So as you can see here, looking at how to read um the abbreviated element here, I. D. Once again is the function that business environment is, and then B. E. Stands for business environment for uh category. And then as you look at the subcategories we've got P one, P two and P. Three.
Um So there are three subcategories for the business environment category under the identify function.
So the business environment looks at the organization's mission objectives, stakeholders and activities um and that they're understood and prioritized as well as the information is used to inform privacy, roles, responsibilities and risk management decisions.
So in looking at P. One and P. Two and P. Three, something that we're going to focus on is the data processing ecosystem which we're going to get into in the next slide, Um but the organization's role within that data processing ecosystem is going to be identified and communicated.
And then also the organizational mission objectives and activities
for privacy. Risk management are also going to be established by the organization as well as the systems that are helping support those priorities, they're going to be identified and the key requirements are going to be communicated to others in the organization that may be responsible for handling privacy, risk management.
So what we mean when we're talking about the data processing ecosystem, we're really trying to look at the interconnected relationships among entities really that are involved in a certain process or enterprise, um or deploying systems, products or services or any components that are processing data.
So as you can see, sort of in our circle here we've got individuals,
we have civil society developers, business associates or partners, manufacturers. And so something to understand is that you may have different roles within the data processing ecosystem for even possibly different processes within your enterprise.
Um So you may have a service provider that's processing
certain types of personal data on your behalf as we mentioned. ADP in an earlier example, um you may even have marketing partners that are processing personal data on your behalf. Um and you could be the commercial product or service that's listed here.
Um And then in a sense, your business could also be a developer. You may develop products or applications
that are processing data um which would shift what your role is within that data processing ecosystem. So this is something that's constantly changing. It's never a static thing of where you may land in the data processing ecosystem.
Um Maybe your company opens up a new division and you're doing something completely different from what you may do in another division of your company.
That's gonna change where you fall within the data processing ecosystem. So this is something that you want to constantly be cognizant of and looking at to see has something shifted or something changed? Are you a data controller now instead of a data processor or are you both?
Um So really knowing um where you fall within your data processing ecosystem is vitally important.
So one of the resources that's really going to help you um identify sort of what your organizational objectives are, even what your missions are. There's a worksheet that kind of steps through all of those questions to help you identify um what that maybe if it's something that's not already established
in your organization and sat next prime worksheet number one,
framing organizational objectives and privacy governance, as I mentioned before, there is a link for this resource um within the resources section for this course. Um if you want to look for it yourself on this privacy framework website, it will be under the I D dot B E um
Uh either P one or P two or P three. I'm sure you will find the link
for this document, but like I said, I do have a link for within the resources section so that you don't have to go find it on your own.
So we'll do a quick quiz before we move on to the next video in this module.
So true or false. A company's role within the data processing ecosystem is predetermined and the same for every company. One true or to false.
I know you're going to get this right.
So the correct answer is false. If you remember, I said that your role within the data processing ecosystem is never something that's static and it's something that could change based on processes um that are prevalent within your enterprise. Um It also could change from division to division depending on what you're doing.
Um So in some instances you could be the data controller and you could have business partners
that are your processors and in some instances you could be the data processor or you could be both.
So it's something that you're always gonna want to keep in mind and constantly look at to see where your organization may fall within the data processing ecosystem.
So in this video we covered a
the data processing ecosystem and then we also discussed the next plan works number one that helps determine business objectives. So I hope you'll join me as we move into the next video.
NIST 800-53: Introduction to Security and Privacy Controls
This course will provide Executives, Assessors, Analysts, System Administrators and students with the foundational knowledge ...
2 CEU/CPE Hours Available
Certificate of Completion Offered
CIS Top 20 Critical Security Controls
CIS Controls are a prioritized set of actions that protect your organization and data from ...
4 CEU/CPE Hours Available
Certificate of Completion Offered