4 hours 7 minutes
Welcome to module three of 10 missed privacy framework core govern.
So looking at the course outline, we've now gone through the introduction, we've completed module one, which is an overview of this privacy framework and we've gone through module to which was in this private privacy framework core, identify. And we now move into module three where we're going through this privacy framework core govern.
So welcome to less than 3.1. Govern governance policies, processes and procedures.
So the learning objectives for this video are to look at the government function description, go through the government function, category number one governance policies, procedures and processes and then to look at the resources.
So in the new function that we're looking at now, which is the second function under uh this privacy framework, um The government function is focused on looking at the development and implementation of the organizational governance structure to enable an ongoing understanding of the organizations
risk management, priorities that are informed by privacy risk.
So really what this is focusing on is ensuring that you have proper documentation in place from policies, processes and procedures. They're gonna govern um your privacy risk management framework um as well as looking at roles and responsibilities that
um will be managing your privacy risk management framework.
So in looking at the sub categories P one through P six, that's really what this is focused on, is making sure that you have policies, processes and procedures to manage and monitor the organizations, regulatory, legal risk, environmental and operational requirements and knowing that they're understood
and informing the management of privacy risk.
So you're gonna want to make sure that you have policies on data processing um uh that include things as such as like data uses and retention periods, um as well as ensuring that processes are in place to instill organizational privacy values within your systems, products, services,
um development and operations
and then ensuring that roles and responsibilities for the workforce are established with respect to privacy
and that privacy roles and responsibilities are coordinated in line with third party stakeholders such as service providers, customers and partners, as well as looking at your legal, regulatory, regulatory and contractual requirements regarding privacy and making sure that those are understood and managed and having a governance structure in place
um for your risk management, policies, processes, procedures to address privacy risk.
So when doing all this, it's really building your privacy framework structure. That's going to manage this privacy program as well as the privacy risks. So whether you choose um having a D. P. O. Within your organization or this is going to be managed by a committee with a different personnel from various business functions.
It's up to you how you choose that governance structure, um that's going to manage your privacy risk management program as well as making sure that you have the requisite policies, processes and procedures in place um on how to manage your privacy risk, who is conducting the risk assessments and having a process or procedure in place for that. Um And possibly even having dedicated privacy personnel,
you may or may not have the resources for that or it may be that you have people that serve a dual purpose that are doing
that have other roles and responsibilities, but also have a privacy role.
So you're really gonna want to look at the bandwidth and the resources within your organization to help determine the structure and create your policies, processes and procedures.
Um and the whole point of building really this governance structure is for accountability. You want to make sure everyone uh from individuals at the senior executive level, all the way down to those that may have an implementation or operations role,
um understand what their role is within the privacy risk management framework,
um and how they're going to work together. Um Having that governance structure allows there to be collaboration amongst different levels of people within your organization and make sure that everyone is accountable um for what their role is and being able to communicate what their role is or what the organization stands on privacy risk management is.
So as you can see here from the chart, we show that, you know, the senior executive level, um it's really their responsibility to express the mission um showing what the risk tolerances are, the privacy values, communicating the budget to other functions for what
um their budget is for creating privacy risk management programs as well as accepting or declining those risk decisions um at the business process or manager level, they may have the responsibility for developing the profiles that we mentioned before, both current and target, which we will get into in a later module. Um They would also be responsible for allocating the budget that the senior executive level creates
and informing others um sort of of what the policies, processes and procedures are. And then finally at that implementation or operations level, they'd be responsible for implementing the profiles that are developed by the business process and manager uh managers
as well as monitoring progress and they would actually be the ones conducting the privacy risk assessments.
Um So breaking it down in this context allows you to be able to see at each level of the organization, how each level um is accountable to the other as well as what part they play in the privacy risk management program.
So there is a resource um you did use this in the identify function. Business environment category, but it can also be utilized for the govern um govern policies, processes and procedures category here to help you determine
um really what policies are processes or procedures you need to create as well as what governance structure that you're looking for to sort of govern your program. So the same worksheet can be used for that. It's something you may even want to do in conjunction together. Um Typically when people are building out their current profile,
typically the identify and govern function or two of the areas they're going to focus on
because you're trying to see what components you may already have in place and how possibly you want uh to build out your program. So this worksheet is really valuable in helping you determine that.
So in this video we review the subcategories of the governance policies, processes and procedures category. We discussed how accountability is a key privacy principle, and then we discussed in this prime worksheet number one and how it's a valuable resource. So I hope you'll join me as we move into the next video.
NIST 800-53: Introduction to Security and Privacy Controls
This course will provide Executives, Assessors, Analysts, System Administrators and students with the foundational knowledge ...
2 CEU/CPE Hours Available
Certificate of Completion Offered
CIS Top 20 Critical Security Controls
CIS Controls are a prioritized set of actions that protect your organization and data from ...
4 CEU/CPE Hours Available
Certificate of Completion Offered