Classify the following scenario as major or minor non-conformity.“The organization has a very mature information security policy. Lately, the organization has realized the need to focus on protection of PI. A formal PI identification exercise was done for this purpose and a mapping of PI and security controls was done. The organization has also put in place data masking technology in certain functions where the SPI was accessed by employees of a third party. However, the organization is yet to include PI specifically in its risk assessment exercise, incident management, testing, data classification and security architecture programs.”
The entire assessment process, from commencement to submission of final report to DSCI must be completed within 2 weeks.
The assessor organization can issue the DSCI certification to the assessee organization if it is satisfied with the assessment outcome.
Certification once granted, will be valid for period of _______ years subject to surveillance assessments.
Classify the following scenario as major or minor non-conformity.“The organization is aware of the PI dealt by it at a broad level based on the business services provided but does not have the detailed view of which business functions, processes or relationships deal with what types of PI including usage, access, transmission, storage, etc.”
What are the two phases of DSCI Privacy Third Party Assessment?
