CUST-19 Privacy Policy

Estimated reading: 2 minutes 1816 views

What is CUST-19 Privacy Policy Control?

A “Privacy Policy” is a statement or legal document that states how an organization or website collects, handles, and processes the data of its customers and visitors. It is important to review the policy at least annually and update it. Privacy frameworks require that a notification be sent to customers whenever the policy is updated.

Every organization with a website typically has a “Privacy Policy” available on the website.

Available tools in the marketplace

Tools
No tool recommendations for this section

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

Control implementation

To implement this control,

  1. Work with legal counsel to document the privacy policy.
  2. Review the policy frequently.
  3. For Privacy frameworks and regulations (GDPR, CCPA, ISO 27701, etc.),
    1. Implement a process to send out update notifications to customers whenever the policy is updated.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

  1. Provide a link to a privacy policy.

For Privacy frameworks and regulations (GDPR, CCPA, ISO 27701, etc.),

  1. Send out update notifications to customers whenever the policy is updated.

Evidence example

For the suggested action, an example is provided below:

  1. Provide a link to the privacy policy.
    Here is an example of the Privacy Policy at TrustCloud.

For Privacy frameworks and regulations (GDPR, CCPA, ISO 27701, etc.),

  1. Upload an example of an email notification of a privacy policy update.
    The following screenshot shows an email notification for the “Privacy Policy” update.
    Google search
    CUST 19 Privacy Policy

Join the conversation

You might also be interested in

Documentation Templates

Documentation Templates are documents that provide a content outline to meet certain documentation needs....

Backup policy template – Download for free

The Data Backup Plan template helps you document in detail the data backup needs...

HR-13 Employee Handbook/Code of Conduct

HR-13 Employee Handbook or Code of Conduct communicates the organization’s values and ethics. It...

AUTH-1 Single Sign On (SSO)

Single Sign On (SSO) Control is a best practice recommendation for critical systems....

Security Incident Report Template

The Security Incident Report template helps you document the steps used to assess and...

BIZOPS-6 Disaster Recovery Testing

BIZOPS-6 Disaster Recovery Testing control refers to the exercise of identifying the critical systems...

PDP-10 SDLC – Separation of environments

PDP-10 SDLC Separation of Environments is important to maintain separate environments to develop, test,...

Privacy Committee Charter Template

Privacy Committee Charter serves as a foundational document, establishing the framework for the committee's...
ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
OR