myctrl.tools
Compare

SI-18(4)Individual Requests

PRIVACY

>Control Description

Correct or delete personally identifiable information upon request by individuals or their designated representatives.

>Cross-Framework Mappings

SCF

DCH-22.1
Compare
PRI-06
Compare
PRI-06.1
Compare

>Supplemental Guidance

Inaccurate personally identifiable information maintained by organizations may cause problems for individuals, especially in those business functions where inaccurate information may result in inappropriate decisions or the denial of benefits and services to individuals. Even correct information, in certain circumstances, can cause problems for individuals that outweigh the benefits of an organization maintaining the information. Organizations use discretion when determining if personally identifiable information is to be corrected or deleted based on the scope of requests, the changes sought, the impact of the changes, and laws, regulations, and policies.

Organizational personnel consult with the senior agency official for privacy and legal counsel regarding appropriate instances of correction or deletion.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern individual requests?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

  • What technical controls detect and respond to individual requests issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-18(4) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?

Ask AI

Configure your API key to use AI features.