myctrl.tools
Compare

SI-18(5)Notice Of Correction Or Deletion

>Control Description

Notify organization-defined recipients of personally identifiable information and individuals that the personally identifiable information has been corrected or deleted.

>Cross-Framework Mappings

SCF

DCH-22.1
Compare
PRI-06.1
Compare
PRI-06.2
Compare

>Supplemental Guidance

When personally identifiable information is corrected or deleted, organizations take steps to ensure that all authorized recipients of such information, and the individual with whom the information is associated or their designated representatives, are informed of the corrected or deleted information.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern notice of correction or deletion?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

  • What technical controls detect and respond to notice of correction or deletion issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-18(5) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?

Ask AI

Configure your API key to use AI features.