myctrl.tools
Compare

SI-19(1)Collection

>Control Description

De-identify the dataset upon collection by not collecting personally identifiable information.

>Cross-Framework Mappings

SCF

DCH-22.3
Compare
DCH-23.1
Compare

>Supplemental Guidance

If a data source contains personally identifiable information but the information will not be used, the dataset can be de-identified when it is created by not collecting the data elements that contain the personally identifiable information. For example, if an organization does not intend to use the social security number of an applicant, then application forms do not ask for a social security number.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern collection?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

  • What technical controls detect and respond to collection issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-19(1) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?

Ask AI

Configure your API key to use AI features.