GV.OC-03: Legal, regulatory, and contractual requirements regarding cybersecurity - including privacy and civil liberties obligations - are understood and managed
Ex1: Determine a process to track and manage legal and regulatory requirements regarding protection of individuals’ information (e.g., Health Insurance Portability and Accountability Act, California Consumer Privacy Act, General Data Protection Regulation)
Ex2: Determine a process to track and manage contractual requirements for cybersecurity management of supplier, customer, and partner information
Ex3: Align the organization’s cybersecurity strategy with legal, regulatory, and contractual requirements
Description
Legal, regulatory, and contractual requirements regarding cybersecurity - including privacy and civil liberties obligations - are understood and managed