graphgrc

SCF - PRI-05.1 - Internal Use of Personal Data For Testing, Training and Research

Mechanisms exist to address the use of Personal Data (PD) for internal testing, training and research that:

• Takes measures to limit or minimize the amount of PD used for internal testing, training and research purposes; and
• Authorizes the use of PD when such information is required for internal testing, training and research.

  Mapped framework controls

  GDPR

• Art 11.1
• Art 18.1
• Art 18.2
• Art 5.1

ISO 27002

• A.5.33

SOC 2

• P4.1

Control questions

Does the organization address the use of Personal Data (PD) for internal testing, training and research that:

• Takes measures to limit or minimize the amount of PD used for internal testing, training and research purposes; and
• Authorizes the use of PD when such information is required for internal testing, training and research?

This site is open source. Improve this page.