CCI-003424

The organization's privacy risk management process assesses the privacy risk to individuals resulting from the disposal of personally identifiable information (PII).

Implementation Guidance

The organization being inspected/assessed documents a privacy risk management process which assesses the privacy risk to individuals resulting from the disposal of PII. (http://iatraining.disa.mil/eta/piiv2/launchPage.htm)

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented privacy risk management process which assesses the privacy risk to individuals resulting from the disposal of PII. (http://iatraining.disa.mil/eta/piiv2/launchPage.htm)

Compelling Evidence

Supply documentation that refers to privacy risk management process which assesses the privacy risk to individuals resulting from the collection of PII. (http://iatraining.disa.mil/eta/piiv2/launchPage.htm)

The controls below (if any) were marked by NIST as being related to CCI-003424.