CCI-003513
CCI-003513 Definition
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed will complete a Privacy Impact Assessment (PIA) for any information system that uses PII for testing and implement the identified controls.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the PIA for all information systems using PII for testing to ensure the PIA is completed and approved. The organization conducting the inspection/assessment inspects the information system to ensure the organization being inspected/assessed has properly implemented the controls identified in the PIA to protect PII.
Compelling Evidence
1.) Site must produce a signed PIA document for any site's information system(s) that uses PII for testing. 2.) Reviewer will verify that the documentation exists. 3.) Reviewer will verify and examine that the PIA for all information systems using PII for testing is created, completed, maintained and approved. 4.) Reviewer will verify that the PIA describes and identifies controls and how they are implemented. 5.) Reviewer must validate that the site properly implements controls identified in the PIA to insure PII is protected when used for testing.