An error occurred:

CCI-004463

CCI-004463 Definition

Appoint a Senior Accountable Official for Risk Management to align organizational information privacy management processes with strategic, operational, and budgetary planning processes.
Status
Type CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if: - a Senior Accountable Official for Risk Management is appointed. - a Senior Accountable Official for Risk Management aligns information security and privacy management processes with strategic, operational, and budgetary planning processes.

Validation Procedures

Examine: [SELECT FROM: Information security program plan; privacy program plan; risk management strategy; supply chain risk management strategy; documentation of appointment, roles, and responsibilities of a Senior Accountable Official for Risk Management; documentation of actions taken by the Official; documentation of the establishment, policies, and procedures of a Risk Executive (function)]. Interview: [SELECT FROM: Senior Accountable Official for Risk Management; chief information officer; senior agency information security officer; senior agency official for privacy; organizational personnel with information security and privacy program responsibilities].