UNDERSTANDING THE NIST PRIVACY FRAMEWORK
Below is a description of each function within the Privacy Framework and a select few examples of a corresponding category, as well examples of that category’s respective subcategories:
Identify-P: Develop the organizational understanding to manage privacy risk for individuals arising from data processing.
- Category: Inventory and Mapping: Data processing by systems, products, or services is understood and informs the management of privacy risk
- Subcategory: Systems/products/services that process data are inventoried (ID.IM-P1); Owners or operators (e.g., the organization or third parties—such as service providers, partners, customers, and developers) and their roles with respect to the systems/products/services and components (e.g., internal or external) that process data are inventoried (ID.IM-P2); Categories of individuals (e.g., customers, employees or prospective employees, consumers) whose data are being processed are inventoried (ID.IM-P3).
Govern-P: Develop and implement the organizational governance structure to enable an ongoing understanding of the organization’s risk management priorities that are informed by…
