Description: In-depth, comprehensive, professionally developed Privacy Program Plan (PPP) that includes documentation on all essential subject matter relating to addressing organizational-wide privacy risks for information (i.e., PII, PHI, CUI, etc.) being collected, used, shared & disclosed, stored, protected, retained, and disposed of as required by PM-18 of NIST SP 800-53, Revision 5. Note: It is highly recommended to purchase the additional supporting documents within the Program Management (PM) family to allow for complete coverage of all controls within PM-1 to PM-32.
The Privacy Program Plan includes the following sections:
Privacy Program Plan Overview
Privacy Program Foundational Principles
Privacy by Design Requirement
Fair Information Practice Principles
Privacy Roles and Responsibilities
Privacy Laws, Rules, Regulations, and Notice
Privacy (International and U.S.)
Rules and Regulations
Privacy Rights to Individuals
Personally Identifiable Information (PII)
Types of PII (PII, PHI, PIFI, etc.)
Authority to Process PII
PII Processing Purposes
System of Records Notice
Minimizing the Collection of PII
Handling and Transmitting PII
Privacy Impact Assessment (PIA) Requirements
Breach Prevention and Incident Response
Breach Response Plan
Core Response Group
Incident Response Personnel
Awareness and Training
Advanced Privacy Training
Rules of Behavior and Accountability
New Employee Orientation Training
Contractors and Third-Parties
Specifications:Developed in accordance with NIST SP 800-53, Revision 5 (12-10-2020), and other related security control frameworks, where applicable.
Control Family: Program Management (PM).
Security Control Baseline Coverage:Includes coverage for all LOW, MOD, and HIGH Baselines, per NIST SP 800-53B (12-10-2020).
Direct Compliance Use:FISMA, FedRAMP, NISP eMASS RMF, and other related NIST RMF reporting requirements for security and privacy. Can be used for mapping to DFARS NIST 800-171 and CMMC controls, where applicable.