myctrl.tools
Compare

SI-18(1)Automation Support

>Control Description

Correct or delete personally identifiable information that is inaccurate or outdated, incorrectly determined regarding impact, or incorrectly de-identified using organization-defined automated mechanisms.

>Cross-Framework Mappings

SCF

DCH-22
Compare

>Supplemental Guidance

The use of automated mechanisms to improve data quality may inadvertently create privacy risks. Automated tools may connect to external or otherwise unrelated systems, and the matching of records between these systems may create linkages with unintended consequences. Organizations assess and document these risks in their privacy impact assessments and make determinations that are in alignment with their privacy program plans.As data is obtained and used across the information life cycle, it is important to confirm the accuracy and relevance of personally identifiable information.

Automated mechanisms can augment existing data quality processes and procedures and enable an organization to better identify and manage personally identifiable information in large-scale systems. For example, automated tools can greatly improve efforts to consistently normalize data or identify malformed data. Automated tools can also be used to improve the auditing of data and detect errors that may incorrectly alter personally identifiable information or incorrectly associate such information with the wrong individual.

Automated capabilities backstop processes and procedures at-scale and enable more fine-grained detection and correction of data quality errors.

>Related Controls

PM-18
RA-8

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern automation support?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

  • What technical controls detect and respond to automation support issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-18(1) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?

Ask AI

Configure your API key to use AI features.