IVI Framework Viewer

Governance, Management, and Oversight

Capability Building Blocks

A1Strategy, Policies, and Controls
Establish a strategy for protecting personal data. Design, develop, and maintain personal data protection policies and controls that comply with relevant data protection standards, regulations, and laws, and that align with the organization's business model and objectives. Promote and drive personal data protection compliance.
A2Supplier Management
Define personal data protection qualification criteria for identifying and validating suppliers, and select suppliers who are committed to observing the organization's personal data protection obligations. Draft and agree the data processor contract, and manage contract compliance with the suppliers.
A3Monitoring, Reporting, and Enforcement
Establish appropriate measures for enforcing compliance and monitoring and reporting non-compliance with personal data protection policies, and for taking remedial action where necessary. Drive improvements based on lessons learned from incidents (e.g. data breaches and inappropriate or unauthorized data access) and near-incidents.