CIPM Questions and Answers Already Passed

CIPM Questions and Answers Already Passed Proactive privacy management is accomplished through three tasks 1) Define your organization's privacy vision and privacy mission statements 2) Develop privacy strategy 3) Structure your privacy team This is needed to structure responsibilities with business goals Strategic Management Identifies alignment to organizational vision and defines the privacy leaders for an organization, along with the resources necessary to execute the vision. Strategic Management model Member of the privacy team who may be responsible for privacy program framework development, management and reporting within an organization Privacy professional Strategic management of privacy starts by creating or updating the company's vision and mission statement based on privacy best practice Privacy best practices 1) Develop vision and mission statement objectives 2) define privacy program scope 3)identify legal and regulatory compliance challenges 4) identify organization personal information legal requirements This key factor that lays the groundwork for the rest of the privacy program elements and is typically comprised of a short sentence or two that describe the purpose and ideas in less than 30 seconds. Vision or mission statement This explains what you do as an organization, not who you are; what the organization stands for and why what you do an an organization to protect personal information is done Mission Statement What are the steps in the five step metric cycle Identify, Define, Select, Collect, Analyze The first step in the selecting the correct metrics starts by what? Identifying the intended metric audience The primary audience for metrics may include Legal and privacy officers, senior leadership; CIO, CSO, PM, Information Systems Owner (ISO), Information Security Officer (ISO), Others considered users and managers The secondary audience includes those who may not have privacy as a primary task include CFO, Training organizations, HR, IG, HIPPA security officials The tertiary audiences may be considered, based on the organization's specific or unique requirements such as who? External watch dog groups, Sponsors, Stockholders The difference between metrics audiences is based on what? Level of interest, influence and responsibility to privacy within the business objectives, laws and regulations, or ownership Specific to Healthcare metrics, audiences may include whom? HIPPA privacy officers, medical interdisciplinary readiness teams (MIRTs), senior executive staff, covered entity workforce, self assessment tool and risk analysis/management What is the second step in the metric life cycle? Define Reporting Procedures A metric owner must be able to do what? Evangelize the purpose and intent of that metric to the organization This person is the process owner, champion, advocate and evangelist responsible for management of the metric throughout the metric life cycle Metric Owner As Six Sigma teaches, an effective metric owner must do what? 1) Know what is critical about the metric, 2) Monitor process performance with the metric, 3) Make sure the process documentation is up to date, 4) Perform regular reviews, 5) Make sure that any improvements are incorporated and maintained in the process, 6) Advocate the metric to customers, partners and others, 7) Maintain training, documentation, and materials As a general practice, who should not perform the data collection tasks or perform the measurements of the metric? Metric Owner What is the third step in the metric life cycle Select Privacy Metrics Selecting the correct privacy metric requires what? Full understanding of the business objectives and goals, along with a clear understanding of the primary business functions. Prior to selecting metrics, the reader should first understand what? Attributes of an effective metric with metric taxonomy and how to limit improper metrics