Critical business processes and sensitive data are compromised due to flawed monitoring and audit process.
The organization monitors and audits privacy controls and internal privacy policy [Assignment: organization-defined frequency] to ensure effective implementation.
Privacy controls are subject to periodic review and inspection by a neutral internal department or other.
No statewide control
Obtain data privacy policy and procedures; other relevant documents or records and ascertain if the organization has implemented mechanisms to monitor and audit privacy related controls and internal privacy policy on a periodic basis to ensure effective implementation.