GV.OC-03:
Legal, regulatory, and contractual requirements regarding cybersecurity - including privacy and civil liberties obligations - are understood and managed
Implementation Examples
Ex1:
Determine a process to track and manage legal and regulatory requirements regarding protection of individuals' information (e.g., Health Insurance Portability and Accountability Act, California Consumer Privacy Act, General Data Protection Regulation)
Ex2:
Determine a process to track and manage contractual requirements for cybersecurity management of supplier, customer, and partner information
Ex3:
Align the organization's cybersecurity strategy with legal, regulatory, and contractual requirements