In this task you are asked to describe a specific control defined and implemented in your organisation, which is in scope for this assessment. You’ll see the name of the control area in question in the header (e.g. “Data processor instructions from the data controller”).
In the task-message field in the upper left corner you’ll see what control you are asked to describe in this task.
An example of a Control could be: “Describe how it is ensured that data processors only process data under instructions from data controllers and attach the procedure that supports the control”
Write your response in the Control description field. Your response could be: “Personal data is only processed according to directions from the Data Controller.”
After you’ve described the control you must attach the policy or procedure that you have in place to ensure the control is adequately implemented. You can drag and drop the document or click on the green link in the attachment field.
Documentation collection chat
If you have any questions or need to send a message to your auditor (or the task responsible), you can write your comment in the Documentation collection chat and press “send”. you will get an e-mail notification when you receive an answer back – the answer will appear in the box below.
You can either “Save without complete” if you are waiting on a response or need to come back to this task later – or you can press “Complete” and continue to the next task.