CMMI官方关于确保客户数据安全和隐私的说明
ISACA致力于确保客户的数据安全和隐私。因此,我们一直关注着可能会对ISACA业务产生影响的法律法规,并采取措施以保护数据安全和隐私。
随着CMMI采用度的持续增长,我们非常乐意就ISACA为了确保遵守《数据安全法》(DSL)和《个人信息保护法》(PIPL)等中国法律法规而采取的保护措施进行交流。
1. 我们更新了 CMMI合作伙伴指南和相关政策,其中包括了处理或转移个人信息以及重要数据时需采取的必要控制措施。
2. 我们将指定一家中国境内代理,以遵守中央网络安全和信息化委员会办公室(CAC)对数据传输的要求。
3. 我们将持续对合作伙伴和主任评估师进行培训并提供建议,以确保个人信息和敏感的重要数据在上传至 CMMI CAS系统之前已被屏蔽、匿名化或移除。ISACA感谢在 CMMI框架和评估生态系统中所有参与者付出的积极努力。
原文:
At ISACA, we strive to ensure the security and privacy of customer data. As part of this effort, we are constantly looking at relevant laws and regulations that could impact the way we conduct business and well as protections to ensure data security and privacy.
As CMMI adoption continues to grow, we would like to communicate what we are doing to ensure we comply with China laws and regulations such as the Data Security Law (DSL) and the Personal Information Protection Law (PIPL).
1. We have updated our CMMI Partner Guide and associated policies to include necessary controls that are needed when processing or transferring personal data as well as ‘important data’.
2. We will be appointing a local agent in China to comply with data transfer requirements of the Cybersecurity Administration of China (CAC).
3. We will continue to educate and advise partners and lead appraisers to ensure personal and sensitive ‘important data’ is masked, anonymized, or removed before adding to the CMMI CAS system.
ISACA appreciates the positive effort given by all participants in the CMMI framework and appraisal ecosystem.