The NIST privacy framework refers to the term “current profile” to describe the current state of a company’s privacy program in relation to a specific Subcategory. So, for example, a company might include the following description in its current profile for the following subcategory:
Subcategory | Current Profile |
ID.IM-P1: Systems/products/services that process data are inventoried. | The company maintains a data inventory policy which requires that a data inventory be conducted every 12 months that identifies each system, product, and services that processes personal information. For systems, products, and services that have already been identified, the responsible employee for that system, product, or service is asked to verify the accuracy of the description that is contained within the inventory. |
The NIST privacy framework refers to the term “target profile” to describe the state that the company desires – but has not yet achieved – for its privacy program in the future. So, for example, a company might include the following description in the same subcategories target profile:
Subcategory | Target Profile |
ID.IM-P1: Systems/products/services that process data are inventoried. | The company maintains a data inventory policy which requires that a data inventory be conducted every 12 months that identifies each system, product, and services that processes personal information. For systems, products, and services that have already been identified, the responsible employee for that system, product, or service is asked to verify the accuracy of the description that is contained within the inventory. The company’s data inventory is electronically hosted online and maintains an audit trail of each responsible system owner that has reviewed a system’s description. The inventory automatically identifies when a system has not been reviewed and validated for accuracy within 12 months and triggers a reminder for the system owner to log into the inventory, review the system description, and modify the description as needed for accuracy. |