When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this to document PII holdings and map privacy protections back to legal, regulatory, and contractual requirements.
PII inventory
| PII set | Data categories | Purpose | Justification/source requirement | System/location | Owner | Access roles | Supplier/third party | Transfer/jurisdiction | Retention | Controls | Review date |
|---|---|---|---|---|---|---|---|---|---|---|---|
Requirement mapping
| Requirement source | Requirement | Applies to PII set | Control/procedure | Evidence | Owner | Change trigger |
|---|---|---|---|---|---|---|
Related notes
- Template
- Iso27001
- Privacy
- Pii
Note Metadata
Aliases: PII Inventory
Source: 90 Templates/PII Inventory and Privacy Requirements Matrix.md
Related Notes
- Risk Assessment
- ISO 27001 A.5.34 - Privacy and Protection of PII
- A.5.34 Audit Evidence Pack
- ISO 27001 A.8.11 - Data Masking
- A.5 Organizational Controls Implementation Guide
- ISO27001-A.5.34 Privacy and Protection of PII
- GDPR to ISO 27001 Engineering Crosswalk
- EXAM-014 - Records, Privacy, and PII
- ISO 27002 Annex A Control Interpretation Map
- Data Masking Decision Register
- Legal and Contractual Requirements Register
- Templates MOC