How do Administrative Controls demonstrate “due care”?
Administrative controls consist of approved written policies, procedures, standards and guidelines. Administrative controls form the basis for the selection and implementation of logical and physical controls. Logical and physical controls are manifestations of administrative controls. Some industry sectors have policies, procedures, standards and guidelines that must be followed – the Payment Card Industry (PCI) Data Security Standard required by Visa and Master Card is such an example. Other examples of administrative controls include the corporate security policy of Gramm-Leach-Bailey (GLB), which pertains to financial records maintained by brokerages, banks, lending institutions, and credit unions. GLB addresses the need for CIA over the financial records of consumers, and it outlines specific obligations that must be taken by these institutions to protect the data associated with such records.
Due care policies identify the level of care used to maintain the confidentiality of private information. The objectives of due care policies are to protect and safeguard customer and clients records.
These organizations help craft due care diligence obligation for organizations, mandate the creation of Administrative Controls to protect the private personal information of consumers, and define the private property of a consumer and a company.
Due care has steps that are taken to show that a company has taken responsibility for the activities that take place within the corporation and have taken the necessary steps to help protect the company, its resources, and employees. A prudent person takes due care to ensure that everything necessary is done to operate the business by sound business principles and in a legal ethical manner. They inform people on how the business is to be run and how day to day operations are to be conducted. One of the leading ways to handle due care...