Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >AESCSF
  3. >PRIVACY
  4. >Manage Personal Information And Privacy
  5. >AESCSF-PRIVACY-1A
AESCSF-PRIVACY-1AActive

Privacy requirements applicable to the organisation have been identified, even in an ad-hoc manner.

Statement

Privacy requirements applicable to the organisation have been identified, even in an ad-hoc manner.

Context and Guidance: Privacy requirements may be imposed by applicable legislation, for example:

  • Federal legislation (Privacy Act, Consumer Data Right);
  • State-based legislation (e.g. Health Records and Information Privacy Act 2002 NSW, Health Records Act 2001 VIC, Health Records Privacy and Access Act 1997 ACT).

Privacy requirements may also be imposed by contracts/agreements with customers or suppliers.

Location

Domain
PRIVACY
Objective
Manage Personal Information and Privacy

Practice Details

Identifier
AESCSF-PRIVACY-1A
Type
Practice
Domain
PRIVACY
Objective
Manage Personal Information and Privacy

Maturity Level

MIL-1MIL-2MIL-3

Security Profile

SP-1SP-2SP-3
ISO 27001
ISO27001-5.31relatedvia aescsf-reference
ISO27001-5.34relatedvia aescsf-reference
View in graphReport an issue
← Back to Manage Personal Information and Privacy
Manage Personal Information and Privacy16 controls
AESCSF-PRIVACY-1APrivacy requirements applicable to the organisation have been identified, even in an ad-hoc manner.AESCSF-PRIVACY-1BThe organisation has defined what it considers personal information in the context of its business activities, even i...AESCSF-PRIVACY-1CThere is a point of contact (person or role) to whom privacy issues could be reported, even in an ad-hoc manner.AESCSF-PRIVACY-1DBusiness activities which involve the collection, processing, storage or transmission of personal information have be...AESCSF-PRIVACY-1EThe organisation's personal information holdings are documentedAESCSF-PRIVACY-1FA privacy policy has been documented and communicated within the organisation and the general publicAESCSF-PRIVACY-1GThe organisation's requirements for handling of personal information have been defined within the privacy policyAESCSF-PRIVACY-1HSpecific roles and accountabilities have been assigned for privacy management within the organisationAESCSF-PRIVACY-1IA privacy management plan has been implemented to govern the organisation's ongoing compliance with applicable privac...AESCSF-PRIVACY-1JPrivacy related risks have been identified, assessed and documented in a risk registerAESCSF-PRIVACY-1KA documented process exists for responding to privacy enquiries and complaints, including customer correction of thei...AESCSF-PRIVACY-1LThe organisation provides privacy training to staff responsible for handling personal informationAESCSF-PRIVACY-1MExisting incident response plan specifically consider data breach scenarios involving personal informationAESCSF-PRIVACY-1NIncident response plans for data breach scenarios are tested periodically and updated based on improvement opportunit...AESCSF-PRIVACY-1OThe organisation's compliance with applicable privacy requirements is periodically assessed and reported to senior ma...AESCSF-PRIVACY-1PThe privacy management plan is periodically updated to reflect the changing threat and regulatory environment