Policy & Standards Library

Policy & Standards Library contains policies, processes, standards, and tools that your organization uses to mitigate privacy risks and demonstrate compliance and accountability. These are known as Accountability Mechanisms. PrivacyCentral allows you to add and manage Accountability Mechanisms in either the Accountability Mechanisms tab or the Evidence Library tab of the Policy & Standards Library

All of the existing Accountability Mechanisms are migrated to the company level. They can be created at a business unit, departmental level, or company affiliate. 

To access the Policy & Standards Library page, hover over the PrivacyCentral icon (1) on the navigation panel and select the My Policy & Standards (2) tab. You can also go to the Accountability Page and click the Manage Policy & Standards Library (3) button.

Accountability Mechanisms

You can add and manage Accountability Mechanisms (AMs) in the Accountability Mechanisms tab. Here, you can create new AMs based on existing mechanism categories or create a custom AM with a custom mechanism category. 

Add New  Accountability Mechanism  

To add new Accountability Mechanisms, follow these steps:

  1. Click on the Add Accountability Mechanism button, then select Add New Accountability Mechanism

  2. Fill out the Add Accountability Mechanism form. Asterisks [*] indicate required fields. All other fields are optional.

    1. Click Classify AMs to use AI in categorizing your AM.

      Step 1: Add URLs and files, then click Search to automatically search for AMs. 


      Step 2: Choose applicable AM sub categories.

    2. Manually select a category from the Mechanism Category drop-down menu.
    3. In the Applies To section, select where the accountability mechanism applies to. Based on user roles and permissions, select Organization Unit, Company Policy, or None
      1. At launch, the default category for all accountability mechanisms is the Organization Unit.
        NOTE: Business Unit users can create Accountability Mechanisms that are exclusive to their business unit and available to their organization. Hover over each entity to understand the hierarchy.
      2. The Privacy Admin defines accountability mechanisms as company policies. They are visible throughout the organization but cannot be edited by the Business Unit User. The applicable policies are displayed in the question modals and control effectiveness calculations.
      3. Selecting the None option keeps the accountability mechanisms in the Privacy Admin repository and accessible by the Account Admin only.
    4. Click Assign Icon to select an icon that best represents the Accountability Mechanism.
      NOTE: Each Accountability Mechanism preset category has its own set of default icons. So, if you do not select an icon from the list, then the application will display the default icons for the Accountability Mechanism category you have selected.
    5. Enter a Name for the Accountability Mechanism.
    6. Provide a Date as an effective date.
    7. Enter the Policy Owned/Updated Name of the person managing the Accountability Mechanism.
    8. Provide a description for the Accountability Mechanism in the Description field.
    9. Click Add URL to provide a link to the Accountability Mechanism
      NOTE: The URL must follow the standard naming convention and must be specified in all lower case. All APIs must be accessible via HTTPS. The standard naming convention is recommended for most websites.
      Example: https://dashboard.trustarc.com/accountability
    10. Drag and drop or browse files to upload attachments up to 25 Mb (9). Accepted file types include .pdf, .csv, .xls, .xlsx, .docx, .doc, .txt, .jpg, and .png
    11. Click Save

Repeat these steps to add more Accountability Mechanisms. When you are finished adding all of the new Accountability Mechanisms, click Submit. 

This will redirect you to the Accountability page. The new Accountability Mechanisms categories that were mapped to the Framework are then visible.

Add Custom Accountability Mechanism

When there is no out-of-the-box Accountability Mechanism in the library that meets your needs, creating a Custom Accountability Mechanism is recommended. 

The process for adding a custom Accountability Mechanism using existing categories is similar to that of creating a new Accountability Mechanism. The only distinctions are the following steps:

  1. Instead of selecting a Mechanism Category, you can create a Custom Category with your own title for the Accountability Mechanism category.
    NOTE: Custom categories have not yet been mapped into the intelligence engine, and the added custom Accountability Mechanism may not be factored into progress or control effectiveness calculations.
  2. You can also choose an appropriate Framework

  3. Then, you can repeat the process of adding a new Accountability Mechanism.

Add AM automatically using AI

When the Add AM automatically using AI option is selected, this displays the Add AM Automatically using AI modal where you have to agree to TrustArc’s AI terms and attach the file or URL as the evidence to automatically search and add AM using AI.

Manage Accountability Mechanisms

Navigate through the Policy & Standards Library page and manage your Accountability Mechanisms with the following functions:

  • Check your privacy program’s updates by clicking on Accountability in the breadcrumb trail.

  • Immediately search for an Accountability Mechanism using the Search bar (1), Filter (2) according to TrustArc Defined, Custom, or All Accountability Mechanisms in the repository, or Select Categories (3).

  • View and edit Accountability Mechanisms in a Grid or List view. 

In either grid or list view, you can modify, archive, or delete an Accountability Mechanism by hovering over a card/listed item and clicking on the corresponding icon.

NOTE: Accountability Mechanisms tagged as In Use cannot be deleted.

You can also click the In Use icon to view usage details for the Accountability Mechanism.

Here are the distinct features of each view:

  • Grid View

Drag and drop Accountability Mechanism cards to organize them to your preference.

  • List View

Sort and edit Accountability Mechanisms by clicking on a column heading (p). You can sort the list by Pillar, name of Accountability Mechanisms, Type, Effective Date, Description, Owned/Updated Name of the person managing the Accountability Mechanism, and Created Date. The sort is applied to all of the list’s columns.

NOTES

  • Accountability Mechanisms can be added or created in both views.
  • Newly-added and existing Accountability Mechanisms are typically placed at the top of the page in the Grid and List views.
  • Unarchive an Accountability Mechanism by going to the Archived library using the Archived option and clicking the Unarchive Accountability Mechanism icon.

  • Download a list of all Accountability Mechanisms as a .CSV file by clicking Download.

Evidence Library

The Evidence Library lists all evidence used in the selected org unit: including files and URLs attached to the AM, the questions, and the tasks. 

When two files are attached to the same AM, the list displays a row with two files, the same case applies for URLs.

When the AM has no file nor URL, the list displays a row with “-” in file and URL. When there are multiple AMs with no file & URL, display multiple rows with “-” in file & URL.

Expand the Filter panel to filter the Evidence Library list by Law and/or Org Unit.