If you’re used to working with a specific GDPR framework control, you can use this guide to identify its corresponding Unified Control.
For more information, and to view other framework control maps, visit Unified Controls FAQ.
GDPR Control | Unified Control |
CA-01-GDPR Assessment, Authorization, and Monitoring Policy and Procedures | CTRL-814 System Integrity Policy and Procedures |
CA-01-GDPR Assessment, Authorization, and Monitoring Policy and Procedures | CTRL-814 System Integrity Policy and Procedures |
CA-02-GDPR Control Assessments | CTRL-149 Control Assessments |
CA-03-GDPR Third-Party Agreements | CTRL-1164 Agreements for Data Processing |
CP-01-GDPR Contingency Planning Policy and Procedures | CTRL-264 Contingency Plan |
CP-01-GDPR Contingency Planning Policy and Procedures | CTRL-264 Contingency Plan |
CP-02-GDPR Contingency Plan (BCP/DR) | CTRL-264 Contingency Plan |
IR-01-GDPR Incident Response Policy and Procedures | CTRL-423 Incident Response Plan |
IR-01-GDPR Incident Response Policy and Procedures | CTRL-423 Incident Response Plan |
IR-04-GDPR Incident Handling and Reporting | CTRL-423 Incident Response Plan |
PM-01-GDPR Information Security Program Management Policy and Procedures | CTRL-431 Information Security Policy and Procedures |
PM-01-GDPR Information Security Program Management Policy and Procedures | CTRL-431 Information Security Policy and Procedures |
PM-19-GDPR Privacy Program Leadership | CTRL-1139 Designated Privacy Representative |
PM-21-GDPR Records of PII Disclosure | CTRL-1148 Authorized and Unauthorized Disclosures of Personal Data |
PM-22-GDPR PII Quality and Communication Management | CTRL-1160 Personal Information Completeness and Accuracy |
PT-01-GDPR Privacy Policy and Procedures | CTRL-622 Privacy Policy and Procedures |
PT-02-GDPR Authority to Process PII | CTRL-1146 Privacy Notice |
PT-02(02)-GDPR Automated Decisions for PII | CTRL-1172 Automated Decision-Making |
PT-03-GDPR PII Processing Purposes | CTRL-622 Privacy Policy and Procedures |
PT-04-GDPR Consent to Process PII | CTRL-1146 Privacy Notice |
PT-05-GDPR Privacy Notice for PII | CTRL-1146 Privacy Notice |
PT-07-GDPR Specific Categories of PII | CTRL-1142 Obtaining, Recording, and Revoking Consent |
RA-01-GDPR Risk Assessment Policy and Procedures | CTRL-643 Risk Assessment Policy and Procedures |
RA-01-GDPR Risk Assessment Policy and Procedures | CTRL-643 Risk Assessment Policy and Procedures |
RA-08-GDPR Privacy Impact Assessments | CTRL-1149 Data Protection Impact Assessment |
SA-01-GDPR System Development Life Cycle (SDLC) Policy and Procedures | CTRL-112 Encryption of Data at Rest and in Transit |
SA-01-GDPR System Development Life Cycle (SDLC) Policy and Procedures | CTRL-112 Encryption of Data at Rest and in Transit |
SA-08-GDPR Security and Privacy Engineering Principles | CTRL-112 Encryption of Data at Rest and in Transit |
SC-01-GDPR System Protection Policy and Procedures | CTRL-932 System Protection Policy and Procedures |
SC-01-GDPR System Protection Policy and Procedures | CTRL-932 System Protection Policy and Procedures |
SC-08-GDPR Transmission Confidentiality and Integrity | CTRL-112 Encryption of Data at Rest and in Transit |
SI-01-GDPR System Integrity Policy and Procedures | CTRL-814 System Integrity Policy and Procedures |
SI-01-GDPR System Integrity Policy and Procedures | CTRL-814 System Integrity Policy and Procedures |
SI-03-GDPR Malware and Endpoint Protection | CTRL-822 Malicious Code Protection |
SI-12-GDPR Data Handling, Retention, and Disposal | CTRL-896 Information Management and Retention |
Viewing Framework Controls in Thoropass
You can view the framework requirements satisfied by a Unified Control by clicking References on the side panel when viewing the Unified Control.
The IDs and names of all framework controls satisfied by the Unified Control are listed by framework. Click a framework control to view its description.
