Discotheque Inc Compliance Program

Policy, Procedure, and Audit Status

This site consolidates all documents related to the Discotheque Inc Compliance Program


Control Tracking

Satisfied Controls

61

Total Controls

61

Procedure Tracking

Active Tickets

0

Oldest Ticket

0 days

Audit Tracking

Open Requests

0

Total Requests

0

Narratives provide an overview of the organization and the compliance environment.

Name Acronym PDF
Control Environment Narrative CEN JustDisco-CEN.pdf
Organizational Narrative ON JustDisco-ON.pdf
Products and Services Narrative PSN JustDisco-PSN.pdf
Security Architecture Narrative SEN JustDisco-SEN.pdf
System Architecture Narrative SAN JustDisco-SAN.pdf

Policies govern the behavior of Discotheque Inc employees and contractors.

Name Acronym PDF
Access Onboarding and Termination Policy AOTP JustDisco-AOTP.pdf
Application Security Policy ASP JustDisco-ASP.pdf
Availability Policy AP JustDisco-AP.pdf
System Change Policy SCP JustDisco-SCP.pdf
Data Classification Policy DCP JustDisco-DCP.pdf
Code of Conduct Policy COCP JustDisco-COCP.pdf
Confidentiality Policy CP JustDisco-CP.pdf
Business Continuity Policy BCP JustDisco-BCP.pdf
Cyber Risk Assessment Policy CRP JustDisco-CRP.pdf
Datacenter Policy DP JustDisco-DP.pdf
Software Development Lifecycle Policy SDLCP JustDisco-SDLCP.pdf
Disaster Recovery Policy DRP JustDisco-DRP.pdf
Encryption Policy EP JustDisco-EP.pdf
Security Incident Response Policy SIRP JustDisco-SIRP.pdf
Information Security Policy ISP JustDisco-ISP.pdf
Log Management Policy LMP JustDisco-LMP.pdf
Removable Media and Cloud Storage Policy MCP JustDisco-MCP.pdf
Office Security Policy OSP JustDisco-OSP.pdf
Password Policy PWP JustDisco-PWP.pdf
Policy Training Policy PTP JustDisco-PTP.pdf
Privacy Management Policy PMP JustDisco-PMP.pdf
Processing Integrity Policy PIP JustDisco-PIP.pdf
Remote Access Policy REAP JustDisco-REAP.pdf
Data Retention Policy RP JustDisco-RP.pdf
Risk Assessment Policy RIAP JustDisco-RIAP.pdf
Vendor Management Policy VMP JustDisco-VMP.pdf
Workstation Policy WP JustDisco-WP.pdf

Procedures prescribe specific steps that are taken in response to key events.

Name ID Schedule (cron format)
Offboard User offboard On demand
Onboard New User onboard On demand
Apply OS patches patch 0 0 0 15 * *
Collect Workstation Details workstation 0 0 0 15 4 *

Standards specify the controls satisfied by the compliance program.

Control Key Name Satisfied? Satisfied By
A1.1 Capacity Planning
The entity maintains, monitors, and evaluates current processing capacity and use of system components (infrastructure, data, and software) to manage capacity demand and to enable the implementation of additional capacity to help meet its objectives
Yes JustDisco-AP.pdf
A1.2 Backup and Recovery
The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives
Yes JustDisco-DRP.pdf
A1.3 Recovery Testing
The entity tests recovery plan procedures supporting system recovery to meet its objectives
Yes JustDisco-DRP.pdf
C1.1 Confidential Information Identification
The entity identifies and maintains confidential information to meet the entity’s objectives related to confidentiality
Yes JustDisco-CP.pdf
C1.2 Confidential Information Disposal
The entity disposes of confidential information to meet the entity’s objectives related to confidentiality.
Yes JustDisco-CP.pdf
CC1.1 Integrity and Ethics
The entity demonstrates a commitment to integrity and ethical values
Yes JustDisco-COCP.pdf
CC1.2 Board Independence
The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control
Yes JustDisco-ON.pdf JustDisco-RP.pdf
CC1.3 Organizational Structure
Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives
Yes JustDisco-ON.pdf
CC1.4 Hiring, Training and Retention
The entity demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives
Yes JustDisco-ON.pdf
CC1.5 Individual Accountability
The entity holds individuals accountable for their internal control responsibilities in the pursuit of objectives.
Yes JustDisco-ON.pdf
CC2.1 Use of Information Systems
The entity obtains or generates and uses relevant, quality information to support the functioning of internal control
Yes JustDisco-CEN.pdf
CC2.2 Use of Communication Systems, Internal
The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control
Yes JustDisco-CEN.pdf
CC2.3 Use of Communication Systems, External
The entity communicates with external parties regarding matters affecting the functioning of internal control
Yes JustDisco-CEN.pdf
CC3.1 Objectives
The entity specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives
Yes JustDisco-ON.pdf
CC3.2 Risk to Objectives
The entity identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed
Yes JustDisco-ON.pdf
CC3.3 Fraud Risk to Objectives
The entity considers the potential for fraud in assessing risks to the achievement of objectives
Yes JustDisco-ON.pdf
CC3.4 Impact of Changes
The entity identifies and assesses changes that could significantly impact the system of internal control
Yes JustDisco-SCP.pdf
CC4.1 Monitoring
The entity selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning
Yes JustDisco-CEN.pdf
CC4.2 Remediation
The entity evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate
Yes JustDisco-CEN.pdf
CC5.1 Objective Risk Mitigation
The entity selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels
Yes JustDisco-CEN.pdf
CC5.2 Technology Controls
The entity also selects and develops general control activities over technology to support the achievement of objectives
Yes JustDisco-CEN.pdf
CC5.3 Established Policies
The entity deploys control activities through policies that establish what is expected and in procedures that put policies into action
Yes JustDisco-CEN.pdf
CC6.1 Logical Access
The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity’s objectives
Yes JustDisco-AOTP.pdf JustDisco-REAP.pdf
CC6.2 User Access
Prior to issuing system credentials and granting system access, the entity registers and authorizes new internal and external users whose access is administered by the entity. For those users whose access is administered by the entity, user system credentials are removed when user access is no longer authorized
Yes JustDisco-AOTP.pdf JustDisco-ASP.pdf JustDisco-REAP.pdf
CC6.3 Role-Based Access
The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design and changes, giving consideration to the concepts of least privilege and segregation of duties, to meet the entity’s objectives
Yes JustDisco-AOTP.pdf
CC6.4 Physical Access
The entity restricts physical access to facilities and protected information assets (for example, data center facilities, back-up media storage, and other sensitive locations) to authorized personnel to meet the entity’s objectives
Yes JustDisco-DP.pdf JustDisco-OSP.pdf
CC6.5 Data Disposal
The entity discontinues logical and physical protections over physical assets only after the ability to read or recover data and software from those assets has been diminished and is no longer required to meet the entity’s objectives
Yes JustDisco-RP.pdf
CC6.6 External Threats
The entity implements logical access security measures to protect against threats from sources outside its system boundaries
Yes JustDisco-SEN.pdf
CC6.7 Data Custody and Transmission
The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission, movement, or removal to meet the entity’s objectives
Yes JustDisco-SEN.pdf JustDisco-MCP.pdf JustDisco-REAP.pdf
CC6.8 Malware Detection
The entity implements controls to prevent or detect and act upon the introduction of unauthorized or malicious software to meet the entity’s objectives
Yes JustDisco-WP.pdf
CC7.1 Vulnerability Detection
To meet its objectives, the entity uses detection and monitoring procedures to identify (1) changes to configurations that result in the introduction of new vulnerabilities, and (2) susceptibilities to newly discovered vulnerabilities
Yes JustDisco-SEN.pdf
CC7.2 Anomaly Detection
The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity’s ability to meet its objectives; anomalies are analyzed to determine whether they represent security events
Yes JustDisco-SEN.pdf JustDisco-LMP.pdf
CC7.3 Security Incident Evaluation
The entity evaluates security events to determine whether they could or have resulted in a failure of the entity to meet its objectives (security incidents) and, if so, takes actions to prevent or address such failures
Yes JustDisco-SIRP.pdf
CC7.4 Security Incident Response Plan
The entity responds to identified security incidents by executing a defined incident response program to understand, contain, remediate, and communicate security incidents, as appropriate
Yes JustDisco-SIRP.pdf
CC7.5 Security Incident Response Execution
The entity identifies, develops, and implements activities to recover from identified security incidents
Yes JustDisco-SIRP.pdf
CC8.1 Change Control
The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives
Yes JustDisco-SCP.pdf JustDisco-SDLCP.pdf
CC9.1 Disruption Risk Mitigation
The entity identifies, selects, and develops risk mitigation activities for risks arising from potential business disruptions
Yes JustDisco-AP.pdf JustDisco-BCP.pdf JustDisco-CRP.pdf JustDisco-RIAP.pdf
CC9.2 Vendor Risk Management
The entity assesses and manages risks associated with vendors and business partners
Yes JustDisco-VMP.pdf
P1.1 Privacy Notification
The entity provides notice to data subjects about its privacy practices to meet the entity’s objectives related to privacy. The notice is updated and communicated to data subjects in a timely manner for changes to the entity’s privacy practices, including changes in the use of personal information, to meet the entity’s objectives related to privacy
Yes JustDisco-PMP.pdf
P2.1 Privacy Consent and Choice
The entity communicates choices available regarding the collection, use, retention, disclosure, and disposal of personal information to the data subjects and the consequences, if any, of each choice. Explicit consent for the collection, use, retention, disclosure, and disposal of personal information is obtained from data subjects or other authorized persons, if required. Such consent is obtained only for the intended purpose of the information to meet the entity’s objectives related to privacy. The entity’s basis for determining implicit consent for the collection, use, retention, disclosure, and disposal of personal information is documented
Yes JustDisco-PMP.pdf
P3.1 Personal Information Collection
Personal information is collected consistent with the entity’s objectives related to privacy
Yes JustDisco-PMP.pdf
P3.2 Explicit Consent
For information requiring explicit consent, the entity communicates the need for such consent, as well as the consequences of a failure to provide consent for the request for personal information, and obtains the consent prior to the collection of the information to meet the entity’s objectives related to privacy
Yes JustDisco-PMP.pdf
P4.1 Proper Use of Personal Information
The entity limits the use of personal information to the purposes identified in the entity’s objectives related to privacy
Yes JustDisco-PMP.pdf
P4.2 Personal Information Retention
The entity retains personal information consistent with the entity’s objectives related to privacy
Yes JustDisco-PMP.pdf JustDisco-RP.pdf
P4.3 Personal Information Disposal
The entity securely disposes of personal information to meet the entity’s objectives related to privacy
Yes JustDisco-PMP.pdf
P5.1 Data Subject Access
The entity grants identified and authenticated data subjects the ability to access their stored personal information for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity’s objectives related to privacy. If access is denied, data subjects are informed of the denial and reason for such denial, as required, to meet the entity’s objectives related to privacy
Yes JustDisco-PMP.pdf
P5.2 Data Subject Amendment
The entity corrects, amends, or appends personal information based on information provided by data subjects and communicates such information to third parties, as committed or required, to meet the entity’s objectives related to privacy. If a request for correction is denied, data subjects are informed of the denial and reason for such denial to meet the entity’s objectives related to privacy
Yes JustDisco-PMP.pdf
P6.1 Consent for Third Party Disclosure
The entity discloses personal information to third parties with the explicit consent of data subjects, and such consent is obtained prior to disclosure to meet the entity’s objectives related to privacy
Yes JustDisco-PMP.pdf
P6.2 Authorized Disclosures
The entity creates and retains a complete, accurate, and timely record of authorized disclosures of personal information to meet the entity’s objectives related to privacy
Yes JustDisco-PMP.pdf
P6.3 Unauthorized Disclosures
The entity creates and retains a complete, accurate, and timely record of detected or reported unauthorized disclosures (including breaches) of personal information to meet the entity’s objectives related to privacy
Yes JustDisco-PMP.pdf
P6.4 Appropriate Third Party Disclosure
The entity obtains privacy commitments from vendors and other third parties who have access to personal information to meet the entity’s objectives related to privacy. The entity assesses those parties’ compliance on a periodic and as-needed basis and takes corrective action, if necessary
Yes JustDisco-PMP.pdf
P6.5 Unauthorized Third Party Disclosure
The entity obtains commitments from vendors and other third parties with access to personal information to notify the entity in the event of actual or suspected unauthorized disclosures of personal information. Such notifications are reported to appropriate personnel and acted on in accordance with established incident response procedures to meet the entity’s objectives related to privacy
Yes JustDisco-PMP.pdf
P6.6 Notification of Unauthorized Third Party Disclosure
The entity provides notification of breaches and incidents to affected data subjects, regulators, and others to meet the entity’s objectives related to privacy
Yes JustDisco-PMP.pdf
P6.7 Accounting of Personal Information
The entity provides data subjects with an accounting of the personal information held and disclosure of the data subjects’ personal information, upon the data subjects’ request, to meet the entity’s objectives related to privacy
Yes JustDisco-PMP.pdf
P7.1 Accuracy of Personal Information
The entity collects and maintains accurate, up-to-date, complete, and relevant personal information to meet the entity’s objectives related to privacy
Yes JustDisco-PMP.pdf
P8.1 Personal Information Dispute Resolution
The entity implements a process for receiving, addressing, resolving, and communicating the resolution of inquiries, complaints, and disputes from data subjects and others and periodically monitors compliance to meet the entity’s objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner
Yes JustDisco-PMP.pdf
PI1.1 Processing Integrity Monitoring
The entity obtains or generates, uses, and communicates relevant, quality information regarding the objectives related to processing, including de nitions of data processed and product and service speci cations, to support the use of products and services
Yes JustDisco-PIP.pdf
PI1.2 Processing Integrity Accuracy
The entity implements policies and procedures over system inputs, including controls over completeness and accuracy, to result in products, services, and reporting to meet the entity’s objectives
Yes JustDisco-PIP.pdf
PI1.3 Processing Integrity Operations
The entity implements policies and procedures over system processing to result in products, services, and reporting to meet the entity’s objectives
Yes JustDisco-PIP.pdf
PI1.4 Processing Integrity Outputs
The entity implements policies and procedures to make available or deliver output completely, accurately, and timely in accordance with speci cations to meet the entity’s objectives
Yes JustDisco-PIP.pdf
PI1.5 Processing Integrity Backups
The entity implements policies and procedures to store inputs, items in processing, and outputs completely, accurately, and timely in accordance with system speci cations to meet the entity’s objectives
Yes JustDisco-PIP.pdf