• Security – Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the information or systems and affect a company’s ability to meet its objectives (think commitments).

  • Availability – Information and systems are available for the operation to meet the company’s objectives.

  • Confidentiality – Information designated as confidential is protected to meet the company’s objectives.

  • Processing Integrity – System processing is complete, valid, accurate, timely, and authorized to meet the company’s objectives.

  • Privacy – Personal information is collected, used, retained, disclosed, and disposed to meet the entity’s objectives.

Did this answer your question?