Confidentiality The confidentiality category addresses the agreements that service organizations have in place with their clients in regard to the use of their information, access to their information, and protection over their information. It ensures that the information designated as confidential is protected as agreed upon. The confidentiality category is especially important if a service organization has contractual obligations with clients or handles sensitive data like Personally Identifiable Information (PII) or Protected Health Information (PHI). The confidentiality category consists of the complete set of common criteria, as well the following additional criteria: • Does the service organization have procedures in place to identify and protect confidential information? • Does the service organization have procedures in place for proper disposal of confidential information?
6
Confidentiality