以上是数据保护评估审核通过的样子!
回归正题,本文简述一下账户维护系统的填写问题。
你是否设有维护帐户的系统(分配、撤销和审核权限和特权)?
第一次回答,选是,这个时候没有被要求上传证据,但是有概率会在下一次要求提供更多信息的时候被要求提供描述和证据,类似这样的:
In your Data Protection Assessment response you said that you have a system for maintaining accounts. But we need more information to determine whether you have implemented this protection in a way that meets our requirements. Please read the reviewer notes and the text below for instructions on what to do next. If we don’t receive a satisfactory response to this follow up, you will be in violation of this required protection. Reviewer notes
1) Policy/procedure evidence was missing, and
2) Implementation evidence was missing Policy/procedure evidence
Our review determined that your policy/procedure evidence was either missing or insufficient. You must respond with a written description of how you enact this protection for platform data. Your response must clearly explain how your approach relates to our requirements (https://developers.facebook.com/docs/development/maintaining-data-access/data-protection-assessment/data-security#reqs-maint-sys-user-acct): > You must have a tool or process for managing accounts used to communicate within your organization, to ship software, and to administer and operate your system > You must regularly review access grants and have a process for revoking access when it’s no longer required and when it’s no longer being used > You must have a process to promptly revoke access to these tools when a person departs your organization Implementation evidence Our review determined that your implementation evidence was either missing or insufficient. You must respond with one or more pieces of implementation evidence that illustrates how you have enacted this protection. It may help you to refer to examples of acceptable evidence (https://developers.facebook.com/docs/development/maintaining-data-access/data-protection-assessment/data-security#ex-maint-sys-user-acct) that we have included in our documentation. Remember to redact sensitive details from your evidence (https://developers.facebook.com/docs/development/maintaining-data-access/data-protection-assessment/data-security#redact-evidence) before uploading it to us.
大概意思是说,需要上传政策以及实施证据来表明你设有维护账户的系统。
主要分两类证据:
(1)政策/流程证据
包括PDF文档,以及圈出文档内核心的部分的截图
(2)实施/执行证据
你的账户维护系统的截图,可提供多个系统的截图(如果有)
“账户维护系统”这个问题也是相对比较容易一次通过的,至少在我自己的10几个应用以及客户的应用里,这个问题90%以上的概率都是一次回答就通过的。
联系邮箱: keysolutions@foxmail.com
