Manage the Privacy Management library

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • The Privacy Management library consists of authority documents, citations, control objectives, policies, and [PI] Information objects that help to manage the privacy content.

    Authority documents

    Authority documents are the principles, guidelines, regulations, standards, and frameworks that organizations must comply with. Some examples of authority documents are:
    • Statutes (Bills or Acts)
    • Regulations
    • Audit Guidelines
    Organizations can either create the authority documents, citations, and control objectives or they can download and import them from a third-party provider such as the Network Frontiers Unified Compliance Framework (UCF). You can create and manage authority documents from Library > Authority documents in the List view of the Privacy Workspace.

    Citations

    Citations are records with the specific requirements cited by an authority document. A citation relates authority documents to its applicable controls. Each citation has control objectives. You can add citations to the Library from the List view of the Privacy Workspace.

    Policies

    Policies include control objectives. Policies can also be associated to authority documents. Policies are published and regularly updated with incremented versions. You can add policies to the Library from the List view of the Privacy Workspace.

    Risk statements

    Using risk statements you can create a central risk register to manage potential privacy risks that may occur any time and any where in an organization. You can add risk statements to the Library from the List view of the Privacy Workspace.

    Privacy assessments

    Privacy assessments are used to collect information from business owners. This information helps the privacy teams to understand how personal information (PI) is being used or stored in a processing activity.

    Risk assessments

    The risk assessments capability enables you to determine the organizational privacy risk posture using criticality and privacy risk assessments.

    PI Information objects

    [PI] Information objects refer to information objects that are of type Personal information. To understand the benefit of using information objects in the Privacy Management solution, refer to Information objects in Privacy Management. Maintaining a library of [PI] Information objects and associating them with the processing activities helps the privacy teams to understand what personal information (PI) is being processed by the processing activity.

    Only the information objects that are tagged with the Personal information tag are available to be added to a processing activity. For more information on how to tag information objects see, Classify information objects as personal information.