NIST Privacy Framework

The NIST Privacy Framework (PF) is a voluntary tool that can help you to identify and manage privacy risk and to bring privacy risk into parity with your broader enterprise risk portfolio. The framework is composed of three components: Core, Organisational Profiles, and Tiers. The "Framework Core" provides an increasingly granular set of activities and outcomes that enable organisational dialogue about managing privacy risk; "Organisational Profiles" are a selection of specific functions, categories, and subcategories from the Core that your organisation has prioritizsd to help manage privacy risk; and "Tiers" support communication about whether your organisation has sufficient processes and resources in place to manage privacy risk.

This framework follows the structure of the Framework for Improving Critical Infrastructure Cybersecurity to facilitate the use of both frameworks together.