Fixes SCF parentheses

alsmola · Apr 6, 2024 · be04b2d · be04b2d
1 parent da1413c
commit be04b2d
Show file tree

Hide file tree

Showing 150 changed files with 315 additions and 315 deletions.
diff --git a/gdpr/art11.md b/gdpr/art11.md
@@ -6,7 +6,7 @@
 If the purposes for which a controller processes personal data do not or do no longer require the identification of a data subject by the controller, the controller shall not be obliged to maintain, acquire or process additional information in order to identify the data subject for the sole purpose of complying with this Regulation.
 
 ### Mapped SCF controls
-- [IAC-09.6 - Pairwise Pseudonymous Identifiers (PPID)](../scf/iac-096-pairwisepseudonymousidentifiers(ppid).md)
+- [IAC-09.6 - Pairwise Pseudonymous Identifiers (PPID)](../scf/iac-096-pairwisepseudonymousidentifiersppid.md)
 - [PRI-05.1 - Internal Use of Personal Data For Testing, Training and Research](../scf/pri-051-internaluseofpersonaldatafortesting,trainingandresearch.md)
 - [PRI-05.4 - Usage Restrictions of Sensitive Personal Data](../scf/pri-054-usagerestrictionsofsensitivepersonaldata.md)
 

diff --git a/gdpr/art12.md b/gdpr/art12.md
@@ -21,7 +21,7 @@ The controller shall facilitate the exercise of data subject rights under Articl
 The controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
 
 ### Mapped SCF controls
-- [DCH-22.1 - Updating & Correcting Personal Data (PD)](../scf/dch-221-updating&correctingpersonaldata(pd).md)
+- [DCH-22.1 - Updating & Correcting Personal Data (PD)](../scf/dch-221-updating&correctingpersonaldatapd.md)
 - [PRI-03.1 - Tailored Consent](../scf/pri-031-tailoredconsent.md)
 - [PRI-03.2 - Just-In-Time Notice & Updated Consent](../scf/pri-032-just-in-timenotice&updatedconsent.md)
 - [PRI-06.1 - Correcting Inaccurate Personal Data](../scf/pri-061-correctinginaccuratepersonaldata.md)

diff --git a/gdpr/art14.md b/gdpr/art14.md
@@ -26,7 +26,7 @@ In addition to the information referred to in paragraph 1, the controller shall
 (g) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
 
 ### Mapped SCF controls
-- [DCH-22.1 - Updating & Correcting Personal Data (PD)](../scf/dch-221-updating&correctingpersonaldata(pd).md)
+- [DCH-22.1 - Updating & Correcting Personal Data (PD)](../scf/dch-221-updating&correctingpersonaldatapd.md)
 - [PRI-02 - Data Privacy Notice](../scf/pri-02-dataprivacynotice.md)
 - [PRI-02.1 - Purpose Specification](../scf/pri-021-purposespecification.md)
 - [PRI-02.2 - Automated Data Management Processes](../scf/pri-022-automateddatamanagementprocesses.md)

diff --git a/gdpr/art18.md b/gdpr/art18.md
@@ -10,7 +10,7 @@ The data subject shall have the right to obtain from the controller restriction
 (d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
 
 ### Mapped SCF controls
-- [DCH-22.1 - Updating & Correcting Personal Data (PD)](../scf/dch-221-updating&correctingpersonaldata(pd).md)
+- [DCH-22.1 - Updating & Correcting Personal Data (PD)](../scf/dch-221-updating&correctingpersonaldatapd.md)
 - [PRI-05 - Personal Data Retention & Disposal](../scf/pri-05-personaldataretention&disposal.md)
 - [PRI-05.1 - Internal Use of Personal Data For Testing, Training and Research](../scf/pri-051-internaluseofpersonaldatafortesting,trainingandresearch.md)
 - [PRI-05.4 - Usage Restrictions of Sensitive Personal Data](../scf/pri-054-usagerestrictionsofsensitivepersonaldata.md)

diff --git a/gdpr/art26.md b/gdpr/art26.md
@@ -28,7 +28,7 @@ The arrangement referred to in paragraph 1 shall duly reflect the respective rol
 Irrespective of the terms of the arrangement referred to in paragraph 1, the data subject may exercise his or her rights under this Regulation in respect of and against each of the controllers.
 
 ### Mapped SCF controls
-- [DCH-22.1 - Updating & Correcting Personal Data (PD)](../scf/dch-221-updating&correctingpersonaldata(pd).md)
+- [DCH-22.1 - Updating & Correcting Personal Data (PD)](../scf/dch-221-updating&correctingpersonaldatapd.md)
 - [PRI-06 - Data Subject Access](../scf/pri-06-datasubjectaccess.md)
 - [PRI-06.1 - Correcting Inaccurate Personal Data](../scf/pri-061-correctinginaccuratepersonaldata.md)
 - [PRI-06.2 - Notice of Correction or Processing Change](../scf/pri-062-noticeofcorrectionorprocessingchange.md)

diff --git a/gdpr/art30.md b/gdpr/art30.md
@@ -13,7 +13,7 @@ Each controller and, where applicable, the controller's representative, shall ma
 (g) where possible, a general description of the technical and organisational security measures referred to in Article 32(1).
 
 ### Mapped SCF controls
-- [AST-04 - Network Diagrams & Data Flow Diagrams (DFDs)](../scf/ast-04-networkdiagrams&dataflowdiagrams(dfds).md)
+- [AST-04 - Network Diagrams & Data Flow Diagrams (DFDs)](../scf/ast-04-networkdiagrams&dataflowdiagramsdfds.md)
 - [PRI-09 - Personal Data Lineage](../scf/pri-09-personaldatalineage.md)
 - [PRI-13 - Data Management Board](../scf/pri-13-datamanagementboard.md)
 - [PRI-14.1 - Accounting of Disclosures](../scf/pri-141-accountingofdisclosures.md)
@@ -26,7 +26,7 @@ Each processor and, where applicable, the processor's representative shall maint
 (d) where possible, a general description of the technical and organisational security measures referred to in Article 32(1).
 
 ### Mapped SCF controls
-- [AST-04 - Network Diagrams & Data Flow Diagrams (DFDs)](../scf/ast-04-networkdiagrams&dataflowdiagrams(dfds).md)
+- [AST-04 - Network Diagrams & Data Flow Diagrams (DFDs)](../scf/ast-04-networkdiagrams&dataflowdiagramsdfds.md)
 - [PRI-09 - Personal Data Lineage](../scf/pri-09-personaldatalineage.md)
 - [PRI-13 - Data Management Board](../scf/pri-13-datamanagementboard.md)
 - [PRI-14.1 - Accounting of Disclosures](../scf/pri-141-accountingofdisclosures.md)
@@ -35,7 +35,7 @@ Each processor and, where applicable, the processor's representative shall maint
 The records referred to in paragraphs 1 and 2 shall be in writing, including in electronic form.
 
 ### Mapped SCF controls
-- [AST-04 - Network Diagrams & Data Flow Diagrams (DFDs)](../scf/ast-04-networkdiagrams&dataflowdiagrams(dfds).md)
+- [AST-04 - Network Diagrams & Data Flow Diagrams (DFDs)](../scf/ast-04-networkdiagrams&dataflowdiagramsdfds.md)
 - [PRI-09 - Personal Data Lineage](../scf/pri-09-personaldatalineage.md)
 - [PRI-13 - Data Management Board](../scf/pri-13-datamanagementboard.md)
 - [PRI-14.1 - Accounting of Disclosures](../scf/pri-141-accountingofdisclosures.md)
@@ -44,7 +44,7 @@ The records referred to in paragraphs 1 and 2 shall be in writing, including in
 The controller or the processor and, where applicable, the controller's or the processor's representative, shall make the record available to the supervisory authority on request.
 
 ### Mapped SCF controls
-- [AST-04 - Network Diagrams & Data Flow Diagrams (DFDs)](../scf/ast-04-networkdiagrams&dataflowdiagrams(dfds).md)
+- [AST-04 - Network Diagrams & Data Flow Diagrams (DFDs)](../scf/ast-04-networkdiagrams&dataflowdiagramsdfds.md)
 - [PRI-09 - Personal Data Lineage](../scf/pri-09-personaldatalineage.md)
 - [PRI-13 - Data Management Board](../scf/pri-13-datamanagementboard.md)
 - [PRI-14.1 - Accounting of Disclosures](../scf/pri-141-accountingofdisclosures.md)
@@ -54,7 +54,7 @@ The controller or the processor and, where applicable, the controller's or the p
 The obligations referred to in paragraphs 1 and 2 shall not apply to an enterprise or an organisation employing fewer than 250 persons unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data as referred to in Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10.
 
 ### Mapped SCF controls
-- [AST-04 - Network Diagrams & Data Flow Diagrams (DFDs)](../scf/ast-04-networkdiagrams&dataflowdiagrams(dfds).md)
+- [AST-04 - Network Diagrams & Data Flow Diagrams (DFDs)](../scf/ast-04-networkdiagrams&dataflowdiagramsdfds.md)
 - [PRI-09 - Personal Data Lineage](../scf/pri-09-personaldatalineage.md)
 - [PRI-13 - Data Management Board](../scf/pri-13-datamanagementboard.md)
 - [PRI-14.1 - Accounting of Disclosures](../scf/pri-141-accountingofdisclosures.md)

diff --git a/gdpr/art32.md b/gdpr/art32.md
@@ -11,7 +11,7 @@ Taking into account the state of the art, the costs of implementation and the na
 
 ### Mapped SCF controls
 - [AST-01 - Asset Governance](../scf/ast-01-assetgovernance.md)
-- [BCD-01 - Business Continuity Management System (BCMS)](../scf/bcd-01-businesscontinuitymanagementsystem(bcms).md)
+- [BCD-01 - Business Continuity Management System (BCMS)](../scf/bcd-01-businesscontinuitymanagementsystembcms.md)
 - [CAP-01 - Capacity & Performance Management](../scf/cap-01-capacity&performancemanagement.md)
 - [CFG-01 - Configuration Management Program](../scf/cfg-01-configurationmanagementprogram.md)
 - [CHG-01 - Change Management Program](../scf/chg-01-changemanagementprogram.md)
@@ -26,12 +26,12 @@ Taking into account the state of the art, the costs of implementation and the na
 - [GOV-03 - Periodic Review & Update of Cybersecurity & Data Protection Program](../scf/gov-03-periodicreview&updateofcybersecurity&dataprotectionprogram.md)
 - [HRS-01 - Human Resources Security Management](../scf/hrs-01-humanresourcessecuritymanagement.md)
 - [HRS-04 - Personnel Screening](../scf/hrs-04-personnelscreening.md)
-- [IAC-01 - Identity & Access Management (IAM)](../scf/iac-01-identity&accessmanagement(iam).md)
-- [IAO-01 - Information Assurance (IA) Operations](../scf/iao-01-informationassurance(ia)operations.md)
+- [IAC-01 - Identity & Access Management (IAM)](../scf/iac-01-identity&accessmanagementiam.md)
+- [IAO-01 - Information Assurance (IA) Operations](../scf/iao-01-informationassuranceiaoperations.md)
 - [IRO-01 - Incident Response Operations](../scf/iro-01-incidentresponseoperations.md)
 - [MNT-01 - Maintenance Operations](../scf/mnt-01-maintenanceoperations.md)
 - [MON-01 - Continuous Monitoring](../scf/mon-01-continuousmonitoring.md)
-- [NET-01 - Network Security Controls (NSC)](../scf/net-01-networksecuritycontrols(nsc).md)
+- [NET-01 - Network Security Controls (NSC)](../scf/net-01-networksecuritycontrolsnsc.md)
 - [OPS-01 - Operations Security](../scf/ops-01-operationssecurity.md)
 - [PES-01 - Physical & Environmental Protections](../scf/pes-01-physical&environmentalprotections.md)
 - [PRI-01 - Data Privacy Program](../scf/pri-01-dataprivacyprogram.md)
@@ -44,16 +44,16 @@ Taking into account the state of the art, the costs of implementation and the na
 - [TDA-01 - Technology Development & Acquisition](../scf/tda-01-technologydevelopment&acquisition.md)
 - [THR-01 - Threat Intelligence Program](../scf/thr-01-threatintelligenceprogram.md)
 - [TPM-01 - Third-Party Management](../scf/tpm-01-third-partymanagement.md)
-- [VPM-01 - Vulnerability & Patch Management Program (VPMP)](../scf/vpm-01-vulnerability&patchmanagementprogram(vpmp).md)
+- [VPM-01 - Vulnerability & Patch Management Program (VPMP)](../scf/vpm-01-vulnerability&patchmanagementprogramvpmp.md)
 - [WEB-01 - Web Security](../scf/web-01-websecurity.md)
-- [WEB-02 - Use of Demilitarized Zones (DMZ)](../scf/web-02-useofdemilitarizedzones(dmz).md)
+- [WEB-02 - Use of Demilitarized Zones (DMZ)](../scf/web-02-useofdemilitarizedzonesdmz.md)
 
 ## Article 32.2
 In assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
 
 ### Mapped SCF controls
 - [AST-01 - Asset Governance](../scf/ast-01-assetgovernance.md)
-- [BCD-01 - Business Continuity Management System (BCMS)](../scf/bcd-01-businesscontinuitymanagementsystem(bcms).md)
+- [BCD-01 - Business Continuity Management System (BCMS)](../scf/bcd-01-businesscontinuitymanagementsystembcms.md)
 - [CAP-01 - Capacity & Performance Management](../scf/cap-01-capacity&performancemanagement.md)
 - [CFG-01 - Configuration Management Program](../scf/cfg-01-configurationmanagementprogram.md)
 - [CHG-01 - Change Management Program](../scf/chg-01-changemanagementprogram.md)
@@ -68,12 +68,12 @@ In assessing the appropriate level of security account shall be taken in particu
 - [GOV-03 - Periodic Review & Update of Cybersecurity & Data Protection Program](../scf/gov-03-periodicreview&updateofcybersecurity&dataprotectionprogram.md)
 - [HRS-01 - Human Resources Security Management](../scf/hrs-01-humanresourcessecuritymanagement.md)
 - [HRS-04 - Personnel Screening](../scf/hrs-04-personnelscreening.md)
-- [IAC-01 - Identity & Access Management (IAM)](../scf/iac-01-identity&accessmanagement(iam).md)
-- [IAO-01 - Information Assurance (IA) Operations](../scf/iao-01-informationassurance(ia)operations.md)
+- [IAC-01 - Identity & Access Management (IAM)](../scf/iac-01-identity&accessmanagementiam.md)
+- [IAO-01 - Information Assurance (IA) Operations](../scf/iao-01-informationassuranceiaoperations.md)
 - [IRO-01 - Incident Response Operations](../scf/iro-01-incidentresponseoperations.md)
 - [MNT-01 - Maintenance Operations](../scf/mnt-01-maintenanceoperations.md)
 - [MON-01 - Continuous Monitoring](../scf/mon-01-continuousmonitoring.md)
-- [NET-01 - Network Security Controls (NSC)](../scf/net-01-networksecuritycontrols(nsc).md)
+- [NET-01 - Network Security Controls (NSC)](../scf/net-01-networksecuritycontrolsnsc.md)
 - [OPS-01 - Operations Security](../scf/ops-01-operationssecurity.md)
 - [PES-01 - Physical & Environmental Protections](../scf/pes-01-physical&environmentalprotections.md)
 - [PRI-01 - Data Privacy Program](../scf/pri-01-dataprivacyprogram.md)
@@ -86,9 +86,9 @@ In assessing the appropriate level of security account shall be taken in particu
 - [TDA-01 - Technology Development & Acquisition](../scf/tda-01-technologydevelopment&acquisition.md)
 - [THR-01 - Threat Intelligence Program](../scf/thr-01-threatintelligenceprogram.md)
 - [TPM-01 - Third-Party Management](../scf/tpm-01-third-partymanagement.md)
-- [VPM-01 - Vulnerability & Patch Management Program (VPMP)](../scf/vpm-01-vulnerability&patchmanagementprogram(vpmp).md)
+- [VPM-01 - Vulnerability & Patch Management Program (VPMP)](../scf/vpm-01-vulnerability&patchmanagementprogramvpmp.md)
 - [WEB-01 - Web Security](../scf/web-01-websecurity.md)
-- [WEB-02 - Use of Demilitarized Zones (DMZ)](../scf/web-02-useofdemilitarizedzones(dmz).md)
+- [WEB-02 - Use of Demilitarized Zones (DMZ)](../scf/web-02-useofdemilitarizedzonesdmz.md)
 
 ## Article 32.3
 Adherence to an approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 may be used as an element by which to demonstrate compliance with the requirements set out in paragraph 1 of this Article.
@@ -99,7 +99,7 @@ Adherence to an approved code of conduct as referred to in Article 40 or an appr
 - [GOV-01 - Cybersecurity & Data Protection Governance Program](../scf/gov-01-cybersecurity&dataprotectiongovernanceprogram.md)
 - [GOV-02 - Publishing Cybersecurity & Data Protection Documentation](../scf/gov-02-publishingcybersecurity&dataprotectiondocumentation.md)
 - [GOV-03 - Periodic Review & Update of Cybersecurity & Data Protection Program](../scf/gov-03-periodicreview&updateofcybersecurity&dataprotectionprogram.md)
-- [IAO-01 - Information Assurance (IA) Operations](../scf/iao-01-informationassurance(ia)operations.md)
+- [IAO-01 - Information Assurance (IA) Operations](../scf/iao-01-informationassuranceiaoperations.md)
 - [PRI-01 - Data Privacy Program](../scf/pri-01-dataprivacyprogram.md)
 
 ## Article 32.4

diff --git a/gdpr/art34.md b/gdpr/art34.md
@@ -6,15 +6,15 @@
 When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
 
 ### Mapped SCF controls
-- [IRO-07 - Integrated Security Incident Response Team (ISIRT)](../scf/iro-07-integratedsecurityincidentresponseteam(isirt).md)
+- [IRO-07 - Integrated Security Incident Response Team (ISIRT)](../scf/iro-07-integratedsecurityincidentresponseteamisirt.md)
 - [IRO-10 - Incident Stakeholder Reporting](../scf/iro-10-incidentstakeholderreporting.md)
 - [IRO-11.2 - Coordination With External Providers](../scf/iro-112-coordinationwithexternalproviders.md)
 
 ## Article 34.2
 The communication to the data subject referred to in paragraph 1 of this Article shall describe in clear and plain language the nature of the personal data breach and contain at least the information and measures referred to in points (b) , (c)  and (d)  of Article 33(3).
 
 ### Mapped SCF controls
-- [IRO-07 - Integrated Security Incident Response Team (ISIRT)](../scf/iro-07-integratedsecurityincidentresponseteam(isirt).md)
+- [IRO-07 - Integrated Security Incident Response Team (ISIRT)](../scf/iro-07-integratedsecurityincidentresponseteamisirt.md)
 - [IRO-10 - Incident Stakeholder Reporting](../scf/iro-10-incidentstakeholderreporting.md)
 - [IRO-11.2 - Coordination With External Providers](../scf/iro-112-coordinationwithexternalproviders.md)
 
@@ -25,7 +25,7 @@ The communication to the data subject referred to in paragraph 1 shall not be r
 (c) it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.
 
 ### Mapped SCF controls
-- [IRO-07 - Integrated Security Incident Response Team (ISIRT)](../scf/iro-07-integratedsecurityincidentresponseteam(isirt).md)
+- [IRO-07 - Integrated Security Incident Response Team (ISIRT)](../scf/iro-07-integratedsecurityincidentresponseteamisirt.md)
 - [IRO-10 - Incident Stakeholder Reporting](../scf/iro-10-incidentstakeholderreporting.md)
 - [IRO-11.2 - Coordination With External Providers](../scf/iro-112-coordinationwithexternalproviders.md)
 
@@ -35,7 +35,7 @@ If the controller has not already communicated the personal data breach to the d
 <span class="bold"><span class="expanded">Data protection impact assessment and prior consultation
 
 ### Mapped SCF controls
-- [IRO-07 - Integrated Security Incident Response Team (ISIRT)](../scf/iro-07-integratedsecurityincidentresponseteam(isirt).md)
+- [IRO-07 - Integrated Security Incident Response Team (ISIRT)](../scf/iro-07-integratedsecurityincidentresponseteamisirt.md)
 - [IRO-10 - Incident Stakeholder Reporting](../scf/iro-10-incidentstakeholderreporting.md)
 - [IRO-11.2 - Coordination With External Providers](../scf/iro-112-coordinationwithexternalproviders.md)