Compliance Justification Document (FTC v. Wyndham Worldwide Corp.)¶
Map controls to the stipulated order and assessment expectations.
Purpose¶
This mapping document shows how implemented controls satisfy obligations and expectations implicated by FTC v. Wyndham Worldwide Corp.. It is structured for audit and legal review, so each requirement is tied to implementation rationale, ownership, and verifiable artifacts rather than policy statements alone.
Control-to-order mapping (summary)¶
| Order theme (illustrative) | Control / evidence | Optional framework mapping |
|---|---|---|
| Comprehensive information security program | Approved program document; governance charter; risk assessments | PR.IP, ID.RA |
| Payment card data protection | CDE inventory; encryption and tokenization where applicable; access enforcement | PR.DS, PR.AC |
| Franchise/property connectivity risk | Network diagrams; firewall and routing standards; connection approvals | PR.AC, DE.CM |
| Logging and monitoring | Log inventory; retention; alerting and IR tickets | DE.CM, RS.AN |
| Assessments (PCI DSS–related per order) | Assessor reports; remediation tracking; management responses | CA.* |
| Recordkeeping and certifications | Document retention policy; certification process and sign-off records | GV.OC |
Document-type guide: Compliance Justification Document
Writing tips: Writing best practices — Compliance Justification Document