Acceptance criteria
| Criterion | Required | Status |
|---|---|---|
| DPIA signed by DPO | Yes | Met |
| Mitigation plan attached | Yes | Met |
| Residual privacy risk accepted | Yes | Met |
| Review renewal date set | Yes | Due in 180 days |
Evidence & Audit Trail
Evidence must be a governed record with identity, source, version, reviewer, acceptance criteria, expiry, linked controls, linked obligations, and audit reference.
EV-HR-001
DPIA Approval - HR Screening Assistant
Accepted privacy impact assessment for HR-AI-001. Linked to personal-data obligation, DPIA control, pilot approval gate, and audit pack.
Evidence IDEV-HR-001
Linked use caseHR-AI-001 Screening Assistant
Source systemSharePoint Evidence Store
Versionv1.3
ReviewerDPO Office
StatusAccepted
Linked obligationOBL-PRIV-02
Linked controlCTRL-DPIA-01
Expiry180 days
Evidence quality rules
Evidence should not count toward readiness unless it has a source, reviewer, acceptance criteria, linked obligation/control, version, timestamp, and expiry/renewal treatment.
| Status | Meaning | Counts toward readiness? |
|---|---|---|
| Accepted | Reviewed and accepted against criteria. | Yes |
| Conditional | Accepted with explicit conditions or time-bound remediation. | Partial |
| Rejected | Failed criteria or missing proof. | No |
| Expired | Past renewal date or superseded by policy change. | No |