by layertec | Jul 10, 2020 | Compliance
Control area: 7.4 Privacy by design The control area from 27002 examines how an organisation addresses PII privacy through design and the selection of controls to reduce PII loss. Most data controllers and indeed processors of PII would try to limit the amounts of...
by layertec | Jul 10, 2020 | Compliance
Control area: 7.2.7 Joint PII Controller Joint data controller situations are always an interesting debate. In simplistic terms it means that both entities ‘control purpose and means’ of the PII. The control intimates that the joint data controllers should determine...
by layertec | Jul 10, 2020 | Compliance
Control area: 7.2 conditions for collection & processing. The section within 27701 from 7 onwards look at guidance for both PII controllers and PII processors. The guidance for the collection and processing of PII suggests the following: The organisation...
by layertec | Jul 10, 2020 | Compliance
The specific requirements of 27001: 2013 for information security risk assessment discusses the loss of CIA (Confidentiality, integrity & availability) of risks associated within the scope to be assessed. By adopting ISO 27701 the scope will require extension to...
by layertec | Jul 10, 2020 | Compliance
Organisations that hold current ISO 27001: 2013 registration will already have an information security policy in a documented format. ISO / IEC 27701: 2019 refers to PIMS guidance and policies for data security. The guidance advocates integrating or preparing a...