The PIMS (Personal Information Management System) relates to the high-level standard Annex SL headings that form part of new management standards.
The core sections such as context of organisation, leadership, planning, support, operations, performance evaluation and improvement will be familiar territory to many users of other standards. This new standard ISO 27701 provides interpretation of the high-level requirements and guidance on controls from 27702.
With regards controls selection which a user would refer to Annex A within 27001, the new Standard provides guidance notes on interpreting controls to be enhanced. ISO 27002 will be familiar for the development of sound ISMS controls.
Sections seven and eight should assist the reader with regards PII contractual obligations they hold regards data processing. Section seven deals with PII for data controllers and section eight deals with PII for processors.
Of course, your organisation may be both a data controller and processor so consideration of both Annex A and B at the rear of the Standard should be noted.
Both Annex A for PII controls and Annex B for PII processors lays out guidance for appropriate PII controls to be adopted.
For further information and to book your ISO27701 survey please contact: Marcus J Allen at Thamer James Ltd. Email: [email protected]
Marcus has twenty years’ experience in information security standards and has assisted numerous organisations in gaining registration to 27001. He holds a BSI 27001 lead auditor certificate and BSI qualifications in 27701. In addition, Marcus is Certified Data Protection Officer, GDPR practitioner qualified and a member of the National Association of Data Protection Officers.