ISO 27701 Consultant – Scope issues

Scope preparation is never an easy task. It is prudent to plan this early on. With ISO/IEC 27701: 2019 the addition of PII is important. However, the author has found that occasionally the organisation seeking extended scope forgets that it may well be a data...

ISO 27701 Consultant – Context of organisation

In section five of ISO 27701 the Standard outlines the need to extend the protection of privacy with regards PII and information security. So, in simple terms a 27001: 2013 certificate would just relate to information security whereas with 27701 this becomes...

ISO 27701 Consultant – Structure of 27701

The PIMS (Personal Information Management System) relates to the high-level standard Annex SL headings that form part of new management standards. The core sections such as context of organisation, leadership, planning, support, operations, performance evaluation and...

ISO 27701 Consultant – Return & disposal of PII

Control area: 8.4.2 Return, transfer & disposal of PII Occasionally when data controllers end relationships with data processors disputes break out as to the ownership and return of PII. Indeed prior to the GDPR agreements in place were often vague or ambiguous...

ISO 27701 Consultant – PIMS Guidance

Once the organisation has mastered the interpretations of the PIMS specific requirements relating to ISO 27001: 2013 the Standard, attention can then be focussed upon the guidance for enhancements of the PII controls. Normally an entity would select controls from...