by layertec | Jul 10, 2020 | Compliance
Scope preparation is never an easy task. It is prudent to plan this early on. With ISO/IEC 27701: 2019 the addition of PII is important. However, the author has found that occasionally the organisation seeking extended scope forgets that it may well be a data...
by layertec | Jul 10, 2020 | Compliance
In section five of ISO 27701 the Standard outlines the need to extend the protection of privacy with regards PII and information security. So, in simple terms a 27001: 2013 certificate would just relate to information security whereas with 27701 this becomes...
by layertec | Jul 10, 2020 | Compliance
The PIMS (Personal Information Management System) relates to the high-level standard Annex SL headings that form part of new management standards. The core sections such as context of organisation, leadership, planning, support, operations, performance evaluation and...
by layertec | Jul 10, 2020 | Compliance
Control area: 8.4.2 Return, transfer & disposal of PII Occasionally when data controllers end relationships with data processors disputes break out as to the ownership and return of PII. Indeed prior to the GDPR agreements in place were often vague or ambiguous...
by layertec | Jul 10, 2020 | Compliance
Once the organisation has mastered the interpretations of the PIMS specific requirements relating to ISO 27001: 2013 the Standard, attention can then be focussed upon the guidance for enhancements of the PII controls. Normally an entity would select controls from...