by layertec | Jul 10, 2020 | Compliance
The specific requirements of 27001: 2013 for information security risk assessment discusses the loss of CIA (Confidentiality, integrity & availability) of risks associated within the scope to be assessed. By adopting ISO 27701 the scope will require extension to...
by layertec | Jul 10, 2020 | Compliance
Control area: 7.2 conditions for collection & processing. The section within 27701 from 7 onwards look at guidance for both PII controllers and PII processors. The guidance for the collection and processing of PII suggests the following: The organisation...
by layertec | Jul 10, 2020 | Compliance
Organisations that hold current ISO 27001: 2013 registration will already have an information security policy in a documented format. ISO / IEC 27701: 2019 refers to PIMS guidance and policies for data security. The guidance advocates integrating or preparing a...
by layertec | Jul 10, 2020 | Compliance
Scope preparation is never an easy task. It is prudent to plan this early on. With ISO/IEC 27701: 2019 the addition of PII is important. However, the author has found that occasionally the organisation seeking extended scope forgets that it may well be a data...
by layertec | Jul 10, 2020 | Compliance
In section five of ISO 27701 the Standard outlines the need to extend the protection of privacy with regards PII and information security. So, in simple terms a 27001: 2013 certificate would just relate to information security whereas with 27701 this becomes...
