Thamer James Blog

One key area within a customer vulnerability programme is to address accessibility. This should be seen in the context of the organisation’s offerings.  The products and services offered should be considered against all the needs and expectations of customer...

Customers of organisation are all different. They will have a wide range of abilities and some issues will not be so clearly defined. Circumstances can rapidly change as we have seen during the coronavirus pandemic and over night people that were financially or...

Control area: 7.4 Privacy by design The control area from 27002 examines how an organisation addresses PII privacy through design and the selection of controls to reduce PII loss. Most data controllers and indeed processors of PII would try to limit the amounts of...

Control area: 7.2.7 Joint PII Controller Joint data controller situations are always an interesting debate. In simplistic terms it means that both entities ‘control purpose and means’ of the PII. The control intimates that the joint data controllers should determine...

The specific requirements of 27001: 2013 for information security risk assessment discusses the loss of CIA (Confidentiality, integrity & availability) of risks associated within the scope to be assessed. By adopting ISO 27701 the scope will require extension to...

Control area: 7.2 conditions for collection & processing. The section within 27701 from 7 onwards look at guidance for both PII controllers and PII processors.  The guidance for the collection and processing of PII suggests the following: The organisation...