Thamer James Blog

Organisations that hold current ISO 27001: 2013 registration will already have an information security policy in a documented format. ISO / IEC 27701: 2019 refers to PIMS guidance and policies for data security. The guidance advocates integrating or preparing a...

Scope preparation is never an easy task. It is prudent to plan this early on. With ISO/IEC 27701: 2019 the addition of PII is important. However, the author has found that occasionally the organisation seeking extended scope forgets that it may well be a data...

In section five of ISO 27701 the Standard outlines the need to extend the protection of privacy with regards PII and information security. So, in simple terms a 27001: 2013 certificate would just relate to information security whereas with 27701 this becomes...

The PIMS (Personal Information Management System) relates to the high-level standard Annex SL headings that form part of new management standards. The core sections such as context of organisation, leadership, planning, support, operations, performance evaluation and...

Control area: 8.4.2 Return, transfer & disposal of PII Occasionally when data controllers end relationships with data processors disputes break out as to the ownership and return of PII. Indeed prior to the GDPR agreements in place were often vague or ambiguous...

Once the organisation has mastered the interpretations of the PIMS specific requirements relating to ISO 27001: 2013 the Standard, attention can then be focussed upon the guidance for enhancements of the PII controls. Normally an entity would select controls from...