SlideShare a Scribd company logo
1 of 53
Download to read offline
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
• Introduction
• Setting the scene… regulations vs best practices
• ISO27701 fundamentals (ISMS, Privacy & GDPR)
• ISO27701 PIMS: main structure
• Quick walkthrough of extensions
• Next steps…
• Q & A
Agenda
Introduction
Peter Geelen (CyberMinute)
• 20+ years experience in security
• Enterprise Security & IAM
• Cybersecurity
• Data Protection & Privacy
• Incident management, Disaster Recovery
• Trainer, coach, auditor
• ISO27001 Master, Lead ISO27002
• Lead Implementer ISO27701
• Certified DPO & Fellow In Privacy
• Lead Incident Mgr & Disaster Recovery
• ISO27032 Sr. Lead Cybersecurity Mgr
• Lead ISO27005 (Risk Mgmt)
• Accredited ISO27001/9001
Lead auditor
• Accredited Security Trainer
My experience Certification Accreditation
http://www.cyberminute.com
https://cybr.cc/peter
More info (LinkedIn):
peter@cyberminute.com
Before we start…
Setting the scene
• Best practices ≠ regulations
• ISO Requirements vs guidelines
• Privacy ≠ Data Protection
• Data protection ≠ Information Security
• PII vs Personal Data
• International vs. Regional
Keep in mind…
• Best practices ≠ regulations
ISO = best practice, YOU choose to implement…
or not.
GDPR, NIS, Cyberact, eCommunication … = law
(no choice to implement)
• ISO Requirements vs guidelines
Requirement = part of audit
Guidelines = suggestions, advice to implement
What I mean is…
• Privacy ≠ Data Protection
GDPR = data protection (NOT PRIVACY)
Privacy = ISO29100/ISO29151
Data of subject (aka PII Principal)
• Data protection ≠ Information Security
ISO27001 = Information Security
Entreprise data
• PII vs Personal Data
ISO vs. GDPR vs. NIST
What I mean is…
• International vs. Regional
ISO = International
Regional
GDPR (EU, but …)
NIST (US, but…)
…
What I mean is…
Getting started
The ISO27701 fundamentals…
Information security
• ISO27001 (Info Security - Requirements)
• ISO27002 (Info Security - Code of Practice)
• ISO27018 (PII in public cloud)
Privacy
• ISO29100 (Privacy Framework) (*)
• ISO29151 (PII Protection - Code of Practice)
• ISO29134 (PIA)
Data protection
• GDPR (*)
ISO27701 builds on…
Incident management
• ISO27035
• NIST.SP.800-61r2 (Computer Security Incident Handling Guide) (*)
Risk management
• ISO27005
• NIST Risk management Framework (*)
Vocabulary
• ISO27000(*)
Some more help from …
Check the free ISO downloads at: http://ffwd2.me/FreeISO
How much of each?
ISO27001
ISO27002
ISO27701
EU GDPR
ISO29100
ISO29151
ISO27701 PIMS
Main structure
1-3. the ISO defaults
4. General
5. PIMS requirements - ISO27001
6. PIMS requirements - ISO27002
7. +ISO27002 guidance for PII Controllers
8. +ISO27002 guidance for PII Processors
Annex A-F
Main structure
A. Reference control objectives for controllers
B. Reference control objectives for processors
C. Mapping to ISO29100
D. Mapping to GDPR
E. Mapping to ISO27018 and ISO29151
F. How to apply ISO27701 to ISO27001/2
Main structure
Contains
• 10 Clauses
• + Annex
Annex:
— 14 control clauses
— 35 categories
— 114 controls / measures
Main structure
ISO27002 = ISO27001 Annex + guidance
Act Plan
DoCheck
ISO27001 main principle: PDCA
Time
Quality
Improvement
Quality
Assurance
Standard
Quality
Assurance
StandardAct Plan
DoCheck
Source: PECB ISO27001 Lead Implementer
PDCA in ISO27001
clause 6
Planning
clause 9
Performance
evaluation
clause 10
Improvement
clause 8
Operation
Clause 4
Context of the organization
Clause 7
Support
Clause 5
Leadership
Annex A
Control objectives and controls
5.1. General
'/../ The requirements of ISO/IEC 27001:2013 mentioning "information security"
shall be extended to the protection of privacy as potentially affected by the
processing of PII.
Key message in ISO27701
NOTE In practice, where "information security" is used in ISO/IEC 27001:2013,
"information security and privacy” applies instead (see Annex F). /../'
FYI
4.4. Customer
= subject/enterprise in case of controller
= controller in case of processor
= processor in case of subprocessor
ISO27701 mapping to ISO27001
4.3 ISO27001 requirements (ISO27701 Clause 5)
ISO27701 Topic ISO27001 Remark
5.2 Context of organisation 4 Changed
5.3 Leadership 5 Direct
5.4 Planning 6 Changed
5.5 Support 7 Direct
5.6 Operation 8 Direct
5.7 Performance evaluation 9 Direct
5.8 Improvement 10 Direct
ISO27701 mapping to ISO27002
4.3 ISO27002 requirements (ISO27701 Clause 6)
ISO27701 Topic ISO27002 Remark
6.2 Policies 5 Changed
6.3 Organisation 6 Changed
6.4 HR 7 Changed
6.5 Asset Management 8 Changed
6.6 Access Control 9 Changed
6.7 Cryptography 10 Changed
6.8 Physical and environment 11 Changed
ISO27701 mapping to ISO27002
4.3 ISO27002 requirements (ISO27701 Clause 6)
ISO27701 Topic ISO27002 Remark
6.9 Operations 12 Changed
6.10 Communications 13 Changed
6.11 Acquisition, Dev & mainten. 14 Changed
6.12 Suppliers 15 Changed
6.13 Incident Mgmt 16 Changed
6.14 Business Continuity 17 Direct
6.15 Compliance 18 Changed
ISO27701
Quick walkthrough of
extensions
(*) Not all extensions covered
5.2 Context
Most prominent extensions…
Important
extension of
Needs and expectations of interested parties
Applicable legislation
Management system scope (InfoSec + PII)
5.4 Risk assessment
Most prominent extensions…
Important extension of
Risk assessment aka PIA Risk treatment
6. PIMS in ISO27002
Important extension of
• Policies (now including PII)
• ISMS Roles (ref. CISO + now DPO)
• Training and awareness (everyone involved in PII treatment)
• (!) MEDIA HANDLING
Ref. Data breaches (GDPR)
Encryption, secure disposal, …
• Identity Management (part of access control)
Do not re-issue userIDs
User tracking
Most prominent extensions…
6. PIMS in ISO27002
Important extension of
• Information Backup
• Event logging
• Log protection
• System development & acquisition (see module 7 & 8)
• Test data
DO NOT USE PII for test data (use dummy or synthetic)
• INCIDENT MANAGEMENT (ref. GDPR data breaches)
• Compliance (legislation !, IP, data protection,…)
Most prominent extensions…
7. Guidance for controllers
Ref. GDPR subject rights & controller responsibility
• Purpose definition
• Lawful basis
• Consent management
• PIA
• PII Process contracting
• Subject rights ("PII principal")
Information
Object to processing
Copy of PII data
Request handling
Most prominent extensions…
7. Guidance for controllers
Ref. GDPR subject rights & controller responsibility
• Privacy by design (GDPR = "data protection by design")
• Privacy by default (GDPR = "data protection by default")
• Data minimization principles
• Accuracy & quality
• De-identification & disposal
• PII sharing, transfer & disclosure
Incl. ref to international legislation
Most prominent extensions…
8. Guidance for processors
Ref. controller vs processor responsibility
• Agreement (to delegate obligations)
• Marketing & advertisement
• Conflict of interest (or legal conflicts)
• PbD & PbDef
• Temporary files
• PII transfer & disposal
• (!) transfer between jurisdictions
• Disclosure requests
Most prominent extensions…
Annex A : control objectives for controllers
Most prominent extensions…
Not all of the control objectives and controls listed in this annex need to be
included in the PIMS implementation
When excluded: explanation in SoA (Statement of Applicability)
Annex B : control objectives for processors
Most prominent extensions…
Not all of the control objectives and controls listed in this annex need to be
included in the PIMS implementation
When excluded: explanation in SoA (Statement of Applicability).
Annex A: control objectives for controllers (31)
Most prominent extensions…
A.7.2 Conditions for collection and processing (8)
A.7.3 Obligations to PII Principals (10)
A.7.4 Privacy by design and privacy by default (9)
A.7.5 PII Sharing transfer and disclosure (4)
Annex B: control objectives for processors (18)
Most prominent extensions…
A.8.2 Conditions for collection and processing (6)
A.8.3 Obligations to PII Principals (1)
A.8.4 Privacy by design and privacy by default (3)
A.8.5 PII Sharing transfer and disclosure (8)
Annex C: mapping to ISO29100
Most prominent extensions…
Controllers
11 modules (44 controls)
Processors
9 modules (20 controls)
Most prominent extensions…
Annex D: mapping to GDPR
• Table on 3 pages ;)
Annex E-F
• ISO 27018/29151
• How to apply (Info sec > "info sec + privacy")
Standard as is
Addition (additional requirements)
refinement
Ramping up…
Relevant PECB Training courses
Relevant Training
PIMS
• PECB ISO 27701 LI (4+1) (LA to be announced)
Information Security
• PECB ISO27001 LI (4+1) (+LA, 4+1)
• PECB ISO27002 LM (4+1)
Data protection
• PECB Certified Data protection Officer (4+1)
Privacy
• PECB ISO29100 LI (4+1)
Relevant Training
Incident Management
• PECB ISO 27035 LI (4+1)
Risk Management
• PECB ISO 27005 LI (4+1)
Check the PECB agenda, select the ISO/IEC 27701 Lead
Implementer
https://pecb.com/en/partnerEvent/event_schedule_list
Training Events
For full detailed information about an event click on the ‘View’ button on the right hand
side under ‘View full details’.
Note: Before applying for any training courses listed below, please make sure you are
registered to PECB
Relevant Training
Appendix
Relevant Training
PECB ISO 27701
https://pecb.com/en/education-and-certification-for-individuals/iso-27701
Lead Implementer
https://pecb.com/en/education-and-certification-for-individuals/iso-27701/
iso-iec-27701-lead-implementer
Relevant Training
PECB ISO 27001
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Lead Implementer
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27001/iso-iec-27001-lead-implementer
Lead Auditor
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27001/iso-iec-27001-lead-auditor
Relevant Training
PECB ISO 27002
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27002
Lead Manager
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27002/iso-iec-27002-lead-manager
Relevant Training
PECB GDPR
https://pecb.com/en/education-and-certification-for-individuals/gdpr
CDPO
https://pecb.com/en/education-and-certification-for-individuals/gdpr/certified-
data-protection-officer
Relevant Training
PECB ISO29100
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100-
privacy-implementer
Lead Implementer
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100-
privacy-implementer/iso-29100-lead-privacy-implementer
Relevant Training
PECB ISO27035 - Incident Management
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035
Lead Incident Manager
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035
/iso-iec-27035-lead-incident-manager
Relevant Training
PECB ISO27005 - Risk Management
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005
Lead Risk Manager
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005
/iso-27005-lead-risk-manager
ISO/IEC 27701
Training Courses
• ISO/IEC 27701 Foundation
2 Day Course
• ISO/IEC 27701 Lead Implementer
5Days Course
Exam and certification fees are included in the training price.
https://pecb.com/en/education-and-certification-for-individuals/iso-
27701
www.pecb.com/events
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
THANK YOU
?
info@cyberminute.com CyberMinute

More Related Content

What's hot

ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesCertification Europe
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNA Putra
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowPECB
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 

What's hot (20)

ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and Challenges
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to know
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 

Similar to Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard

CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
20201014 iso27001 iso27701 nist v2 (extended version)
20201014 iso27001 iso27701 nist v2 (extended version)20201014 iso27001 iso27701 nist v2 (extended version)
20201014 iso27001 iso27701 nist v2 (extended version)Peter GEELEN ✔
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 
ISO 27701:2022 Data Privacy New Version Presentation
ISO 27701:2022 Data Privacy New Version PresentationISO 27701:2022 Data Privacy New Version Presentation
ISO 27701:2022 Data Privacy New Version Presentationyogaallworks
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000Ramana K V
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
Feb 26 NETP Slide Deck
Feb 26 NETP Slide DeckFeb 26 NETP Slide Deck
Feb 26 NETP Slide Deckddcomeau
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Sylvain Martinez
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologiesSalih Islam
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information TechnologyKathirvel Ayyaswamy
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdftoncik
 
Added value of an integrated management system
Added value of an integrated management systemAdded value of an integrated management system
Added value of an integrated management systemPECB
 
(SACON) Srinivas posarala - Challenges & Approach
(SACON) Srinivas posarala - Challenges & Approach(SACON) Srinivas posarala - Challenges & Approach
(SACON) Srinivas posarala - Challenges & ApproachPriyanka Aash
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Frameworkbarnetdh
 
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingTư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingNguyễn Đăng Quang
 

Similar to Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard (20)

CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
20201014 iso27001 iso27701 nist v2 (extended version)
20201014 iso27001 iso27701 nist v2 (extended version)20201014 iso27001 iso27701 nist v2 (extended version)
20201014 iso27001 iso27701 nist v2 (extended version)
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
 
ISO 27701:2022 Data Privacy New Version Presentation
ISO 27701:2022 Data Privacy New Version PresentationISO 27701:2022 Data Privacy New Version Presentation
ISO 27701:2022 Data Privacy New Version Presentation
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
mm CGEIT Best Practices and Concepts
mm CGEIT Best Practices and Conceptsmm CGEIT Best Practices and Concepts
mm CGEIT Best Practices and Concepts
 
Feb 26 NETP Slide Deck
Feb 26 NETP Slide DeckFeb 26 NETP Slide Deck
Feb 26 NETP Slide Deck
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service Management
 
Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologies
 
GDPRBrief.pptx
GDPRBrief.pptxGDPRBrief.pptx
GDPRBrief.pptx
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
 
Added value of an integrated management system
Added value of an integrated management systemAdded value of an integrated management system
Added value of an integrated management system
 
(SACON) Srinivas posarala - Challenges & Approach
(SACON) Srinivas posarala - Challenges & Approach(SACON) Srinivas posarala - Challenges & Approach
(SACON) Srinivas posarala - Challenges & Approach
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Framework
 
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingTư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
 

More from PECB

Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemPECB
 
ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?PECB
 

More from PECB (20)

Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
 
ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?
 

Recently uploaded

HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfMohonDas
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICESayali Powar
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.EnglishCEIPdeSigeiro
 
In - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxIn - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxAditiChauhan701637
 
The basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxThe basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxheathfieldcps1
 
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...Dr. Asif Anas
 
How to Solve Singleton Error in the Odoo 17
How to Solve Singleton Error in the  Odoo 17How to Solve Singleton Error in the  Odoo 17
How to Solve Singleton Error in the Odoo 17Celine George
 
How to Send Emails From Odoo 17 Using Code
How to Send Emails From Odoo 17 Using CodeHow to Send Emails From Odoo 17 Using Code
How to Send Emails From Odoo 17 Using CodeCeline George
 
10 Topics For MBA Project Report [HR].pdf
10 Topics For MBA Project Report [HR].pdf10 Topics For MBA Project Report [HR].pdf
10 Topics For MBA Project Report [HR].pdfJayanti Pande
 
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfYu Kanazawa / Osaka University
 
Optical Fibre and It's Applications.pptx
Optical Fibre and It's Applications.pptxOptical Fibre and It's Applications.pptx
Optical Fibre and It's Applications.pptxPurva Nikam
 
The Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George WellsThe Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George WellsEugene Lysak
 
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptxClinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptxraviapr7
 
Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...raviapr7
 
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17Celine George
 
Ultra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptxUltra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptxDr. Asif Anas
 
Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....Riddhi Kevadiya
 
Vani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
Vani Magazine - Quarterly Magazine of Seshadripuram Educational TrustVani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
Vani Magazine - Quarterly Magazine of Seshadripuram Educational TrustSavipriya Raghavendra
 
3.21.24 The Origins of Black Power.pptx
3.21.24  The Origins of Black Power.pptx3.21.24  The Origins of Black Power.pptx
3.21.24 The Origins of Black Power.pptxmary850239
 

Recently uploaded (20)

HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdf
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICE
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.
 
March 2024 Directors Meeting, Division of Student Affairs and Academic Support
March 2024 Directors Meeting, Division of Student Affairs and Academic SupportMarch 2024 Directors Meeting, Division of Student Affairs and Academic Support
March 2024 Directors Meeting, Division of Student Affairs and Academic Support
 
In - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxIn - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptx
 
The basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxThe basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptx
 
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
 
How to Solve Singleton Error in the Odoo 17
How to Solve Singleton Error in the  Odoo 17How to Solve Singleton Error in the  Odoo 17
How to Solve Singleton Error in the Odoo 17
 
How to Send Emails From Odoo 17 Using Code
How to Send Emails From Odoo 17 Using CodeHow to Send Emails From Odoo 17 Using Code
How to Send Emails From Odoo 17 Using Code
 
10 Topics For MBA Project Report [HR].pdf
10 Topics For MBA Project Report [HR].pdf10 Topics For MBA Project Report [HR].pdf
10 Topics For MBA Project Report [HR].pdf
 
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
 
Optical Fibre and It's Applications.pptx
Optical Fibre and It's Applications.pptxOptical Fibre and It's Applications.pptx
Optical Fibre and It's Applications.pptx
 
The Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George WellsThe Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George Wells
 
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptxClinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
 
Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...
 
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17
 
Ultra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptxUltra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptx
 
Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....
 
Vani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
Vani Magazine - Quarterly Magazine of Seshadripuram Educational TrustVani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
Vani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
 
3.21.24 The Origins of Black Power.pptx
3.21.24  The Origins of Black Power.pptx3.21.24  The Origins of Black Power.pptx
3.21.24 The Origins of Black Power.pptx
 

Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard

  • 2. • Introduction • Setting the scene… regulations vs best practices • ISO27701 fundamentals (ISMS, Privacy & GDPR) • ISO27701 PIMS: main structure • Quick walkthrough of extensions • Next steps… • Q & A Agenda
  • 4. Peter Geelen (CyberMinute) • 20+ years experience in security • Enterprise Security & IAM • Cybersecurity • Data Protection & Privacy • Incident management, Disaster Recovery • Trainer, coach, auditor • ISO27001 Master, Lead ISO27002 • Lead Implementer ISO27701 • Certified DPO & Fellow In Privacy • Lead Incident Mgr & Disaster Recovery • ISO27032 Sr. Lead Cybersecurity Mgr • Lead ISO27005 (Risk Mgmt) • Accredited ISO27001/9001 Lead auditor • Accredited Security Trainer My experience Certification Accreditation http://www.cyberminute.com https://cybr.cc/peter More info (LinkedIn): peter@cyberminute.com
  • 6. • Best practices ≠ regulations • ISO Requirements vs guidelines • Privacy ≠ Data Protection • Data protection ≠ Information Security • PII vs Personal Data • International vs. Regional Keep in mind…
  • 7. • Best practices ≠ regulations ISO = best practice, YOU choose to implement… or not. GDPR, NIS, Cyberact, eCommunication … = law (no choice to implement) • ISO Requirements vs guidelines Requirement = part of audit Guidelines = suggestions, advice to implement What I mean is…
  • 8. • Privacy ≠ Data Protection GDPR = data protection (NOT PRIVACY) Privacy = ISO29100/ISO29151 Data of subject (aka PII Principal) • Data protection ≠ Information Security ISO27001 = Information Security Entreprise data • PII vs Personal Data ISO vs. GDPR vs. NIST What I mean is…
  • 9. • International vs. Regional ISO = International Regional GDPR (EU, but …) NIST (US, but…) … What I mean is…
  • 10. Getting started The ISO27701 fundamentals…
  • 11. Information security • ISO27001 (Info Security - Requirements) • ISO27002 (Info Security - Code of Practice) • ISO27018 (PII in public cloud) Privacy • ISO29100 (Privacy Framework) (*) • ISO29151 (PII Protection - Code of Practice) • ISO29134 (PIA) Data protection • GDPR (*) ISO27701 builds on…
  • 12. Incident management • ISO27035 • NIST.SP.800-61r2 (Computer Security Incident Handling Guide) (*) Risk management • ISO27005 • NIST Risk management Framework (*) Vocabulary • ISO27000(*) Some more help from … Check the free ISO downloads at: http://ffwd2.me/FreeISO
  • 13. How much of each? ISO27001 ISO27002 ISO27701 EU GDPR ISO29100 ISO29151
  • 15. 1-3. the ISO defaults 4. General 5. PIMS requirements - ISO27001 6. PIMS requirements - ISO27002 7. +ISO27002 guidance for PII Controllers 8. +ISO27002 guidance for PII Processors Annex A-F Main structure
  • 16. A. Reference control objectives for controllers B. Reference control objectives for processors C. Mapping to ISO29100 D. Mapping to GDPR E. Mapping to ISO27018 and ISO29151 F. How to apply ISO27701 to ISO27001/2 Main structure
  • 17. Contains • 10 Clauses • + Annex Annex: — 14 control clauses — 35 categories — 114 controls / measures Main structure ISO27002 = ISO27001 Annex + guidance
  • 18. Act Plan DoCheck ISO27001 main principle: PDCA Time Quality Improvement Quality Assurance Standard Quality Assurance StandardAct Plan DoCheck
  • 19. Source: PECB ISO27001 Lead Implementer PDCA in ISO27001 clause 6 Planning clause 9 Performance evaluation clause 10 Improvement clause 8 Operation Clause 4 Context of the organization Clause 7 Support Clause 5 Leadership Annex A Control objectives and controls
  • 20. 5.1. General '/../ The requirements of ISO/IEC 27001:2013 mentioning "information security" shall be extended to the protection of privacy as potentially affected by the processing of PII. Key message in ISO27701 NOTE In practice, where "information security" is used in ISO/IEC 27001:2013, "information security and privacy” applies instead (see Annex F). /../'
  • 21. FYI 4.4. Customer = subject/enterprise in case of controller = controller in case of processor = processor in case of subprocessor
  • 22. ISO27701 mapping to ISO27001 4.3 ISO27001 requirements (ISO27701 Clause 5) ISO27701 Topic ISO27001 Remark 5.2 Context of organisation 4 Changed 5.3 Leadership 5 Direct 5.4 Planning 6 Changed 5.5 Support 7 Direct 5.6 Operation 8 Direct 5.7 Performance evaluation 9 Direct 5.8 Improvement 10 Direct
  • 23. ISO27701 mapping to ISO27002 4.3 ISO27002 requirements (ISO27701 Clause 6) ISO27701 Topic ISO27002 Remark 6.2 Policies 5 Changed 6.3 Organisation 6 Changed 6.4 HR 7 Changed 6.5 Asset Management 8 Changed 6.6 Access Control 9 Changed 6.7 Cryptography 10 Changed 6.8 Physical and environment 11 Changed
  • 24. ISO27701 mapping to ISO27002 4.3 ISO27002 requirements (ISO27701 Clause 6) ISO27701 Topic ISO27002 Remark 6.9 Operations 12 Changed 6.10 Communications 13 Changed 6.11 Acquisition, Dev & mainten. 14 Changed 6.12 Suppliers 15 Changed 6.13 Incident Mgmt 16 Changed 6.14 Business Continuity 17 Direct 6.15 Compliance 18 Changed
  • 25. ISO27701 Quick walkthrough of extensions (*) Not all extensions covered
  • 26. 5.2 Context Most prominent extensions… Important extension of Needs and expectations of interested parties Applicable legislation Management system scope (InfoSec + PII)
  • 27. 5.4 Risk assessment Most prominent extensions… Important extension of Risk assessment aka PIA Risk treatment
  • 28. 6. PIMS in ISO27002 Important extension of • Policies (now including PII) • ISMS Roles (ref. CISO + now DPO) • Training and awareness (everyone involved in PII treatment) • (!) MEDIA HANDLING Ref. Data breaches (GDPR) Encryption, secure disposal, … • Identity Management (part of access control) Do not re-issue userIDs User tracking Most prominent extensions…
  • 29. 6. PIMS in ISO27002 Important extension of • Information Backup • Event logging • Log protection • System development & acquisition (see module 7 & 8) • Test data DO NOT USE PII for test data (use dummy or synthetic) • INCIDENT MANAGEMENT (ref. GDPR data breaches) • Compliance (legislation !, IP, data protection,…) Most prominent extensions…
  • 30. 7. Guidance for controllers Ref. GDPR subject rights & controller responsibility • Purpose definition • Lawful basis • Consent management • PIA • PII Process contracting • Subject rights ("PII principal") Information Object to processing Copy of PII data Request handling Most prominent extensions…
  • 31. 7. Guidance for controllers Ref. GDPR subject rights & controller responsibility • Privacy by design (GDPR = "data protection by design") • Privacy by default (GDPR = "data protection by default") • Data minimization principles • Accuracy & quality • De-identification & disposal • PII sharing, transfer & disclosure Incl. ref to international legislation Most prominent extensions…
  • 32. 8. Guidance for processors Ref. controller vs processor responsibility • Agreement (to delegate obligations) • Marketing & advertisement • Conflict of interest (or legal conflicts) • PbD & PbDef • Temporary files • PII transfer & disposal • (!) transfer between jurisdictions • Disclosure requests Most prominent extensions…
  • 33. Annex A : control objectives for controllers Most prominent extensions… Not all of the control objectives and controls listed in this annex need to be included in the PIMS implementation When excluded: explanation in SoA (Statement of Applicability)
  • 34. Annex B : control objectives for processors Most prominent extensions… Not all of the control objectives and controls listed in this annex need to be included in the PIMS implementation When excluded: explanation in SoA (Statement of Applicability).
  • 35. Annex A: control objectives for controllers (31) Most prominent extensions… A.7.2 Conditions for collection and processing (8) A.7.3 Obligations to PII Principals (10) A.7.4 Privacy by design and privacy by default (9) A.7.5 PII Sharing transfer and disclosure (4)
  • 36. Annex B: control objectives for processors (18) Most prominent extensions… A.8.2 Conditions for collection and processing (6) A.8.3 Obligations to PII Principals (1) A.8.4 Privacy by design and privacy by default (3) A.8.5 PII Sharing transfer and disclosure (8)
  • 37. Annex C: mapping to ISO29100 Most prominent extensions… Controllers 11 modules (44 controls) Processors 9 modules (20 controls)
  • 38. Most prominent extensions… Annex D: mapping to GDPR • Table on 3 pages ;) Annex E-F • ISO 27018/29151 • How to apply (Info sec > "info sec + privacy") Standard as is Addition (additional requirements) refinement
  • 39. Ramping up… Relevant PECB Training courses
  • 40. Relevant Training PIMS • PECB ISO 27701 LI (4+1) (LA to be announced) Information Security • PECB ISO27001 LI (4+1) (+LA, 4+1) • PECB ISO27002 LM (4+1) Data protection • PECB Certified Data protection Officer (4+1) Privacy • PECB ISO29100 LI (4+1)
  • 41. Relevant Training Incident Management • PECB ISO 27035 LI (4+1) Risk Management • PECB ISO 27005 LI (4+1)
  • 42. Check the PECB agenda, select the ISO/IEC 27701 Lead Implementer https://pecb.com/en/partnerEvent/event_schedule_list Training Events For full detailed information about an event click on the ‘View’ button on the right hand side under ‘View full details’. Note: Before applying for any training courses listed below, please make sure you are registered to PECB Relevant Training
  • 44. Relevant Training PECB ISO 27701 https://pecb.com/en/education-and-certification-for-individuals/iso-27701 Lead Implementer https://pecb.com/en/education-and-certification-for-individuals/iso-27701/ iso-iec-27701-lead-implementer
  • 45. Relevant Training PECB ISO 27001 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001 Lead Implementer https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27001/iso-iec-27001-lead-implementer Lead Auditor https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27001/iso-iec-27001-lead-auditor
  • 46. Relevant Training PECB ISO 27002 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27002 Lead Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27002/iso-iec-27002-lead-manager
  • 48. Relevant Training PECB ISO29100 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100- privacy-implementer Lead Implementer https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100- privacy-implementer/iso-29100-lead-privacy-implementer
  • 49. Relevant Training PECB ISO27035 - Incident Management https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035 Lead Incident Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035 /iso-iec-27035-lead-incident-manager
  • 50. Relevant Training PECB ISO27005 - Risk Management https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005 Lead Risk Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005 /iso-27005-lead-risk-manager
  • 51. ISO/IEC 27701 Training Courses • ISO/IEC 27701 Foundation 2 Day Course • ISO/IEC 27701 Lead Implementer 5Days Course Exam and certification fees are included in the training price. https://pecb.com/en/education-and-certification-for-individuals/iso- 27701 www.pecb.com/events

Editor's Notes

  1. Vocabulary is important To understand the ISO27701 you need some background
  2. Some examples: PCI-DSS (Payment Card Industry - Data security Standard) GDPR = law
  3. In ISO the requirements can be 'scoped', you can choose to which extent you apply the principles in your organization From specific service, department, part of company or whole company, or even beyond (incl. customers)
  4. Privacy Your identity What you do at home… Who you are Data protection Protecting data ABOUT you What is known about you ISO = best practice GDPR = law NIST = advisory,
  5. Keep in mind Application of GDPR can be modified by national legislation, to a certain level E.g. definition of children's age (to decide without adult) = 16y Some national laws have lowered that limit to 13.
  6. Reference ISO27701 Introduction 2. Normative References
  7. As explained in the DPO course, these principles from GDPR apply in other international Privacy regulations & legislation too…
  8. Lead Auditor for ISO27001 ISO27701 (to be launched)
  9. (ISO/IEC 27701 Lead Auditor will be published soon)
  10. The PECB Store is PECB’s new business line that has officially launched on October 3, 2019. We invite you to take a look at this new e-commerce platform and its products by clicking this link: https://store.pecb.com Some of the products that you will find available on the PECB Store are ISO and/or IEC standards, which will be sold at a very convenient price. You can also purchase ISO 27701: 2019 for only 171 USD . If you have any further questions regarding the PECB Store please contact us at store@pecb.com.