Introduction to ISO-IEC 27701-2019 and Privacy Information Systems (PIMS)
3 hours 39 minutes
Welcome to Module 2.8.
Introduction to ISO slash ec 27701 coal in 2019.
And privacy information management systems or PMS.
As we wrap up module to We're going to explore to frameworks first will be the Eye. So I e c 27701 at what it covers. And the second will be in module 2.9, which is the new nist privacy framework
In this module though, we'll focus on 27701 and we'll also understand what specifically in the outline for. S 027701.
So what is this? A 2770 uncovered.
It specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a privacy information management system and the form of an extension to I so I e c 27001 and I so I E c 27002 for privacy management within the context of the organization.
So the neat thing about this is a standard, is that not only does it apply to
an information management system as it relates to privacy, but also to the management of your overall program.
So it's a nice way to either measure or compare your current program to the new standard or build it off of this standard.
The outline of it. So 27701
specifically relates to
general leadership planning, support,
Operation performance, evaluation and improvement.
general information security policies.
Organization of Information Security. Human resource Security, asset management, Access control, cryptography, physical and environmental security. Operation Security, Communications, Security system acquisition, supplier relationships, incident management,
Business continuity and compliance are all covered under ice. 027701.
Some of this probably looks familiar based off of the previous modules.
In addition to what was covered,
there are guidance for pia controllers, pia processors
and an annex that covers controls the objectives for P I controllers and processors
mapping the general data and mapping to other issues
specifically for Pc controllers. In the first bullet conditions for collection and processing privacy by design and privacy by default,
P sharing transfer and disclosure are covered
in the second bullet, P I processors conditions for collection and processing obligations for peace principles, P I sharing transfer and disclosure are all covered.
Let's take a look at and accept.
In this example we see how some of the terms from IsIL I E C 27001 are now mapped into I so I E C 27701
In the previous ISO standard
information security stood alone
In the new I so 27701.
Information security is now joined
by the term privacy.
Also, if you look at the 4th row information security management systems.
SMS is now privacy Information management systems or P I M S
Is i? So 27701 is certification.
The answer's no. However, vendors can provide meditation at the station. They comply with 27701
quiz question. When did I saw slash 27701 Get announced?
Is it 1 2013 to 2016 or three? 2019?
It was announced in 2019.
I firmly believe this framework is solid and one because of its
recent announcement is something that you can either measure your current program on
Or build your new privacy program on the isil to 7701 standard.
In this module we discussed the eye. So I see 27701 standard and reviewed the eye. So slash I E c 27701 outline.