Introduction to ISO-IEC 27701-2019 and Privacy Information Systems (PIMS)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
3 hours 39 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Transcription
00:01
Welcome to Module 2.8.
00:03
Introduction to ISO slash ec 27701 coal in 2019.
00:09
And privacy information management systems or PMS.
00:14
As we wrap up module to We're going to explore to frameworks first will be the Eye. So I e c 27701 at what it covers. And the second will be in module 2.9, which is the new nist privacy framework
00:26
In this module though, we'll focus on 27701 and we'll also understand what specifically in the outline for. S 027701.
00:37
So what is this? A 2770 uncovered.
00:39
It specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a privacy information management system and the form of an extension to I so I e c 27001 and I so I E c 27002 for privacy management within the context of the organization.
00:58
So the neat thing about this is a standard, is that not only does it apply to
01:03
an information management system as it relates to privacy, but also to the management of your overall program.
01:11
So it's a nice way to either measure or compare your current program to the new standard or build it off of this standard.
01:21
The outline of it. So 27701
01:25
specifically relates to
01:26
general leadership planning, support,
01:29
Operation performance, evaluation and improvement.
01:34
Also
01:34
general information security policies.
01:37
Organization of Information Security. Human resource Security, asset management, Access control, cryptography, physical and environmental security. Operation Security, Communications, Security system acquisition, supplier relationships, incident management,
01:53
Business continuity and compliance are all covered under ice. 027701.
02:00
Some of this probably looks familiar based off of the previous modules.
02:07
In addition to what was covered,
02:09
there are guidance for pia controllers, pia processors
02:15
and an annex that covers controls the objectives for P I controllers and processors
02:20
mapping the general data and mapping to other issues
02:23
specifically for Pc controllers. In the first bullet conditions for collection and processing privacy by design and privacy by default,
02:30
P sharing transfer and disclosure are covered
02:34
in the second bullet, P I processors conditions for collection and processing obligations for peace principles, P I sharing transfer and disclosure are all covered.
02:46
Let's take a look at and accept.
02:50
In this example we see how some of the terms from IsIL I E C 27001 are now mapped into I so I E C 27701
03:00
In the previous ISO standard
03:02
information security stood alone
03:06
In the new I so 27701.
03:08
Information security is now joined
03:12
by the term privacy.
03:14
Also, if you look at the 4th row information security management systems.
03:19
SMS is now privacy Information management systems or P I M S
03:28
Is i? So 27701 is certification.
03:30
The answer's no. However, vendors can provide meditation at the station. They comply with 27701
03:40
quiz question. When did I saw slash 27701 Get announced?
03:46
Is it 1 2013 to 2016 or three? 2019?
03:55
It was announced in 2019.
03:59
I firmly believe this framework is solid and one because of its
04:02
recent announcement is something that you can either measure your current program on
04:06
Or build your new privacy program on the isil to 7701 standard.
04:15
In this module we discussed the eye. So I see 27701 standard and reviewed the eye. So slash I E c 27701 outline.
Up Next