ISO/IEC 27701:2019, was published in August 2019. This new ISO comes from ISO/IEC 27552:2019 (published a month before).
This regulation is an extension of privacy of ISO/IEC 27001:2013, being a certifiable extension of it.
ISO/IEC 27701:2019 describes a framework for Personally Identifiable Information Controllers (PII) and PII Processors to manage privacy controls to reduce the risk to people’s privacy rights.
ISO/IEC 27701:2019 contains 263 controls contained in 8 main sections of requirements and controls related to the orientation with which they should be implemented by an organization:
- ISO scope, references, terms
- Context of the organization
- Leadership
- Planning
- Support
- Operation
- Performance evaluation
- Improvement
ISO/IEC 27701:2019 focuses on the “weakest link in the security chain” (people), reinforcing the existing controls of the “Human resource security: Security from the human factor” one domain belongs to ISO/IEC 27001:2013.