ISO/IEC 27701:2019

ISO/IEC 27701:2019, was published in August 2019. This new ISO comes from ISO/IEC 27552:2019 (published a month before).

This regulation is an extension of privacy of ISO/IEC 27001:2013, being a certifiable extension of it.

ISO/IEC 27701:2019 describes a framework for Personally Identifiable Information Controllers (PII) and PII Processors to manage privacy controls to reduce the risk to people’s privacy rights.

ISO/IEC 27701:2019 contains 263 controls contained in 8 main sections of requirements and controls related to the orientation with which they should be implemented by an organization:

  1. ISO scope, references, terms
  2. Context of the organization
  3. Leadership
  4. Planning
  5. Support
  6. Operation
  7. Performance evaluation
  8. Improvement

ISO/IEC 27701:2019 focuses on the “weakest link in the security chain” (people), reinforcing the existing controls of the “Human resource security: Security from the human factor” one domain belongs to ISO/IEC 27001:2013.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.