ISO/IEC 27701. Privacy Information Management System

This course details the requirements of ISO/IEC 27701:2019, the latest standard published by ISO (The International Organization for Standardization) to define controls for an organization that processes a Personally Identifiable Information (PII).

ISO/IEC 27701 is an extension for privacy of ISO/IEC 27001 (the Information Security Management System standard) and can be used by any organization regardless of its location and size, regardless if it acts as PII (Personally Identifiable Information) controller, PII processor or both.

Protecting privacy is a significant business concern. According to IBM the average cost of a data breach is USD 3.6 million, and legal obligations are increasingly stringent. As we get more connected, governments all over the world are introducing various privacy regulations, such as the European Union’s General Data Protection Regulation (GDPR). ISO/IEC 27701 helps businesses meet such requirements, whatever jurisdiction they work in

Major companies and organizations have participated in the development of this standard. For example Microsoft was an active member of the committee that developed ISO/IEC 27701.

The course includes 5 sections:

- the first one is the Introductory section where we discuss about general aspects, definitions, privacy principles, privacy actors, international standards for privacy or the relationship of ISO/IEC 27701:2019 with the GDPR;

- the second section is about the general management system requirements including Context of the organization, Leadership, Planning, Support, Operation, Performance evaluation and Improvement.

- the third section discusses the information security controls (114) from ISO/IEC 27001 with privacy additions, where they are present. The following sets of controls are included: Information security and privacy policies, Organization of information security and privacy, Human resources security, Asset management, Access control, Cryptography, Physical and environmental security, Operations security, Communications security, Systems acquisition, development and maintenance, Supplier relationships, Incident management, Information security and privacy aspects of business continuity and Compliance;

- the fourth section includes requirements and guidelines for organizations that act as PII controllers and

- section five is about requirements and guidelines for organizations that act as PII processors.

From this course you will get all the knowledge you need to understand what a Privacy Information Management System is.

You can use this information to:

- work as a privacy consultant;

- participate in management system audits;

- enhance an organization's information security management system to meet the additional requirements of ISO/IEC 27701;

- implement a Privacy Information Management System in a company;

... or you can just have a better understanding of what is ISO approach on processing personally identifiable information.

You will get from this course concise information that you can re-visit at any time since Udemy offers life-time access and as you complete the training you will obtain a certificate for completion, that can be useful to demonstrate your competence.