ISO/IEC 27701:2019. Privacy Information Management System

Name: ISO/IEC 27701:2019. Privacy Information Management System
Rating: 4.5 (1248 reviews)

Enhance your privacy knowledge with the latest ISO standard on this subject

(1,248 ratings)

4,046 students

Created by Cristian Vlad Lupa

Last updated 2/2020

English

What you'll learn

The requirements of ISO/IEC 27701:2019
The relationship between ISO/IEC 27701 and ISO/IEC 27001
What is a Privacy Information Management System (PIMS)
A brief presentation of the information security controls in ISO/IEC 27001
What are the requirements for organizations acting as PII controllers and PII processors

Requirements

No specific prior knowledge required
Familiarity with ISO/IEC 27001 is a plus
Knowledge of privacy and information security concepts is helpful

Description

This course details the requirements of ISO/IEC 27701:2019, the latest standard published by ISO (The International Organization for Standardization) to define controls for an organization that processes a Personally Identifiable Information (PII).

ISO/IEC 27701 is an extension for privacy of ISO/IEC 27001 (the Information Security Management System standard) and can be used by any organization regardless of its location and size, regardless if it acts as PII (Personally Identifiable Information) controller, PII processor or both.

Protecting privacy is a significant business concern. According to IBM the average cost of a data breach is USD 3.6 million, and legal obligations are increasingly stringent. As we get more connected, governments all over the world are introducing various privacy regulations, such as the European Union’s General Data Protection Regulation (GDPR). ISO/IEC 27701 helps businesses meet such requirements, whatever jurisdiction they work in

Major companies and organizations have participated in the development of this standard. For example Microsoft was an active member of the committee that developed ISO/IEC 27701.

The course includes 5 sections:

- the first one is the Introductory section where we discuss about general aspects, definitions, privacy principles, privacy actors, international standards for privacy or the relationship of ISO/IEC 27701:2019 with the GDPR;

- the second section is about the general management system requirements including Context of the organization, Leadership, Planning, Support, Operation, Performance evaluation and Improvement.

- the third section discusses the information security controls (114) from ISO/IEC 27001 with privacy additions, where they are present. The following sets of controls are included: Information security and privacy policies, Organization of information security and privacy, Human resources security, Asset management, Access control, Cryptography, Physical and environmental security, Operations security, Communications security, Systems acquisition, development and maintenance, Supplier relationships, Incident management, Information security and privacy aspects of business continuity and Compliance;

- the fourth section includes requirements and guidelines for organizations that act as PII controllers and

- section five is about requirements and guidelines for organizations that act as PII processors.

From this course you will get all the knowledge you need to understand what a Privacy Information Management System is.

You can use this information to:

- work as a privacy consultant;

- participate in management system audits;

- enhance an organization's information security management system to meet the additional requirements of ISO/IEC 27701;

- implement a Privacy Information Management System in a company;

... or you can just have a better understanding of what is ISO approach on processing personally identifiable information.

You will get from this course concise information that you can re-visit at any time since Udemy offers life-time access and as you complete the training you will obtain a certificate for completion, that can be useful to demonstrate your competence.

Who this course is for:

Privacy officers
Information security managers
Privacy consultants
Management system auditors
People involved in the implementation of management systems
ISO specialists

Featured review

Paloli M.

5 courses

2 reviews

3 years ago

I am a Lead Auditor for ISMS and other standards/models. I took PIMS course to understand ISO/IEC 27701 standard better. I do training on ISMS too. In this course, the instructor has explained ISMS and PIMS to the point and explaining the essentials. I highly recommend this course for anybody who is interested in PIMS and with inputs to GDPR. Dr. Shareef

Cristian Vlad Lupa

I teach about standards, conformity and auditing

4.5 Instructor Rating
53,812 Reviews
121,331 Students
23 Courses

What I do?

I translate the knowledge and best practice of international standards into common language, to help individuals and organizations improve.

What I like?

My interests include quality management, information security, business continuity, compliance management, occupational health & safety, environmental management, social responsibility, food safety or risk management.

Who am I?

I have started working in the field of standards, auditing and certification in the early 2000s and since then I have participated in hunderds of projects in multiple sectors and disciplines. Today I work for RIGCERT, an accredited certification body operating in Europe.

How I do things?

Since my first course, in 2016, my focus was always on providing the essential subjects and themes, so that you can get the important information in a concentrated form. For some of the subjects I teach, I collaborate with experts who help me offer value in every course that I create.