ISO/IEC 27701:2019. Privacy Information Management System
What you'll learn
- The requirements of ISO/IEC 27701:2019
- The relationship between ISO/IEC 27701 and ISO/IEC 27001
- What is a Privacy Information Management System (PIMS)
- A brief presentation of the information security controls in ISO/IEC 27001
- What are the requirements for organizations acting as PII controllers and PII processors
- No specific prior knowledge required
- Familiarity with ISO/IEC 27001 is a plus
- Knowledge of privacy and information security concepts is helpful
This course details the requirements of ISO/IEC 27701:2019, the latest standard published by ISO (The International Organization for Standardization) to define controls for an organization that processes a Personally Identifiable Information (PII).
ISO/IEC 27701 is an extension for privacy of ISO/IEC 27001 (the Information Security Management System standard) and can be used by any organization regardless of its location and size, regardless if it acts as PII (Personally Identifiable Information) controller, PII processor or both.
Protecting privacy is a significant business concern. According to IBM the average cost of a data breach is USD 3.6 million, and legal obligations are increasingly stringent. As we get more connected, governments all over the world are introducing various privacy regulations, such as the European Union’s General Data Protection Regulation (GDPR). ISO/IEC 27701 helps businesses meet such requirements, whatever jurisdiction they work in
Major companies and organizations have participated in the development of this standard. For example Microsoft was an active member of the committee that developed ISO/IEC 27701.
The course includes 5 sections:
- the first one is the Introductory section where we discuss about general aspects, definitions, privacy principles, privacy actors, international standards for privacy or the relationship of ISO/IEC 27701:2019 with the GDPR;
- the second section is about the general management system requirements including Context of the organization, Leadership, Planning, Support, Operation, Performance evaluation and Improvement.
- the third section discusses the information security controls (114) from ISO/IEC 27001 with privacy additions, where they are present. The following sets of controls are included: Information security and privacy policies, Organization of information security and privacy, Human resources security, Asset management, Access control, Cryptography, Physical and environmental security, Operations security, Communications security, Systems acquisition, development and maintenance, Supplier relationships, Incident management, Information security and privacy aspects of business continuity and Compliance;
- the fourth section includes requirements and guidelines for organizations that act as PII controllers and
- section five is about requirements and guidelines for organizations that act as PII processors.
From this course you will get all the knowledge you need to understand what a Privacy Information Management System is.
You can use this information to:
- work as a privacy consultant;
- participate in management system audits;
- enhance an organization's information security management system to meet the additional requirements of ISO/IEC 27701;
- implement a Privacy Information Management System in a company;
... or you can just have a better understanding of what is ISO approach on processing personally identifiable information.
You will get from this course concise information that you can re-visit at any time since Udemy offers life-time access and as you complete the training you will obtain a certificate for completion, that can be useful to demonstrate your competence.
Who this course is for:
- Privacy officers
- Information security managers
- Privacy consultants
- Management system auditors
- People involved in the implementation of management systems
- ISO specialists
What I do?
I translate the knowledge and best practice of international standards into common language, to help individuals and organizations improve.
What I like?
My interests include quality management, information security, business continuity, compliance management, occupational health & safety, environmental management, social responsibility, food safety or risk management.
Who am I?
I have started working in the field of standards, auditing and certification in the early 2000s and since then I have participated in hunderds of projects in multiple sectors and disciplines. Today I work for RIGCERT, an accredited certification body operating in Europe.
How I do things?
Since my first course, in 2016, my focus was always on providing the essential subjects and themes, so that you can get the important information in a concentrated form. For some of the subjects I teach, I collaborate with experts who help me offer value in every course that I create.