SlideShare une entreprise Scribd logo
1  sur  86
Télécharger pour lire hors ligne
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
• Introduction
• Before we start…
• ISO27001 implementation vs audit
• ISMS vs PIMS, in practice
• The implementer view
• The auditor view
• Q & A
Agenda
Introduction
Peter Geelen (CyberMinute)
• 20+ years experience in security
• Enterprise Security & IAM
• Cybersecurity
• Data Protection & Privacy
• Incident management, Disaster Recovery
• Trainer, coach, auditor
• ISO27001 Master & Lead ISO27002
• ISO27701 Lead Impl. & Lead Auditor
• Certified DPO & Fellow In Privacy
• Lead Incident Mgr & Disaster Recovery
• ISO27032 Sr. Lead Cybersecurity Mgr
• Lead ISO27005 (Risk Mgmt)
• Accredited ISO27001/9001
Lead auditor
• Accredited Security Trainer
My experience Certification Accreditation
http://www.cyberminute.com
https://ffwd2.me/pgeelen
More info (LinkedIn):
peter@cyberminute.com
Stefan Mathuvis (QMA)
• 20 years experience in security
• Quality Management
• Quality Auditor
• Cybersecurity
• Security, Data Protection & Privacy
• Trainer, coach, auditor
• ISO27001 Lead Auditor
• ISO9001 Lead Auditor
• Lead auditor ESD & GDP Pharma
• Lead auditor GQS
• CDPO
• Master trainer DGQ
• Accredited ISO27001 lead
auditor
• Accredited 9001 Lead
auditor
My experience Certification Accreditation
http://www.qma.be
https://ffwd2.me/stefan
More info (LinkedIn):
Stefan@qma.be
Before we start…
Previous session recap
• Quick Guide to ISO/IEC 27701-The Newest Privacy Information Standard
• PECB: https://pecb.com/past-webinars/quick-guide-to-isoiec-27701-the-newest-
privacy-information-standard
• Recording: https://youtu.be/ilw4UmMSlU4
• Slideshare: https://www.slideshare.net/PECBCERTIFICATION/quick-guide-to-
isoiec-27701-the-newest-privacy-information-standard
• ISO/IEC 27701 vs GDPR - What you need to know
• PECB: https://pecb.com/past-webinars/isoiec-27701-vs-gdpr-what-you-need-to-
know
• Recording: https://www.youtube.com/watch?v=P80So3ryvJ8
• Slideshare: https://www.slideshare.net/PECBCERTIFICATION/isoiec-27701-vs-
gdpr-what-you-need-to-know
For other webinars, see: https://pecb.com/en/webinars
Recap: Previous sessions
• Remember ISO27001
• ISMS, Information Security (Management System)
• 10 Clauses
• 114 controls
• Based on PDCA
Recap: ISO27001 structure
Act Plan
DoCheck
ISO27001 main principle: PDCA
Time
Quality
Improvement
Quality
Assurance
Standard
Quality
Assurance
StandardAct Plan
DoCheck
Source: ISO9001-2015
Did you know…
Source: PECB ISO27001 Lead Implementer
PDCA in ISO27001
clause 6
Planning
clause 9
Performance
evaluation
clause 10
Improvement
clause 8
Operation
Clause 4
Context of the organization
Clause 7
Support
Clause 5
Leadership
Annex A - Control objectives and controls
Extension to ISO27001 (ISMS)
• Information security Management system
• + Extension to privacy
• + interpretation for GDPR
= PIMS
(Privacy Information Management system)
ISO27701 (PIMS)
Naming convention
To avoid any confusion:
• ISMS refers to ISO27001
• PIMS refers to ISO27701 (on top of ISO27001)
For this session…
ISMS implementation vs audit
Opposite or complementary?
Officially starts with external audit but….
• You can use the audit techniques during initial implementation
• Implement pre-stage audit
• Internal audit is needed (official requirement)
• System must have sufficient track record before initial audit
After initial audit
• Yearly surveillance
• 3 year cycle to renewal
• Continuous maintenance (also for internal audit)
• Continuous improvement
The ISO audit lifecycle…
Initial audit
• “Get in control”
• Passing the mark
• Basic maturity (ref. CMMI … level 3)
• Room for growth and maturity
Surveillance audit (+ recertification)
• “Stay in control”
• Focus on improvement
• Increasing maturity
• Based on metrics and measurement…
The ISO audit lifecycle…
Starts long before the external audit
• To use the audit techniques during initial
• Pre-stage audit
• Internal audit needed (official requirement)
Doesn’t stop after initial external audit
• Maintenance
The implementation lifecycle…
When starting in ISMS implementation
• It takes time to adapt business processes to ISO approach
• Focus on evidence..
• Not only documentation,
• but also operational results that can be tracked
• People that know how ISMS plugs in to their work
Audit
• Not just a check list, but focus on results
• Based on evidence (double evidence)
• Advisory function (but not consulting)
Hints and tips
ISMS to PIMS, in practice.
Getting the mind shift right…
When shifting from ISMS to PIMS
• It’s no more about “enterprise only” data
• It’s ALSO about “personal data’
• On top of it…
Meaning, you’re in the lead with enterprise data, in ISMS.
The subject is in the lead when handling personal data… in PIMS
(Strong legislation giving power to subject.)
Fundamental change in approach
ISMS
Fundamental change in mindset & environment
ISMS ISMS
PIMS
The implementer/audit view of PIMS
Recap from previous sessions.
Auditor vs implementer
• If you know how the audit works, you know better what to
implement
• Both in the right spirit
• Results based,
• not check list based
• Growth mindset
• Not perfect at first step
• Better done than perfect
• Think big, act small…
Why is this important?
• The audit cycle pushes the implementation of PDCA
• Continuous improvement
• Step by step
• Have an independent / external view
• Keep the helicopter view, with good relation between
• Business
• IT
• DPO
• Legal
The auditor view helps to…
• Include audit considerations from the start
• Involve audit throughout the project
• Internal audit vs external audit
• External audit
• mostly end stage (before you restart the cycle)
• Certification target
• Internal audit
• Separate department
• Why not cross check? (cross-department)
• External auditor (but still under authority of data controller)
Some practical hints
• Look at the external auditor as advisor
• Not a checklist dummy
• [NOT consultant ;) ]
• Find the right auditor for you, YOU choose
• Experience, expertise
• Right mindset (continuous improvement)
• Focus on getting results
• CMMI: 1… 2… 3… 4… 5…
Some practical hints
Recap: ISO27701 mapping to ISO27001
4.3 ISO27001 requirements (ISO27701 Clause 5)
ISO27701 Topic ISO27001 Remark
5.2 Context of organisation 4 Changed
5.3 Leadership 5 Direct
5.4 Planning 6 Changed
5.5 Support 7 Direct
5.6 Operation 8 Direct
5.7 Performance evaluation 9 Direct
5.8 Improvement 10 Direct
Recap: ISO27701 mapping to ISO27001
4.3 ISO27002 requirements (ISO27701 Clause 6)
ISO27701 Topic ISO27002 Remark
6.2 Policies 5 Changed
6.3 Organisation 6 Changed
6.4 HR 7 Changed
6.5 Asset Management 8 Changed
6.6 Access Control 9 Changed
6.7 Cryptography 10 Changed
6.8 Physical and environment 11 Changed
Recap: ISO27701 mapping to ISO27001
4.3 ISO27002 requirements (ISO27701 Clause 6)
ISO27701 Topic ISO27002 Remark
6.9 Operations 12 Changed
6.10 Communications 13 Changed
6.11 Acquisition, Dev & mainten. 14 Changed
6.12 Suppliers 15 Changed
6.13 Incident Mgmt 16 Changed
6.14 Business Continuity 17 Direct
6.15 Compliance 18 Changed
The implementer view of ISO27701
Quick tour: special attention
Interested parties
• ISMS: Mainly enterprise, contractual, customers, … bit of employee
• PIMS: strong focus on subject data, in any type
Different approach
• High impact regulation
• Worldwide
• Very powerful individual
• Define goal, vision, mission & strategy
• Documentation!
PIMS 5.2 / ISMS 4 (Context) Implementer
Interested parties
• ISMS: vision, commitment, policy, RACI,
• PIMS: accountability (ref. GDPR)
Make sure to
• Organize regular management meetings
• Plan agenda, take notes, …
• Register Decisions taken
• Plan Communication, incl. all interested parties (incl. external)
• Make sure mgmt. takes responsibility.
• Make them accountable, …
PIMS 5.3 / ISMS 5 (Leadership) Implementer
EXTREMELY IMPORTANT
• ISMS: risk management is CORE requirement
• PIMS: PIA, DPIA (GDPR)
You must
• Have a risk register
• Setup Risk management system (not the software, but the process)
• Maintain risk management
HINT: how to assess risk in EXISTING environment?
(New processes, update of existing processes and regular basis)
PIMS 5.4 / ISMS 6 (Planning) Implementer
ISMS = PIMS, you must have
• resources
• Competence
• Awareness, communication & education
• Documentation
You need
• Budget
• People
• Time
PIMS 5.5 / ISMS 7 (Support) Implementer
PIMS 5.6/5.7/5.8 = ISMS 8/9/10
• Operations
• Performance
• Improvement
You need
• Operations: Info security / Data protection / Privacy in your DNA
• Performance: plan for metrics and measure (CMMI 4)
• Improvement: CONTINUOUSLY
Other clauses Implementer
Policies
• ISMS ISO27002 (114 controls + …)
• PIMS ISO27002 + ISO27701
• ISMS prefix “A” = ISO27002
• Measures
• Controls
• For security we need PPT = people, process & technology
PIMS 6 / ISMS Annex
Policies
• ISMS ISO27002 (114 controls + …)
• PIMS ISO27002 + ISO27002 ;..
Tasks
• Setup policies / documentation
• Approve policies
• Execute policies
• Update policies on a regular basis
PIMS 6.2 / ISMS A5 Implementer
ISMS PIMS Serving
Management Team idem Enterprise
Risk Management Team idem Enterprise
Info Sec team idem Enterprise
IT operations team idem Enterprise
Business idem Enterprise
Legal support idem Enterprise
/ DPO or similar Subject
PIMS 6.3 / ISMS A6 (IS Org.) Implementer
Info
• PIMS: privacy & data protection in
• contracting
• awareness.
Special attention to
• Reference of data protection in contracting
• People are lazy (maintain awareness)
• Training
IMPORTANT: everyone must be onboard to protect personal data!
PIMS 6.4 / ISMS A7 (HR) General
Make sure to implement
• Asset inventory / CMDB
• Not only HW
• Also processes
• People & knowledge
Special attention to
• Classification
PIMS 6.5 / ISMS A8 (Asset Mgmt) Implementer
ISMS labels categ. PIMS lables Serving
0 - Public Non PII/GDPR Enterprise
1 – Internal Enterprise
2 - Strict internal Enterprise
3 - Critical Enterprise
(4 – Secret) Enterprise
PII Subject
Sensitive PII Subject
PIMS 6.5 / ISMS A8 (Asset Mgmt) Implementer
Must have
• Access control policy
• User (de)registration
Special attention to
• PIMS: identity management
• PIMS EXPLICIT:
• DO NOT RE-USE user IDs
PIMS 6.6 / ISMS A9 (Access ctrl.) Implementer
Contains
• Crypto policy
• Special attention to PII treatment
Special attention to
• Subject information about crypto in
• Website, HR, registration systems, storage, backup, …
• Disposal of data !
• Evolution of technology in crypto!
PIMS 6.7 / ISMS A10 (Crypto) General
Must have
• Physical security
• Security perimeters
• Layered security
Special attention to
• Core protection, starts with physical
• Layered security like
• Street, outside, perimeter,
• public zone, internal zone, restricted zone, high protection core, …
• Define : “who can do what and where (and when)”
PIMS 6.8 / ISMS A11 (Physicl Sec.) Implementer
Special attention to (See previous sessions on PIMS)
• Backup
• Event logging
• Log protection
PIMS 6.9 / ISMS A12 (Operations) Implementer
Do what you say,
say what you do, …
… and prove it
Make sure to have
• Information transfer policy
• Vendor / 3rd party / Data processor policy
Special attention to
• Vendor/processor
• Confidentiality
• NDA
• Incident reporting & feedback
PIMS 6.10 / ISMS A13 (Comm.) General
Contains
• Development policies
• SW acquisition requirements
Special attention to
• Own responsibility
• Vendor/processor responsibility
• Sec/DP/Privacy by design
• Sec/DP/privacy by default
PIMS explicit: no PII for testing purposes!
PIMS 6.11 / ISMS A14 (Build or buy) Implement
Important
• Compensate for lack of physical control
• Legal control
• PIMS : High risk!
Special attention to
• Policy
• Contracts
• Expert legal support
• Right to audit!
PIMS 6.12 / ISMS A15 (Supplier) Implementer
Important
• Incident register
• Incident = failure of system (opportunity for improvement)
• PIMS : High risk for data breaches!
Special attention to
• Policy
• Tracking & improvement
• Escalation tracks
• Exercise, exercise!
PIMS 6.13 / ISMS A16 (Incident) Implementer
Important
• Maintaining data protection & privacy during disaster
• BCM vs DRP
Special attention to
• Exercise
• Testing
• Vendors
PIMS 6.14 / ISMS A17 (BCM) Implementer
Pay attention to
• Legislation
• Contract obligations
• Company responsibility (protect yourself)
• Subject rights
Evidence
• Anything we discussed today…
PIMS 6.15 / ISMS A18 (Compliance) General
The audit view of ISO27701
Focus on evidence
Interested parties
• ISMS: documentation on business model, mission, vision, …
• PIMS: ISMS documentation, privacy notices, .. Type of community
What evidence to find?
• Mission/Vision
• Community
• Business model, processes, type of data
• Talking to business & customer dept.
PIMS 5.2 / ISMS 4 (Context) Auditor
Interested parties
• ISMS: documentation on business model, mission, vision, …
• PIMS: ISMS documentation, privacy notices, .. Type of community
How to audit?
• Management meetings, agenda, notes, …
• Decisions taken
• Communication
• Approvals & signature of policies, …
PIMS 5.3 / ISMS 5 (Leadership) Auditor
Look for
• ISMS = Risk management
• PIMS = Risk management + PIA/DPIA
Evidence
• Risk sources: incident register, incident reporting,
• Track solution of incident
• Data breach reporting (confirmed incidents)
• Risk register (setup, up to date, ownership, RACI, …)
PIMS 5.4 / ISMS 6 (Planning) Auditor
ISMS = PIMS
• Check for management support
• Check for education plan
• Check for awareness
Evidence
• Interview
• Management planning
• Education, awareness & communication
PIMS 5.5 / ISMS 7 (Support) Auditor
PIMS 5.6/5.7/5.8 = ISMS 8/9/10
• Operations
• Performance
• Improvement
Evidence
• Operations: processed, procedures, … on the floor
• Performance: Find the metrics
• Improvement: internal audit, new projects, updates, …
Other clauses Auditor
To check
• Policies
• SOA
Evidence
• Setup policies / documentation
• Approval of policies
• Execution policies
• Updates
PIMS 6.2 / ISMS A5 Auditor
Check for
• organigram
• Company organisation
• RACI
• Segregation of duties
Evidence
• Roles & responsibilities description
• Function description incl. ISMS/PIMS tasks
• People IN/OUT
PIMS 6.3 / ISMS A6 Auditor
Info
• PIMS: privacy & data protection in
• contracting
• awareness.
Special attention to
• Reference of data protection in contracting
• People are laze (maintain awareness)
• Training
IMPORTANT: everyone must be onboard to protect personal data!
PIMS 6.4 / ISMS A7 (HR) General
Pay attention to
• HR IN/OUT vs. IT IN/OUT
Evidence
• HR
• IT security
• Privileged account management
• General accounts
• In/out events
• Regular reviews (x times /yr)
PIMS 6.6 / ISMS A9 (Access ctrl.) Auditor
Contains
• Crypto policy
• Special attention to PII treatment
Special attention to
• Subject information about crypto in
• Website, HR, registration systems, storage, backup, …
• Disposal of data !
PIMS 6.7 / ISMS A10 (Crypto) General
Pay attention to
• Building
• Locations
• Entry,
• Zones
• Equipment, cabling,
• 3rd party (!)
Evidence
• On site visit
PIMS 6.8 / ISMS A11 (Physical) Auditor
Pay attention to
• Tracing of ISMS/PIMS on the floor
• People
Evidence
• Logs
• Processes & procedures
• Time stamps
• Ownership
• Meeting minutes
• Documentation
• ….
PIMS 6.9 / ISMS A12 (Operations) Auditor
Make sure to have
• Information transfer policy
• Vendor / 3rd party / Data processor policy
Special attention to
• Vendor/processor
• Confidentiality
• NDA
• Incident reporting & feedback
PIMS 6.10 / ISMS A13 (Communic.) General
Pay attention to
• PIMS Annex A.7.4 (controller)
• PIMS Annex B.8.4 (processor)
Evidence
• Agreements
• Acquisition procedures
• Development policies & processes
PIMS 6.11 / ISMS A14 (Build or buy) Auditor
Pay attention to
• Supplier policies
• Vendor relations
• Vendor contracts
Evidence
• Vendor negotiations
• Vendor contracts
• Vendor audits
• 3rd party audit reports
• Vendor tracking/invoicing
• Vendor management updates
PIMS 6.12 / ISMS A15 (Supplier) Auditor
Pay attention to
• Incident management policy
• Incident register
• Data breach register
• Data breach notifications
Evidence
• Policy meta data (owner, updates, …)
• Incident management procedure
• Data breach reporting
• DPA communications, …
PIMS 6.13 / ISMS A16 (Incident) Auditor
Pay attention to
• Maintaining data protection & privacy during disaster
• BCM vs DRP
Evidence
• BCM planning
• DRP plan
• Test plans
• Exercises
• Awareness, training & communication
PIMS 6.14 / ISMS A17 (BCM) Auditor
Pay attention to
• Legislation
• Contract obligations
• Company responsibility (protect yourself)
• Subject rights
Evidence
• Anything we discussed today…
PIMS 6.15 / ISMS A18 (Compliance) General
And last but not least…
Never done
PDCA… Continous improvement
Start over again…
See you at the next cycle…
Q & A
Questions & answers
Appendix
Ramping up…
Relevant PECB Training courses
Check the PECB agenda, select the ISO/IEC 27701 Lead
Implementer
https://pecb.com/en/partnerEvent/event_schedule_list
Training Events
For full detailed information about an event click on the ‘View’ button on the right hand
side under ‘View full details’.
Note: Before applying for any training courses listed below, please make sure you are
registered to PECB
Training Agenda
Relevant Training
PECB ISO 27701 Foundation
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27701/iso-iec-27701-foundation
PECB ISO 27701 Lead Implementer
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27701/iso-iec-27701-lead-implementer
PECB ISO 27701 Lead Auditor
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27701/iso-iec-27701-lead-auditor
Relevant Training
PECB ISO 27001
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Lead Implementer
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27001/iso-iec-27001-lead-implementer
Lead Auditor
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27001/iso-iec-27001-lead-auditor
Relevant Training
PECB ISO 27002
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27002
Lead Manager
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27002/iso-iec-27002-lead-manager
Relevant Training
PECB GDPR
https://pecb.com/en/education-and-certification-for-individuals/gdpr
CDPO
https://pecb.com/en/education-and-certification-for-individuals/gdpr/certified-
data-protection-officer
Relevant Training
PECB ISO29100
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100-
privacy-implementer
Lead Implementer
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100-
privacy-implementer/iso-29100-lead-privacy-implementer
Relevant Training
PECB ISO27035 - Incident Management
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035
Lead Incident Manager
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035
/iso-iec-27035-lead-incident-manager
Relevant Training
PECB ISO27005 - Risk Management
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005
Lead Risk Manager
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005
/iso-27005-lead-risk-manager
ISO/IEC 27701
Training Courses
• ISO/IEC 27701 Foundation
2 Day Course
• ISO/IEC 27701 Lead Implementer
5Days Course
Exam and certification fees are included in the training price.
https://pecb.com/en/education-and-certification-for-individuals/iso-
27701
www.pecb.com/events
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
THANK YOU
?
info@cyberminute.com CyberMinute
Stefan Mathuvisstefan@qma.be

Contenu connexe

Tendances

NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNA Putra
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsPECB
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 

Tendances (20)

NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO Standards
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 

Similaire à Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation

ISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access PassISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access PassA-lign
 
ISO Auditing: What Is It and Why Should You Consider It?
ISO Auditing: What Is It and Why Should You Consider It?ISO Auditing: What Is It and Why Should You Consider It?
ISO Auditing: What Is It and Why Should You Consider It?Triumvirate Environmental
 
ISO 27001-Manage IT Risks and Build Customer Confidence
ISO 27001-Manage IT Risks and Build Customer ConfidenceISO 27001-Manage IT Risks and Build Customer Confidence
ISO 27001-Manage IT Risks and Build Customer ConfidenceAl Abbas, PMP, CISSP, MBA, MSc
 
The Basics of ISO Certification
The Basics of ISO CertificationThe Basics of ISO Certification
The Basics of ISO CertificationDozuki Software
 
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...IEVISION IT SERVICES Pvt. Ltd
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...PECB
 
Why iso 27001_awareness_presentation_en
Why iso 27001_awareness_presentation_enWhy iso 27001_awareness_presentation_en
Why iso 27001_awareness_presentation_enSelby Wilson
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 
PECB Webinar: ISO Internal Audits - A signpost to ISO compliance
PECB Webinar: ISO Internal Audits - A signpost to ISO compliancePECB Webinar: ISO Internal Audits - A signpost to ISO compliance
PECB Webinar: ISO Internal Audits - A signpost to ISO compliancePECB
 
O365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicO365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicNCCOMMS
 
ISO_9001_Mangement_Briefing.pptx
ISO_9001_Mangement_Briefing.pptxISO_9001_Mangement_Briefing.pptx
ISO_9001_Mangement_Briefing.pptxukavathekar
 
Certification Body Approach to ISO 9001:2015 by NQA
Certification Body Approach to ISO 9001:2015 by NQACertification Body Approach to ISO 9001:2015 by NQA
Certification Body Approach to ISO 9001:2015 by NQANQA
 
Quality Management System awareness for all
Quality Management System awareness for all Quality Management System awareness for all
Quality Management System awareness for all ANUPAM RAY
 

Similaire à Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation (20)

ISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access PassISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access Pass
 
ISO Auditing: What Is It and Why Should You Consider It?
ISO Auditing: What Is It and Why Should You Consider It?ISO Auditing: What Is It and Why Should You Consider It?
ISO Auditing: What Is It and Why Should You Consider It?
 
ISO 27001-Manage IT Risks and Build Customer Confidence
ISO 27001-Manage IT Risks and Build Customer ConfidenceISO 27001-Manage IT Risks and Build Customer Confidence
ISO 27001-Manage IT Risks and Build Customer Confidence
 
The Basics of ISO Certification
The Basics of ISO CertificationThe Basics of ISO Certification
The Basics of ISO Certification
 
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
 
Iso 27001 lead implementer
Iso 27001 lead implementerIso 27001 lead implementer
Iso 27001 lead implementer
 
Iso 27001 lead implementer in al ahmadi
Iso 27001 lead implementer in al ahmadiIso 27001 lead implementer in al ahmadi
Iso 27001 lead implementer in al ahmadi
 
Iso 27001 lead implementer training in kuwaitcity
Iso 27001 lead implementer training in kuwaitcityIso 27001 lead implementer training in kuwaitcity
Iso 27001 lead implementer training in kuwaitcity
 
Damco iso 27001
Damco iso   27001Damco iso   27001
Damco iso 27001
 
Iso 27001 lead auditor
Iso 27001 lead auditorIso 27001 lead auditor
Iso 27001 lead auditor
 
Why iso 27001_awareness_presentation_en
Why iso 27001_awareness_presentation_enWhy iso 27001_awareness_presentation_en
Why iso 27001_awareness_presentation_en
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
 
PECB Webinar: ISO Internal Audits - A signpost to ISO compliance
PECB Webinar: ISO Internal Audits - A signpost to ISO compliancePECB Webinar: ISO Internal Audits - A signpost to ISO compliance
PECB Webinar: ISO Internal Audits - A signpost to ISO compliance
 
O365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicO365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav Lulic
 
ISO_9001_Mangement_Briefing.pptx
ISO_9001_Mangement_Briefing.pptxISO_9001_Mangement_Briefing.pptx
ISO_9001_Mangement_Briefing.pptx
 
Damco iso 27001
Damco iso   27001Damco iso   27001
Damco iso 27001
 
Damco iso 27001
Damco iso   27001Damco iso   27001
Damco iso 27001
 
Certification Body Approach to ISO 9001:2015 by NQA
Certification Body Approach to ISO 9001:2015 by NQACertification Body Approach to ISO 9001:2015 by NQA
Certification Body Approach to ISO 9001:2015 by NQA
 
Quality Management System awareness for all
Quality Management System awareness for all Quality Management System awareness for all
Quality Management System awareness for all
 

Plus de PECB

Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemPECB
 
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...PECB
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022PECB
 
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowCMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowPECB
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 

Plus de PECB (20)

Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
 
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
 
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowCMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
 

Dernier

Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...raviapr7
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational PhilosophyShuvankar Madhu
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.EnglishCEIPdeSigeiro
 
How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17Celine George
 
How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17Celine George
 
Human-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming ClassesHuman-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming ClassesMohammad Hassany
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationMJDuyan
 
The Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George WellsThe Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George WellsEugene Lysak
 
The Singapore Teaching Practice document
The Singapore Teaching Practice documentThe Singapore Teaching Practice document
The Singapore Teaching Practice documentXsasf Sfdfasd
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfMohonDas
 
General views of Histopathology and step
General views of Histopathology and stepGeneral views of Histopathology and step
General views of Histopathology and stepobaje godwin sunday
 
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfMaximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfTechSoup
 
In - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxIn - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxAditiChauhan701637
 
Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxKatherine Villaluna
 
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxPractical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxKatherine Villaluna
 
Patterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptxPatterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptxMYDA ANGELICA SUAN
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?TechSoup
 
CapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapitolTechU
 

Dernier (20)

Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational Philosophy
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.
 
How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17
 
How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17
 
Finals of Kant get Marx 2.0 : a general politics quiz
Finals of Kant get Marx 2.0 : a general politics quizFinals of Kant get Marx 2.0 : a general politics quiz
Finals of Kant get Marx 2.0 : a general politics quiz
 
Human-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming ClassesHuman-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming Classes
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive Education
 
The Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George WellsThe Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George Wells
 
The Singapore Teaching Practice document
The Singapore Teaching Practice documentThe Singapore Teaching Practice document
The Singapore Teaching Practice document
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdf
 
General views of Histopathology and step
General views of Histopathology and stepGeneral views of Histopathology and step
General views of Histopathology and step
 
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfMaximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
 
In - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxIn - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptx
 
Personal Resilience in Project Management 2 - TV Edit 1a.pdf
Personal Resilience in Project Management 2 - TV Edit 1a.pdfPersonal Resilience in Project Management 2 - TV Edit 1a.pdf
Personal Resilience in Project Management 2 - TV Edit 1a.pdf
 
Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptx
 
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxPractical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
 
Patterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptxPatterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptx
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?
 
CapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptx
 

Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation

  • 2. • Introduction • Before we start… • ISO27001 implementation vs audit • ISMS vs PIMS, in practice • The implementer view • The auditor view • Q & A Agenda
  • 4. Peter Geelen (CyberMinute) • 20+ years experience in security • Enterprise Security & IAM • Cybersecurity • Data Protection & Privacy • Incident management, Disaster Recovery • Trainer, coach, auditor • ISO27001 Master & Lead ISO27002 • ISO27701 Lead Impl. & Lead Auditor • Certified DPO & Fellow In Privacy • Lead Incident Mgr & Disaster Recovery • ISO27032 Sr. Lead Cybersecurity Mgr • Lead ISO27005 (Risk Mgmt) • Accredited ISO27001/9001 Lead auditor • Accredited Security Trainer My experience Certification Accreditation http://www.cyberminute.com https://ffwd2.me/pgeelen More info (LinkedIn): peter@cyberminute.com
  • 5. Stefan Mathuvis (QMA) • 20 years experience in security • Quality Management • Quality Auditor • Cybersecurity • Security, Data Protection & Privacy • Trainer, coach, auditor • ISO27001 Lead Auditor • ISO9001 Lead Auditor • Lead auditor ESD & GDP Pharma • Lead auditor GQS • CDPO • Master trainer DGQ • Accredited ISO27001 lead auditor • Accredited 9001 Lead auditor My experience Certification Accreditation http://www.qma.be https://ffwd2.me/stefan More info (LinkedIn): Stefan@qma.be
  • 7. • Quick Guide to ISO/IEC 27701-The Newest Privacy Information Standard • PECB: https://pecb.com/past-webinars/quick-guide-to-isoiec-27701-the-newest- privacy-information-standard • Recording: https://youtu.be/ilw4UmMSlU4 • Slideshare: https://www.slideshare.net/PECBCERTIFICATION/quick-guide-to- isoiec-27701-the-newest-privacy-information-standard • ISO/IEC 27701 vs GDPR - What you need to know • PECB: https://pecb.com/past-webinars/isoiec-27701-vs-gdpr-what-you-need-to- know • Recording: https://www.youtube.com/watch?v=P80So3ryvJ8 • Slideshare: https://www.slideshare.net/PECBCERTIFICATION/isoiec-27701-vs- gdpr-what-you-need-to-know For other webinars, see: https://pecb.com/en/webinars Recap: Previous sessions
  • 8. • Remember ISO27001 • ISMS, Information Security (Management System) • 10 Clauses • 114 controls • Based on PDCA Recap: ISO27001 structure
  • 9. Act Plan DoCheck ISO27001 main principle: PDCA Time Quality Improvement Quality Assurance Standard Quality Assurance StandardAct Plan DoCheck
  • 11. Source: PECB ISO27001 Lead Implementer PDCA in ISO27001 clause 6 Planning clause 9 Performance evaluation clause 10 Improvement clause 8 Operation Clause 4 Context of the organization Clause 7 Support Clause 5 Leadership Annex A - Control objectives and controls
  • 12. Extension to ISO27001 (ISMS) • Information security Management system • + Extension to privacy • + interpretation for GDPR = PIMS (Privacy Information Management system) ISO27701 (PIMS)
  • 13. Naming convention To avoid any confusion: • ISMS refers to ISO27001 • PIMS refers to ISO27701 (on top of ISO27001) For this session…
  • 14. ISMS implementation vs audit Opposite or complementary?
  • 15. Officially starts with external audit but…. • You can use the audit techniques during initial implementation • Implement pre-stage audit • Internal audit is needed (official requirement) • System must have sufficient track record before initial audit After initial audit • Yearly surveillance • 3 year cycle to renewal • Continuous maintenance (also for internal audit) • Continuous improvement The ISO audit lifecycle…
  • 16. Initial audit • “Get in control” • Passing the mark • Basic maturity (ref. CMMI … level 3) • Room for growth and maturity Surveillance audit (+ recertification) • “Stay in control” • Focus on improvement • Increasing maturity • Based on metrics and measurement… The ISO audit lifecycle…
  • 17. Starts long before the external audit • To use the audit techniques during initial • Pre-stage audit • Internal audit needed (official requirement) Doesn’t stop after initial external audit • Maintenance The implementation lifecycle…
  • 18. When starting in ISMS implementation • It takes time to adapt business processes to ISO approach • Focus on evidence.. • Not only documentation, • but also operational results that can be tracked • People that know how ISMS plugs in to their work Audit • Not just a check list, but focus on results • Based on evidence (double evidence) • Advisory function (but not consulting) Hints and tips
  • 19. ISMS to PIMS, in practice. Getting the mind shift right…
  • 20. When shifting from ISMS to PIMS • It’s no more about “enterprise only” data • It’s ALSO about “personal data’ • On top of it… Meaning, you’re in the lead with enterprise data, in ISMS. The subject is in the lead when handling personal data… in PIMS (Strong legislation giving power to subject.) Fundamental change in approach
  • 21. ISMS Fundamental change in mindset & environment ISMS ISMS PIMS
  • 22. The implementer/audit view of PIMS Recap from previous sessions.
  • 23. Auditor vs implementer • If you know how the audit works, you know better what to implement • Both in the right spirit • Results based, • not check list based • Growth mindset • Not perfect at first step • Better done than perfect • Think big, act small… Why is this important?
  • 24. • The audit cycle pushes the implementation of PDCA • Continuous improvement • Step by step • Have an independent / external view • Keep the helicopter view, with good relation between • Business • IT • DPO • Legal The auditor view helps to…
  • 25. • Include audit considerations from the start • Involve audit throughout the project • Internal audit vs external audit • External audit • mostly end stage (before you restart the cycle) • Certification target • Internal audit • Separate department • Why not cross check? (cross-department) • External auditor (but still under authority of data controller) Some practical hints
  • 26. • Look at the external auditor as advisor • Not a checklist dummy • [NOT consultant ;) ] • Find the right auditor for you, YOU choose • Experience, expertise • Right mindset (continuous improvement) • Focus on getting results • CMMI: 1… 2… 3… 4… 5… Some practical hints
  • 27. Recap: ISO27701 mapping to ISO27001 4.3 ISO27001 requirements (ISO27701 Clause 5) ISO27701 Topic ISO27001 Remark 5.2 Context of organisation 4 Changed 5.3 Leadership 5 Direct 5.4 Planning 6 Changed 5.5 Support 7 Direct 5.6 Operation 8 Direct 5.7 Performance evaluation 9 Direct 5.8 Improvement 10 Direct
  • 28. Recap: ISO27701 mapping to ISO27001 4.3 ISO27002 requirements (ISO27701 Clause 6) ISO27701 Topic ISO27002 Remark 6.2 Policies 5 Changed 6.3 Organisation 6 Changed 6.4 HR 7 Changed 6.5 Asset Management 8 Changed 6.6 Access Control 9 Changed 6.7 Cryptography 10 Changed 6.8 Physical and environment 11 Changed
  • 29. Recap: ISO27701 mapping to ISO27001 4.3 ISO27002 requirements (ISO27701 Clause 6) ISO27701 Topic ISO27002 Remark 6.9 Operations 12 Changed 6.10 Communications 13 Changed 6.11 Acquisition, Dev & mainten. 14 Changed 6.12 Suppliers 15 Changed 6.13 Incident Mgmt 16 Changed 6.14 Business Continuity 17 Direct 6.15 Compliance 18 Changed
  • 30. The implementer view of ISO27701 Quick tour: special attention
  • 31. Interested parties • ISMS: Mainly enterprise, contractual, customers, … bit of employee • PIMS: strong focus on subject data, in any type Different approach • High impact regulation • Worldwide • Very powerful individual • Define goal, vision, mission & strategy • Documentation! PIMS 5.2 / ISMS 4 (Context) Implementer
  • 32. Interested parties • ISMS: vision, commitment, policy, RACI, • PIMS: accountability (ref. GDPR) Make sure to • Organize regular management meetings • Plan agenda, take notes, … • Register Decisions taken • Plan Communication, incl. all interested parties (incl. external) • Make sure mgmt. takes responsibility. • Make them accountable, … PIMS 5.3 / ISMS 5 (Leadership) Implementer
  • 33. EXTREMELY IMPORTANT • ISMS: risk management is CORE requirement • PIMS: PIA, DPIA (GDPR) You must • Have a risk register • Setup Risk management system (not the software, but the process) • Maintain risk management HINT: how to assess risk in EXISTING environment? (New processes, update of existing processes and regular basis) PIMS 5.4 / ISMS 6 (Planning) Implementer
  • 34. ISMS = PIMS, you must have • resources • Competence • Awareness, communication & education • Documentation You need • Budget • People • Time PIMS 5.5 / ISMS 7 (Support) Implementer
  • 35. PIMS 5.6/5.7/5.8 = ISMS 8/9/10 • Operations • Performance • Improvement You need • Operations: Info security / Data protection / Privacy in your DNA • Performance: plan for metrics and measure (CMMI 4) • Improvement: CONTINUOUSLY Other clauses Implementer
  • 36. Policies • ISMS ISO27002 (114 controls + …) • PIMS ISO27002 + ISO27701 • ISMS prefix “A” = ISO27002 • Measures • Controls • For security we need PPT = people, process & technology PIMS 6 / ISMS Annex
  • 37. Policies • ISMS ISO27002 (114 controls + …) • PIMS ISO27002 + ISO27002 ;.. Tasks • Setup policies / documentation • Approve policies • Execute policies • Update policies on a regular basis PIMS 6.2 / ISMS A5 Implementer
  • 38. ISMS PIMS Serving Management Team idem Enterprise Risk Management Team idem Enterprise Info Sec team idem Enterprise IT operations team idem Enterprise Business idem Enterprise Legal support idem Enterprise / DPO or similar Subject PIMS 6.3 / ISMS A6 (IS Org.) Implementer
  • 39. Info • PIMS: privacy & data protection in • contracting • awareness. Special attention to • Reference of data protection in contracting • People are lazy (maintain awareness) • Training IMPORTANT: everyone must be onboard to protect personal data! PIMS 6.4 / ISMS A7 (HR) General
  • 40. Make sure to implement • Asset inventory / CMDB • Not only HW • Also processes • People & knowledge Special attention to • Classification PIMS 6.5 / ISMS A8 (Asset Mgmt) Implementer
  • 41. ISMS labels categ. PIMS lables Serving 0 - Public Non PII/GDPR Enterprise 1 – Internal Enterprise 2 - Strict internal Enterprise 3 - Critical Enterprise (4 – Secret) Enterprise PII Subject Sensitive PII Subject PIMS 6.5 / ISMS A8 (Asset Mgmt) Implementer
  • 42. Must have • Access control policy • User (de)registration Special attention to • PIMS: identity management • PIMS EXPLICIT: • DO NOT RE-USE user IDs PIMS 6.6 / ISMS A9 (Access ctrl.) Implementer
  • 43. Contains • Crypto policy • Special attention to PII treatment Special attention to • Subject information about crypto in • Website, HR, registration systems, storage, backup, … • Disposal of data ! • Evolution of technology in crypto! PIMS 6.7 / ISMS A10 (Crypto) General
  • 44. Must have • Physical security • Security perimeters • Layered security Special attention to • Core protection, starts with physical • Layered security like • Street, outside, perimeter, • public zone, internal zone, restricted zone, high protection core, … • Define : “who can do what and where (and when)” PIMS 6.8 / ISMS A11 (Physicl Sec.) Implementer
  • 45. Special attention to (See previous sessions on PIMS) • Backup • Event logging • Log protection PIMS 6.9 / ISMS A12 (Operations) Implementer Do what you say, say what you do, … … and prove it
  • 46. Make sure to have • Information transfer policy • Vendor / 3rd party / Data processor policy Special attention to • Vendor/processor • Confidentiality • NDA • Incident reporting & feedback PIMS 6.10 / ISMS A13 (Comm.) General
  • 47. Contains • Development policies • SW acquisition requirements Special attention to • Own responsibility • Vendor/processor responsibility • Sec/DP/Privacy by design • Sec/DP/privacy by default PIMS explicit: no PII for testing purposes! PIMS 6.11 / ISMS A14 (Build or buy) Implement
  • 48. Important • Compensate for lack of physical control • Legal control • PIMS : High risk! Special attention to • Policy • Contracts • Expert legal support • Right to audit! PIMS 6.12 / ISMS A15 (Supplier) Implementer
  • 49. Important • Incident register • Incident = failure of system (opportunity for improvement) • PIMS : High risk for data breaches! Special attention to • Policy • Tracking & improvement • Escalation tracks • Exercise, exercise! PIMS 6.13 / ISMS A16 (Incident) Implementer
  • 50. Important • Maintaining data protection & privacy during disaster • BCM vs DRP Special attention to • Exercise • Testing • Vendors PIMS 6.14 / ISMS A17 (BCM) Implementer
  • 51. Pay attention to • Legislation • Contract obligations • Company responsibility (protect yourself) • Subject rights Evidence • Anything we discussed today… PIMS 6.15 / ISMS A18 (Compliance) General
  • 52. The audit view of ISO27701 Focus on evidence
  • 53. Interested parties • ISMS: documentation on business model, mission, vision, … • PIMS: ISMS documentation, privacy notices, .. Type of community What evidence to find? • Mission/Vision • Community • Business model, processes, type of data • Talking to business & customer dept. PIMS 5.2 / ISMS 4 (Context) Auditor
  • 54. Interested parties • ISMS: documentation on business model, mission, vision, … • PIMS: ISMS documentation, privacy notices, .. Type of community How to audit? • Management meetings, agenda, notes, … • Decisions taken • Communication • Approvals & signature of policies, … PIMS 5.3 / ISMS 5 (Leadership) Auditor
  • 55. Look for • ISMS = Risk management • PIMS = Risk management + PIA/DPIA Evidence • Risk sources: incident register, incident reporting, • Track solution of incident • Data breach reporting (confirmed incidents) • Risk register (setup, up to date, ownership, RACI, …) PIMS 5.4 / ISMS 6 (Planning) Auditor
  • 56. ISMS = PIMS • Check for management support • Check for education plan • Check for awareness Evidence • Interview • Management planning • Education, awareness & communication PIMS 5.5 / ISMS 7 (Support) Auditor
  • 57. PIMS 5.6/5.7/5.8 = ISMS 8/9/10 • Operations • Performance • Improvement Evidence • Operations: processed, procedures, … on the floor • Performance: Find the metrics • Improvement: internal audit, new projects, updates, … Other clauses Auditor
  • 58. To check • Policies • SOA Evidence • Setup policies / documentation • Approval of policies • Execution policies • Updates PIMS 6.2 / ISMS A5 Auditor
  • 59. Check for • organigram • Company organisation • RACI • Segregation of duties Evidence • Roles & responsibilities description • Function description incl. ISMS/PIMS tasks • People IN/OUT PIMS 6.3 / ISMS A6 Auditor
  • 60. Info • PIMS: privacy & data protection in • contracting • awareness. Special attention to • Reference of data protection in contracting • People are laze (maintain awareness) • Training IMPORTANT: everyone must be onboard to protect personal data! PIMS 6.4 / ISMS A7 (HR) General
  • 61. Pay attention to • HR IN/OUT vs. IT IN/OUT Evidence • HR • IT security • Privileged account management • General accounts • In/out events • Regular reviews (x times /yr) PIMS 6.6 / ISMS A9 (Access ctrl.) Auditor
  • 62. Contains • Crypto policy • Special attention to PII treatment Special attention to • Subject information about crypto in • Website, HR, registration systems, storage, backup, … • Disposal of data ! PIMS 6.7 / ISMS A10 (Crypto) General
  • 63. Pay attention to • Building • Locations • Entry, • Zones • Equipment, cabling, • 3rd party (!) Evidence • On site visit PIMS 6.8 / ISMS A11 (Physical) Auditor
  • 64. Pay attention to • Tracing of ISMS/PIMS on the floor • People Evidence • Logs • Processes & procedures • Time stamps • Ownership • Meeting minutes • Documentation • …. PIMS 6.9 / ISMS A12 (Operations) Auditor
  • 65. Make sure to have • Information transfer policy • Vendor / 3rd party / Data processor policy Special attention to • Vendor/processor • Confidentiality • NDA • Incident reporting & feedback PIMS 6.10 / ISMS A13 (Communic.) General
  • 66. Pay attention to • PIMS Annex A.7.4 (controller) • PIMS Annex B.8.4 (processor) Evidence • Agreements • Acquisition procedures • Development policies & processes PIMS 6.11 / ISMS A14 (Build or buy) Auditor
  • 67. Pay attention to • Supplier policies • Vendor relations • Vendor contracts Evidence • Vendor negotiations • Vendor contracts • Vendor audits • 3rd party audit reports • Vendor tracking/invoicing • Vendor management updates PIMS 6.12 / ISMS A15 (Supplier) Auditor
  • 68. Pay attention to • Incident management policy • Incident register • Data breach register • Data breach notifications Evidence • Policy meta data (owner, updates, …) • Incident management procedure • Data breach reporting • DPA communications, … PIMS 6.13 / ISMS A16 (Incident) Auditor
  • 69. Pay attention to • Maintaining data protection & privacy during disaster • BCM vs DRP Evidence • BCM planning • DRP plan • Test plans • Exercises • Awareness, training & communication PIMS 6.14 / ISMS A17 (BCM) Auditor
  • 70. Pay attention to • Legislation • Contract obligations • Company responsibility (protect yourself) • Subject rights Evidence • Anything we discussed today… PIMS 6.15 / ISMS A18 (Compliance) General
  • 71. And last but not least… Never done
  • 72. PDCA… Continous improvement Start over again… See you at the next cycle…
  • 73. Q & A Questions & answers
  • 75. Ramping up… Relevant PECB Training courses
  • 76. Check the PECB agenda, select the ISO/IEC 27701 Lead Implementer https://pecb.com/en/partnerEvent/event_schedule_list Training Events For full detailed information about an event click on the ‘View’ button on the right hand side under ‘View full details’. Note: Before applying for any training courses listed below, please make sure you are registered to PECB Training Agenda
  • 77. Relevant Training PECB ISO 27701 Foundation https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27701/iso-iec-27701-foundation PECB ISO 27701 Lead Implementer https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27701/iso-iec-27701-lead-implementer PECB ISO 27701 Lead Auditor https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27701/iso-iec-27701-lead-auditor
  • 78. Relevant Training PECB ISO 27001 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001 Lead Implementer https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27001/iso-iec-27001-lead-implementer Lead Auditor https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27001/iso-iec-27001-lead-auditor
  • 79. Relevant Training PECB ISO 27002 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27002 Lead Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27002/iso-iec-27002-lead-manager
  • 81. Relevant Training PECB ISO29100 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100- privacy-implementer Lead Implementer https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100- privacy-implementer/iso-29100-lead-privacy-implementer
  • 82. Relevant Training PECB ISO27035 - Incident Management https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035 Lead Incident Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035 /iso-iec-27035-lead-incident-manager
  • 83. Relevant Training PECB ISO27005 - Risk Management https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005 Lead Risk Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005 /iso-27005-lead-risk-manager
  • 84. ISO/IEC 27701 Training Courses • ISO/IEC 27701 Foundation 2 Day Course • ISO/IEC 27701 Lead Implementer 5Days Course Exam and certification fees are included in the training price. https://pecb.com/en/education-and-certification-for-individuals/iso- 27701 www.pecb.com/events