SlideShare a Scribd company logo

ISO 27001 In The Age Of Privacy

ControlCase
ControlCase
ControlCaseControlCase

ControlCase Discussed: •What is ISO 27001 •How can companies get ready for ISO 27701 privacy standard •What is the certification process to ISO 27701 •Common challenges

ISO 27001 In The Age Of Privacy

1 of 26
Download to read offline
© 2019 ControlCase All Rights Reserved
ISO 27001 & ISO 27701 In the
Age of Privacy
© 2019 ControlCase All Rights Reserved
Agenda 2
4
2
3
Your IT Compliance
Partner –
Go beyond the
checklist
Introductions
Introduction to ISO 27001, ISO 27701
and ISMS
What is the Certification Process
5
1
Common Challenges
Q&A
© 2019 ControlCase All Rights Reserved
Introductions – ControlCase and KUMA1
© 2019 ControlCase All Rights Reserved
ControlCase Snapshot 4
Certification and ContinuousCompliance Services
Go beyond the auditor’s checklist to:
Dramatically cut the time, cost and burden from becoming certified and
maintaining IT compliance
• Demonstrate compliance more efficiently
and cost effectively (cost certainty)
• Improve efficiencies
• Do more with less resources and gain
compliance peace of mind
• Free up your internal resources to focus
on their priorities
• Offload much of the compliance burden
to a trusted compliance partner
1000+
Clients
275+
Security Experts
10,000+
IT Security Certifications
© 2019 ControlCase All Rights Reserved
Certification Services 5
OneAudit – Collect Once, Certify Many
PCI DSS ISO 27001 &
27002
SOC 1, SOC 2, SOC 3,
& SOC for Cybersecurity HITRUST CSF
HIPAA PCI P2PE GDPR NIST 800-53
PCI PIN PCI PA-DSS FedRAMP PCI 3DS
“You have 27 seconds to make a
first impression. And after our
initial meeting, it became clear
that they were more interested
in helping our business and
building a relationship, not just
getting the business.”
Sr. Director, Information Risk &
Compliance, Large Merchant
Automation-
DrivenSkyCAM
Partnership
Approach
IT Certification
Services
Continuous Compliance
Services
© 2019 ControlCase All Rights Reserved
About Kuma 6
An IndustryLeader in Privacy, Security and Digital Identity Space
Security and Privacy Reimagined:
Proven expertise coupled with extensive subject matter expertise that delivers
value beyond compliance
• Redefine your Privacy Risk Management
and demonstrate value in addition to
meeting compliance requirements
• Unlock business value with our expertise
• Tailored risk management processes
• Superior compliance outcomes coupled
with business value beyond the best
practice.
200,000+
Client Hours
2,000+
Expert Opinions
12,000+
Reviews Conducted
Ad

Recommended

Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowPECB
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 

More Related Content

What's hot

Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.pptHasnolAhmad2
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 

What's hot (20)

ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.ppt
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdf
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
ISO 27701
ISO 27701ISO 27701
ISO 27701
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and You
 

Similar to ISO 27001 In The Age Of Privacy

Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Cloud Standards Customer Council
 
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...DVV Solutions Third Party Risk Management
 
Integrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyIntegrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyControlCase
 
Resume_IshitaKundu_CISA
Resume_IshitaKundu_CISAResume_IshitaKundu_CISA
Resume_IshitaKundu_CISAIshita Kundu
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxControlCase
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001  Isaca Seminar (23 May 08)Iso27001  Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001  Isaca Seminar (23 May 08)Iso27001  Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 

Similar to ISO 27001 In The Age Of Privacy (20)

Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
CV jagroop jagpal
CV jagroop jagpalCV jagroop jagpal
CV jagroop jagpal
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
 
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
 
Integrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyIntegrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to Many
 
Resume_IshitaKundu_CISA
Resume_IshitaKundu_CISAResume_IshitaKundu_CISA
Resume_IshitaKundu_CISA
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
Cv jagroop jagpal
Cv jagroop jagpalCv jagroop jagpal
Cv jagroop jagpal
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptx
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
Qsys Profile
Qsys ProfileQsys Profile
Qsys Profile
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001  Isaca Seminar (23 May 08)Iso27001  Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001  Isaca Seminar (23 May 08)Iso27001  Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 

More from ControlCase

PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfControlCase
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdfControlCase
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfControlCase
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfControlCase
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+  Cyber Insurance Fina.pptxWebinar-MSP+  Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxControlCase
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdfControlCase
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfControlCase
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxControlCase
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST CertificationControlCase
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceControlCase
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance ChecklistControlCase
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudControlCase
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesControlCase
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECControlCase
 
Performing PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesPerforming PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesControlCase
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as UsualControlCase
 
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTControlCase
 

More from ControlCase (20)

PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdf
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+  Cyber Insurance Fina.pptxWebinar-MSP+  Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdf
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST Certification
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust Principles
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIEC
 
Performing PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesPerforming PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust Principles
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as Usual
 
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUST
 

Recently uploaded

Bringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptxBringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptxMaarten Balliauw
 
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...Adrian Sanabria
 
Introduction to Serverless with AWS Lambda in C#.pptx
Introduction to Serverless with AWS Lambda in C#.pptxIntroduction to Serverless with AWS Lambda in C#.pptx
Introduction to Serverless with AWS Lambda in C#.pptxBrandon Minnick, MBA
 
Q1 Memory Fabric Forum: Advantages of Optical CXL​ for Disaggregated Compute ...
Q1 Memory Fabric Forum: Advantages of Optical CXL​ for Disaggregated Compute ...Q1 Memory Fabric Forum: Advantages of Optical CXL​ for Disaggregated Compute ...
Q1 Memory Fabric Forum: Advantages of Optical CXL​ for Disaggregated Compute ...Memory Fabric Forum
 
H3 Platform CXL Solution_Memory Fabric Forum.pptx
H3 Platform CXL Solution_Memory Fabric Forum.pptxH3 Platform CXL Solution_Memory Fabric Forum.pptx
H3 Platform CXL Solution_Memory Fabric Forum.pptxMemory Fabric Forum
 
From eSIMs to iSIMs: It’s Inside the Manufacturing
From eSIMs to iSIMs: It’s Inside the ManufacturingFrom eSIMs to iSIMs: It’s Inside the Manufacturing
From eSIMs to iSIMs: It’s Inside the ManufacturingSoracom Global, Inc.
 
Journey of Television in World & in India
Journey of Television in World & in IndiaJourney of Television in World & in India
Journey of Television in World & in IndiaAdarshAgarwal66
 
My self introduction to know others abut me
My self  introduction to know others abut meMy self  introduction to know others abut me
My self introduction to know others abut meManoj Prabakar B
 
Azure Migration Guide for IT Professionals
Azure Migration Guide for IT ProfessionalsAzure Migration Guide for IT Professionals
Azure Migration Guide for IT ProfessionalsChristine Shepherd
 
Bit N Build Poland
Bit N Build PolandBit N Build Poland
Bit N Build PolandGDSC PJATK
 
Bluetooth Low Energy(BLE) and beacons working
Bluetooth Low Energy(BLE) and beacons workingBluetooth Low Energy(BLE) and beacons working
Bluetooth Low Energy(BLE) and beacons workingshrey Ansh
 
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptxEvolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptxKyle Willson
 
Heltun_HE-RS01_User_Manual_B9AH.pdf
Heltun_HE-RS01_User_Manual_B9AH.pdfHeltun_HE-RS01_User_Manual_B9AH.pdf
Heltun_HE-RS01_User_Manual_B9AH.pdfMarielaL5
 
Navigating the Never Normal Strategies for Portfolio Leaders
Navigating the Never Normal Strategies for Portfolio LeadersNavigating the Never Normal Strategies for Portfolio Leaders
Navigating the Never Normal Strategies for Portfolio LeadersOnePlan Solutions
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch TuesdayIvanti
 
LLMs, LMMs, their Improvement Suggestions and the Path towards AGI.pdf
LLMs, LMMs, their Improvement Suggestions and the Path towards AGI.pdfLLMs, LMMs, their Improvement Suggestions and the Path towards AGI.pdf
LLMs, LMMs, their Improvement Suggestions and the Path towards AGI.pdfThomas Poetter
 
Q1 Memory Fabric Forum: XConn CXL Switches for AI
Q1 Memory Fabric Forum: XConn CXL Switches for AIQ1 Memory Fabric Forum: XConn CXL Switches for AI
Q1 Memory Fabric Forum: XConn CXL Switches for AIMemory Fabric Forum
 
Automate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellenceAutomate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellencePrecisely
 
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...Adrian Sanabria
 

Recently uploaded (20)

Bringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptxBringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptx
 
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
 
Introduction to Serverless with AWS Lambda in C#.pptx
Introduction to Serverless with AWS Lambda in C#.pptxIntroduction to Serverless with AWS Lambda in C#.pptx
Introduction to Serverless with AWS Lambda in C#.pptx
 
Q1 Memory Fabric Forum: Advantages of Optical CXL​ for Disaggregated Compute ...
Q1 Memory Fabric Forum: Advantages of Optical CXL​ for Disaggregated Compute ...Q1 Memory Fabric Forum: Advantages of Optical CXL​ for Disaggregated Compute ...
Q1 Memory Fabric Forum: Advantages of Optical CXL​ for Disaggregated Compute ...
 
H3 Platform CXL Solution_Memory Fabric Forum.pptx
H3 Platform CXL Solution_Memory Fabric Forum.pptxH3 Platform CXL Solution_Memory Fabric Forum.pptx
H3 Platform CXL Solution_Memory Fabric Forum.pptx
 
From eSIMs to iSIMs: It’s Inside the Manufacturing
From eSIMs to iSIMs: It’s Inside the ManufacturingFrom eSIMs to iSIMs: It’s Inside the Manufacturing
From eSIMs to iSIMs: It’s Inside the Manufacturing
 
Journey of Television in World & in India
Journey of Television in World & in IndiaJourney of Television in World & in India
Journey of Television in World & in India
 
My self introduction to know others abut me
My self  introduction to know others abut meMy self  introduction to know others abut me
My self introduction to know others abut me
 
Azure Migration Guide for IT Professionals
Azure Migration Guide for IT ProfessionalsAzure Migration Guide for IT Professionals
Azure Migration Guide for IT Professionals
 
Bit N Build Poland
Bit N Build PolandBit N Build Poland
Bit N Build Poland
 
Bluetooth Low Energy(BLE) and beacons working
Bluetooth Low Energy(BLE) and beacons workingBluetooth Low Energy(BLE) and beacons working
Bluetooth Low Energy(BLE) and beacons working
 
COE AI Lab Universities
COE AI Lab UniversitiesCOE AI Lab Universities
COE AI Lab Universities
 
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptxEvolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
 
Heltun_HE-RS01_User_Manual_B9AH.pdf
Heltun_HE-RS01_User_Manual_B9AH.pdfHeltun_HE-RS01_User_Manual_B9AH.pdf
Heltun_HE-RS01_User_Manual_B9AH.pdf
 
Navigating the Never Normal Strategies for Portfolio Leaders
Navigating the Never Normal Strategies for Portfolio LeadersNavigating the Never Normal Strategies for Portfolio Leaders
Navigating the Never Normal Strategies for Portfolio Leaders
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
LLMs, LMMs, their Improvement Suggestions and the Path towards AGI.pdf
LLMs, LMMs, their Improvement Suggestions and the Path towards AGI.pdfLLMs, LMMs, their Improvement Suggestions and the Path towards AGI.pdf
LLMs, LMMs, their Improvement Suggestions and the Path towards AGI.pdf
 
Q1 Memory Fabric Forum: XConn CXL Switches for AI
Q1 Memory Fabric Forum: XConn CXL Switches for AIQ1 Memory Fabric Forum: XConn CXL Switches for AI
Q1 Memory Fabric Forum: XConn CXL Switches for AI
 
Automate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellenceAutomate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center Excellence
 
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...
 

ISO 27001 In The Age Of Privacy

  • 1. © 2019 ControlCase All Rights Reserved ISO 27001 & ISO 27701 In the Age of Privacy
  • 2. © 2019 ControlCase All Rights Reserved Agenda 2 4 2 3 Your IT Compliance Partner – Go beyond the checklist Introductions Introduction to ISO 27001, ISO 27701 and ISMS What is the Certification Process 5 1 Common Challenges Q&A
  • 3. © 2019 ControlCase All Rights Reserved Introductions – ControlCase and KUMA1
  • 4. © 2019 ControlCase All Rights Reserved ControlCase Snapshot 4 Certification and ContinuousCompliance Services Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies • Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1000+ Clients 275+ Security Experts 10,000+ IT Security Certifications
  • 5. © 2019 ControlCase All Rights Reserved Certification Services 5 OneAudit – Collect Once, Certify Many PCI DSS ISO 27001 & 27002 SOC 1, SOC 2, SOC 3, & SOC for Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST 800-53 PCI PIN PCI PA-DSS FedRAMP PCI 3DS “You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business.” Sr. Director, Information Risk & Compliance, Large Merchant Automation- DrivenSkyCAM Partnership Approach IT Certification Services Continuous Compliance Services
  • 6. © 2019 ControlCase All Rights Reserved About Kuma 6 An IndustryLeader in Privacy, Security and Digital Identity Space Security and Privacy Reimagined: Proven expertise coupled with extensive subject matter expertise that delivers value beyond compliance • Redefine your Privacy Risk Management and demonstrate value in addition to meeting compliance requirements • Unlock business value with our expertise • Tailored risk management processes • Superior compliance outcomes coupled with business value beyond the best practice. 200,000+ Client Hours 2,000+ Expert Opinions 12,000+ Reviews Conducted
  • 7. © 2019 ControlCase All Rights Reserved Risk Management Consulting Services of Kuma 7
  • 8. © 2019 ControlCase All Rights Reserved More About KUMA 8 National Strategy for Trusted Identities in Cyberspace  Supported the development of the White House Strategy NIST Privacy Risk Assessment Methodology & NIST Privacy Framework  Supported the development of the PRAM  Premier national expert in PRAM  Implementation of NIST Privacy Framework – first in the nation Security and Privacy Requirements, Identity Ecosystem Framework  Supported the development of the Identity Ecosystem Steering Group’s Security and Privacy Requirements Assessment and Audit Expertise  Certified Federal Identity, Credential and Access Management (US FICAM) Auditor  Certified HIPAA Privacy Security Expert (CHPSE)  Numerous technology audits and risk assessments including ISO27000, FedRamp, HITRUST, etc. Sought-after public speakers for national and international forums
  • 9. © 2019 ControlCase All Rights Reserved Introduction to ISO 27001, ISO 27701 and ISMS2
  • 10. © 2019 ControlCase All Rights Reserved Introduction to ISO 27001, ISO 27701 and ISMS ? 10 • Necessary modifications to the ISMS (Clause 5) PIMS-specific guidance related to ISO/IEC 27001 • Additional information security controls (Clause 6) PIMS-specific guidance related to ISO/IEC 27002 • Additional controls for PII controllers (Clause 7) PIMS-specific guidance for PII controllers • ISO/IEC 27001 is an information security standard, part of the ISO/IEC 27000 family of standards. • ISO/IEC 27701 is a privacy extension to ISO/IEC 27001 and ISO/IEC 27002 and provides additional guidance for the protection of privacy, which is potentially affected by the collection and processing of personal information. • An ISMS (Information Security Management Systems) is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes. • Additional controls for PII processors (Clause 8) PIMS-specific guidance for PII processors • Informative Mappings Part of the 6 Annexes to the standard Structure of ISO/IEC 27701 A Brief about the Standards
  • 11. © 2019 ControlCase All Rights Reserved What's covered in ISO 27001 11 Information Security Policies Organization of Information Security Human resource security Asset management Access control Cryptography Physical and environmental security Operations security Communications security SDLC Supplier relationships Incident management Business continuity Compliance
  • 12. © 2019 ControlCase All Rights Reserved Privacy Add-on Assessment (ISO 27701) 12  Additional assessment time required  Depends on the entity being a PII controller or PII processor or both  PII Controller  Covers areas like contracts and obligations to consumer  Covers retention and disposal objectives  PII Processor Covers areas such as marketing and advertising use Covers inter-organization and inter-country rules of PII
  • 13. © 2019 ControlCase All Rights Reserved ControlCase/KUMA Certification Process5
  • 14. © 2019 ControlCase All Rights Reserved ControlCase/ KUMA Certification Methodology 14 KUMA Readiness and Pre- Assessment • Consolidated Pre-Assessment (ControlCase 250 Assessment) • Using SkyCAM and Integrated Checklist • Evaluation of policies and procedures • Exit this phase only once you are fully ready for Stage 1 and Stage 2 Phase 2a ISO Stage 1 Audit • Stage 1 Onsite Phase 2b ISO Stage 2 Audit • Stage 2 Onsite Deliverables • ISO Certificate issued • Extension Documents
  • 15. © 2019 ControlCase All Rights Reserved Readiness: Getting Ready for Privacy Leadership with ISO 27701 15 • PII Management based on a global standard - Standardized requirements ensure consistency - Globally recognized way of managing PII • Trustworthy PII management & reduced complexity - Enhances stakeholder and end user trust - Provides an ability to integrate with ISMS An organization's Privacy risk management bar can be significantly raised by aligning the privacy practices with ISO 27701. Along with streamlined PII management, aligning to the standard can bring myriad benefits that can enable the state of the art at the organization. • Effective business agreements & Transparency - Evidence related to PII management speaks for itself - Enhanced transparency for business & stakeholders • Superior compliance outcomes & multi-party collaboration - Well defined artefacts, roles and responsibilities - Seamless direct alignment with global requirements such as GDPR Superior Outcomes Planning & Scoping Readiness Assessment Evaluate Implementation of ISMS Report on Findings and remediation tasks 1 2 3 4 5 6 Evaluate Implementation of Controls Evaluate Implementation of ISO 27701 specific controls
  • 16. © 2019 ControlCase All Rights Reserved Stage 1, Stage 2 and Surveillance Audits 16 • Stage 1 Onsite Audit - 2 to 5 days - To be done in Year 1 Only • Stage 2 Onsite Audit - 1 to 3 days - To be done in Year 1 • Surveillance Audits - 1 to 3 days - To be done in Year 2 and 3 ISO 27001 certifications have been happening for a long time. ISO 27701 (privacy) is a recent add-on/extension.
  • 17. © 2019 ControlCase All Rights Reserved ControlCase ISO 27001/27701 Questions 17 Common ISO Scoping Questions (6 questions) ISO 27001 Assessment Questions (98 questions) ISO 27701 Addon Assessment Questions (54 questions) Document Release Questions (4 questions) Total : 162 questions
  • 18. © 2019 ControlCase All Rights Reserved Common Challenges6
  • 19. © 2019 ControlCase All Rights Reserved Compliance Challenges In General Proving and maintaining compliance places a significant burden on organizations Takes people away from their core responsibilities Strains already taxed resources Organizations struggle with: Dealing with multiple regulations Keeping up with changing regulations & compliance requirements Understanding & translating compliance frameworks The time spent preparing for audits The lack of visibility into their compliance posture
  • 20. © 2019 ControlCase All Rights Reserved Common Challenges to ISO 27001/27701 20 Business Associate • Agreements to be formalized • Vendor management process Vulnerability Management • Periodic vulnerability management • Patching devices • Application code rewrite Logging & Monitoring • 24X7X365 monitoring • Managing volume of logs Encryption • Encryption of PII PII Policies and Training • Annual training • Documented PII policies and procedures
  • 21. © 2019 ControlCase All Rights Reserved Why ControlCase/Kuma5
  • 22. © 2019 ControlCase All Rights Reserved Why Kuma: One stop shop for Privacy and security expertise 22 • Extensive experience with ISO standards - Experience of ISO standardization across industries - End-to-end ISO PDCA cycle experience • Certified ISO Lead Auditors & Resources - Availability of inhouse ISO Lead Auditors - Gold standard privacy certified professionals • Cross-domain expertise: Privacy & Security - Ability to cross-walk between multiple domains - Tighter integration between Privacy and Security aspects Kuma specializes in transforming the risk posture of its clients by implementing globally renowned ISO standards. With end to end capabilities in the standardization space, Kuma is poised to deliver unmatched value.
  • 23. © 2019 ControlCase All Rights Reserved Kuma’s Value Delivery with ISO 27701 23 • Redefine your Privacy Risk Management - Proven risk management methodology - Benchmarked PII management process • Unlock business value with our expertise - Reap value from the gold standard - Business enabler & qualification criteria • Optimize the organization’s resources - Tailored privacy risk management process - Continuity from strategy to operations Kuma brings industry leading expertise that redefines the way your organization handles privacy risk. Superior compliance outcomes coupled with business value can be derived when you look beyond the best practice. Optimized resources are just another spin-off of the value delivery.
  • 24. © 2019 ControlCase All Rights Reserved ControlCase Certification Outcomes 24 “It’s a challenge keeping up with the changing compliance landscape. Given that we had GDPR and now the California data privacy law, not to mention HIPAA and others, there are a lot of regulations and frameworks to keep up with and a lot of time spent preparing for audits. That puts a lot of overhead and strain on me and my team. We don’t just don’t have the expertise or time to keep up. Before ControlCase “We cut audit prep time by 70% using KUMA. It was their partner approach to us; a combination of their expertise, their responsiveness and automation. They brought us great ideas on how to streamline our process, and we were able to take advantage of automated data collection. And, their IT Compliance Portal gave us visibility throughout the entire process. Another thing - We don’t look at compliance as a once a year event, and now, with ControlCase’s Continuous Compliance services, we have the visibility into what’s in compliance and what’s not all year long. We can quickly remediate an issue before it becomes a security threat.” With KUMA Cut audit prep time by 70%
  • 25. © 2019 ControlCase All Rights Reserved Summary – Why ControlCase 25 “They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us.” Dir. of Compliance, SaaS company Your IT Compliance Partner – Go beyond the auditor’s checklist Partnership Approach SkyCAM IT Compliance Portal Automation driven Continuous Compliance Services
  • 26. © 2019 ControlCase All Rights Reserved Email contact@controlcase.com Telephone Americas +1.703-483-6383 India: +91.22.50323006 Social Media Conection Suport www.facebook.com/user www.linkin.com/user Visit our website www.controlcase.com THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM