SlideShare a Scribd company logo
• Introduction
• Before we start…
• ISO27001 implementation vs audit
• ISMS vs PIMS, in practice
• The implementer view
• The auditor view
• Q & A
Agenda
Introduction
Peter Geelen (CyberMinute)
• 20+ years experience in security
• Enterprise Security & IAM
• Cybersecurity
• Data Protection & Privacy
• Incident management, Disaster Recovery
• Trainer, coach, auditor
• ISO27001 Master & Lead ISO27002
• ISO27701 Lead Impl. & Lead Auditor
• Certified DPO & Fellow In Privacy
• Lead Incident Mgr & Disaster Recovery
• ISO27032 Sr. Lead Cybersecurity Mgr
• Lead ISO27005 (Risk Mgmt)
• Accredited ISO27001/9001
Lead auditor
• Accredited Security Trainer
My experience Certification Accreditation
http://www.cyberminute.com
https://ffwd2.me/pgeelen
More info (LinkedIn):
peter@cyberminute.com
Stefan Mathuvis (QMA)
• 20 years experience in security
• Quality Management
• Quality Auditor
• Cybersecurity
• Security, Data Protection & Privacy
• Trainer, coach, auditor
• ISO27001 Lead Auditor
• ISO9001 Lead Auditor
• Lead auditor ESD & GDP Pharma
• Lead auditor GQS
• CDPO
• Master trainer DGQ
• Accredited ISO27001 lead
auditor
• Accredited 9001 Lead
auditor
My experience Certification Accreditation
http://www.qma.be
https://ffwd2.me/stefan
More info (LinkedIn):
Stefan@qma.be
Before we start…
Previous session recap
• Quick Guide to ISO/IEC 27701-The Newest Privacy Information Standard
• PECB: https://pecb.com/past-webinars/quick-guide-to-isoiec-27701-the-newest-
privacy-information-standard
• Recording: https://youtu.be/ilw4UmMSlU4
• Slideshare: https://www.slideshare.net/PECBCERTIFICATION/quick-guide-to-
isoiec-27701-the-newest-privacy-information-standard
• ISO/IEC 27701 vs GDPR - What you need to know
• PECB: https://pecb.com/past-webinars/isoiec-27701-vs-gdpr-what-you-need-to-
know
• Recording: https://www.youtube.com/watch?v=P80So3ryvJ8
• Slideshare: https://www.slideshare.net/PECBCERTIFICATION/isoiec-27701-vs-
gdpr-what-you-need-to-know
For other webinars, see: https://pecb.com/en/webinars
Recap: Previous sessions
• Remember ISO27001
• ISMS, Information Security (Management System)
• 10 Clauses
• 114 controls
• Based on PDCA
Recap: ISO27001 structure
Act Plan
DoCheck
ISO27001 main principle: PDCA
Time
Quality
Improvement
Quality
Assurance
Standard
Quality
Assurance
StandardAct Plan
DoCheck
Source: ISO9001-2015
Did you know…
Source: PECB ISO27001 Lead Implementer
PDCA in ISO27001
clause 6
Planning
clause 9
Performance
evaluation
clause 10
Improvement
clause 8
Operation
Clause 4
Context of the organization
Clause 7
Support
Clause 5
Leadership
Annex A - Control objectives and controls
Extension to ISO27001 (ISMS)
• Information security Management system
• + Extension to privacy
• + interpretation for GDPR
= PIMS
(Privacy Information Management system)
ISO27701 (PIMS)
Naming convention
To avoid any confusion:
• ISMS refers to ISO27001
• PIMS refers to ISO27701 (on top of ISO27001)
For this session…
ISMS implementation vs audit
Opposite or complementary?
Officially starts with external audit but….
• You can use the audit techniques during initial implementation
• Implement pre-stage audit
• Internal audit is needed (official requirement)
• System must have sufficient track record before initial audit
After initial audit
• Yearly surveillance
• 3 year cycle to renewal
• Continuous maintenance (also for internal audit)
• Continuous improvement
The ISO audit lifecycle…
Initial audit
• “Get in control”
• Passing the mark
• Basic maturity (ref. CMMI … level 3)
• Room for growth and maturity
Surveillance audit (+ recertification)
• “Stay in control”
• Focus on improvement
• Increasing maturity
• Based on metrics and measurement…
The ISO audit lifecycle…
Starts long before the external audit
• To use the audit techniques during initial
• Pre-stage audit
• Internal audit needed (official requirement)
Doesn’t stop after initial external audit
• Maintenance
The implementation lifecycle…
When starting in ISMS implementation
• It takes time to adapt business processes to ISO approach
• Focus on evidence..
• Not only documentation,
• but also operational results that can be tracked
• People that know how ISMS plugs in to their work
Audit
• Not just a check list, but focus on results
• Based on evidence (double evidence)
• Advisory function (but not consulting)
Hints and tips
ISMS to PIMS, in practice.
Getting the mind shift right…
When shifting from ISMS to PIMS
• It’s no more about “enterprise only” data
• It’s ALSO about “personal data’
• On top of it…
Meaning, you’re in the lead with enterprise data, in ISMS.
The subject is in the lead when handling personal data… in PIMS
(Strong legislation giving power to subject.)
Fundamental change in approach
ISMS
Fundamental change in mindset & environment
ISMS ISMS
PIMS
The implementer/audit view of PIMS
Recap from previous sessions.
Auditor vs implementer
• If you know how the audit works, you know better what to
implement
• Both in the right spirit
• Results based,
• not check list based
• Growth mindset
• Not perfect at first step
• Better done than perfect
• Think big, act small…
Why is this important?
• The audit cycle pushes the implementation of PDCA
• Continuous improvement
• Step by step
• Have an independent / external view
• Keep the helicopter view, with good relation between
• Business
• IT
• DPO
• Legal
The auditor view helps to…
• Include audit considerations from the start
• Involve audit throughout the project
• Internal audit vs external audit
• External audit
• mostly end stage (before you restart the cycle)
• Certification target
• Internal audit
• Separate department
• Why not cross check? (cross-department)
• External auditor (but still under authority of data controller)
Some practical hints
• Look at the external auditor as advisor
• Not a checklist dummy
• [NOT consultant ;) ]
• Find the right auditor for you, YOU choose
• Experience, expertise
• Right mindset (continuous improvement)
• Focus on getting results
• CMMI: 1… 2… 3… 4… 5…
Some practical hints
Recap: ISO27701 mapping to ISO27001
4.3 ISO27001 requirements (ISO27701 Clause 5)
ISO27701 Topic ISO27001 Remark
5.2 Context of organisation 4 Changed
5.3 Leadership 5 Direct
5.4 Planning 6 Changed
5.5 Support 7 Direct
5.6 Operation 8 Direct
5.7 Performance evaluation 9 Direct
5.8 Improvement 10 Direct
Recap: ISO27701 mapping to ISO27001
4.3 ISO27002 requirements (ISO27701 Clause 6)
ISO27701 Topic ISO27002 Remark
6.2 Policies 5 Changed
6.3 Organisation 6 Changed
6.4 HR 7 Changed
6.5 Asset Management 8 Changed
6.6 Access Control 9 Changed
6.7 Cryptography 10 Changed
6.8 Physical and environment 11 Changed
Recap: ISO27701 mapping to ISO27001
4.3 ISO27002 requirements (ISO27701 Clause 6)
ISO27701 Topic ISO27002 Remark
6.9 Operations 12 Changed
6.10 Communications 13 Changed
6.11 Acquisition, Dev & mainten. 14 Changed
6.12 Suppliers 15 Changed
6.13 Incident Mgmt 16 Changed
6.14 Business Continuity 17 Direct
6.15 Compliance 18 Changed
The implementer view of ISO27701
Quick tour: special attention
Interested parties
• ISMS: Mainly enterprise, contractual, customers, … bit of employee
• PIMS: strong focus on subject data, in any type
Different approach
• High impact regulation
• Worldwide
• Very powerful individual
• Define goal, vision, mission & strategy
• Documentation!
PIMS 5.2 / ISMS 4 (Context) Implementer
Interested parties
• ISMS: vision, commitment, policy, RACI,
• PIMS: accountability (ref. GDPR)
Make sure to
• Organize regular management meetings
• Plan agenda, take notes, …
• Register Decisions taken
• Plan Communication, incl. all interested parties (incl. external)
• Make sure mgmt. takes responsibility.
• Make them accountable, …
PIMS 5.3 / ISMS 5 (Leadership) Implementer
EXTREMELY IMPORTANT
• ISMS: risk management is CORE requirement
• PIMS: PIA, DPIA (GDPR)
You must
• Have a risk register
• Setup Risk management system (not the software, but the process)
• Maintain risk management
HINT: how to assess risk in EXISTING environment?
(New processes, update of existing processes and regular basis)
PIMS 5.4 / ISMS 6 (Planning) Implementer
ISMS = PIMS, you must have
• resources
• Competence
• Awareness, communication & education
• Documentation
You need
• Budget
• People
• Time
PIMS 5.5 / ISMS 7 (Support) Implementer
PIMS 5.6/5.7/5.8 = ISMS 8/9/10
• Operations
• Performance
• Improvement
You need
• Operations: Info security / Data protection / Privacy in your DNA
• Performance: plan for metrics and measure (CMMI 4)
• Improvement: CONTINUOUSLY
Other clauses Implementer
Policies
• ISMS ISO27002 (114 controls + …)
• PIMS ISO27002 + ISO27701
• ISMS prefix “A” = ISO27002
• Measures
• Controls
• For security we need PPT = people, process & technology
PIMS 6 / ISMS Annex
Policies
• ISMS ISO27002 (114 controls + …)
• PIMS ISO27002 + ISO27002 ;..
Tasks
• Setup policies / documentation
• Approve policies
• Execute policies
• Update policies on a regular basis
PIMS 6.2 / ISMS A5 Implementer
ISMS PIMS Serving
Management Team idem Enterprise
Risk Management Team idem Enterprise
Info Sec team idem Enterprise
IT operations team idem Enterprise
Business idem Enterprise
Legal support idem Enterprise
/ DPO or similar Subject
PIMS 6.3 / ISMS A6 (IS Org.) Implementer
Info
• PIMS: privacy & data protection in
• contracting
• awareness.
Special attention to
• Reference of data protection in contracting
• People are lazy (maintain awareness)
• Training
IMPORTANT: everyone must be onboard to protect personal data!
PIMS 6.4 / ISMS A7 (HR) General
Make sure to implement
• Asset inventory / CMDB
• Not only HW
• Also processes
• People & knowledge
Special attention to
• Classification
PIMS 6.5 / ISMS A8 (Asset Mgmt) Implementer
ISMS labels categ. PIMS lables Serving
0 - Public Non PII/GDPR Enterprise
1 – Internal Enterprise
2 - Strict internal Enterprise
3 - Critical Enterprise
(4 – Secret) Enterprise
PII Subject
Sensitive PII Subject
PIMS 6.5 / ISMS A8 (Asset Mgmt) Implementer
Must have
• Access control policy
• User (de)registration
Special attention to
• PIMS: identity management
• PIMS EXPLICIT:
• DO NOT RE-USE user IDs
PIMS 6.6 / ISMS A9 (Access ctrl.) Implementer
Contains
• Crypto policy
• Special attention to PII treatment
Special attention to
• Subject information about crypto in
• Website, HR, registration systems, storage, backup, …
• Disposal of data !
• Evolution of technology in crypto!
PIMS 6.7 / ISMS A10 (Crypto) General
Must have
• Physical security
• Security perimeters
• Layered security
Special attention to
• Core protection, starts with physical
• Layered security like
• Street, outside, perimeter,
• public zone, internal zone, restricted zone, high protection core, …
• Define : “who can do what and where (and when)”
PIMS 6.8 / ISMS A11 (Physicl Sec.) Implementer
Special attention to (See previous sessions on PIMS)
• Backup
• Event logging
• Log protection
PIMS 6.9 / ISMS A12 (Operations) Implementer
Do what you say,
say what you do, …
… and prove it
Make sure to have
• Information transfer policy
• Vendor / 3rd party / Data processor policy
Special attention to
• Vendor/processor
• Confidentiality
• NDA
• Incident reporting & feedback
PIMS 6.10 / ISMS A13 (Comm.) General
Contains
• Development policies
• SW acquisition requirements
Special attention to
• Own responsibility
• Vendor/processor responsibility
• Sec/DP/Privacy by design
• Sec/DP/privacy by default
PIMS explicit: no PII for testing purposes!
PIMS 6.11 / ISMS A14 (Build or buy) Implement
Important
• Compensate for lack of physical control
• Legal control
• PIMS : High risk!
Special attention to
• Policy
• Contracts
• Expert legal support
• Right to audit!
PIMS 6.12 / ISMS A15 (Supplier) Implementer
Important
• Incident register
• Incident = failure of system (opportunity for improvement)
• PIMS : High risk for data breaches!
Special attention to
• Policy
• Tracking & improvement
• Escalation tracks
• Exercise, exercise!
PIMS 6.13 / ISMS A16 (Incident) Implementer
Important
• Maintaining data protection & privacy during disaster
• BCM vs DRP
Special attention to
• Exercise
• Testing
• Vendors
PIMS 6.14 / ISMS A17 (BCM) Implementer
Pay attention to
• Legislation
• Contract obligations
• Company responsibility (protect yourself)
• Subject rights
Evidence
• Anything we discussed today…
PIMS 6.15 / ISMS A18 (Compliance) General
The audit view of ISO27701
Focus on evidence
Interested parties
• ISMS: documentation on business model, mission, vision, …
• PIMS: ISMS documentation, privacy notices, .. Type of community
What evidence to find?
• Mission/Vision
• Community
• Business model, processes, type of data
• Talking to business & customer dept.
PIMS 5.2 / ISMS 4 (Context) Auditor
Interested parties
• ISMS: documentation on business model, mission, vision, …
• PIMS: ISMS documentation, privacy notices, .. Type of community
How to audit?
• Management meetings, agenda, notes, …
• Decisions taken
• Communication
• Approvals & signature of policies, …
PIMS 5.3 / ISMS 5 (Leadership) Auditor
Look for
• ISMS = Risk management
• PIMS = Risk management + PIA/DPIA
Evidence
• Risk sources: incident register, incident reporting,
• Track solution of incident
• Data breach reporting (confirmed incidents)
• Risk register (setup, up to date, ownership, RACI, …)
PIMS 5.4 / ISMS 6 (Planning) Auditor
ISMS = PIMS
• Check for management support
• Check for education plan
• Check for awareness
Evidence
• Interview
• Management planning
• Education, awareness & communication
PIMS 5.5 / ISMS 7 (Support) Auditor
PIMS 5.6/5.7/5.8 = ISMS 8/9/10
• Operations
• Performance
• Improvement
Evidence
• Operations: processed, procedures, … on the floor
• Performance: Find the metrics
• Improvement: internal audit, new projects, updates, …
Other clauses Auditor
To check
• Policies
• SOA
Evidence
• Setup policies / documentation
• Approval of policies
• Execution policies
• Updates
PIMS 6.2 / ISMS A5 Auditor
Check for
• organigram
• Company organisation
• RACI
• Segregation of duties
Evidence
• Roles & responsibilities description
• Function description incl. ISMS/PIMS tasks
• People IN/OUT
PIMS 6.3 / ISMS A6 Auditor
Info
• PIMS: privacy & data protection in
• contracting
• awareness.
Special attention to
• Reference of data protection in contracting
• People are laze (maintain awareness)
• Training
IMPORTANT: everyone must be onboard to protect personal data!
PIMS 6.4 / ISMS A7 (HR) General
Pay attention to
• HR IN/OUT vs. IT IN/OUT
Evidence
• HR
• IT security
• Privileged account management
• General accounts
• In/out events
• Regular reviews (x times /yr)
PIMS 6.6 / ISMS A9 (Access ctrl.) Auditor
Contains
• Crypto policy
• Special attention to PII treatment
Special attention to
• Subject information about crypto in
• Website, HR, registration systems, storage, backup, …
• Disposal of data !
PIMS 6.7 / ISMS A10 (Crypto) General
Pay attention to
• Building
• Locations
• Entry,
• Zones
• Equipment, cabling,
• 3rd party (!)
Evidence
• On site visit
PIMS 6.8 / ISMS A11 (Physical) Auditor
Pay attention to
• Tracing of ISMS/PIMS on the floor
• People
Evidence
• Logs
• Processes & procedures
• Time stamps
• Ownership
• Meeting minutes
• Documentation
• ….
PIMS 6.9 / ISMS A12 (Operations) Auditor
Make sure to have
• Information transfer policy
• Vendor / 3rd party / Data processor policy
Special attention to
• Vendor/processor
• Confidentiality
• NDA
• Incident reporting & feedback
PIMS 6.10 / ISMS A13 (Communic.) General
Pay attention to
• PIMS Annex A.7.4 (controller)
• PIMS Annex B.8.4 (processor)
Evidence
• Agreements
• Acquisition procedures
• Development policies & processes
PIMS 6.11 / ISMS A14 (Build or buy) Auditor
Pay attention to
• Supplier policies
• Vendor relations
• Vendor contracts
Evidence
• Vendor negotiations
• Vendor contracts
• Vendor audits
• 3rd party audit reports
• Vendor tracking/invoicing
• Vendor management updates
PIMS 6.12 / ISMS A15 (Supplier) Auditor
Pay attention to
• Incident management policy
• Incident register
• Data breach register
• Data breach notifications
Evidence
• Policy meta data (owner, updates, …)
• Incident management procedure
• Data breach reporting
• DPA communications, …
PIMS 6.13 / ISMS A16 (Incident) Auditor
Pay attention to
• Maintaining data protection & privacy during disaster
• BCM vs DRP
Evidence
• BCM planning
• DRP plan
• Test plans
• Exercises
• Awareness, training & communication
PIMS 6.14 / ISMS A17 (BCM) Auditor
Pay attention to
• Legislation
• Contract obligations
• Company responsibility (protect yourself)
• Subject rights
Evidence
• Anything we discussed today…
PIMS 6.15 / ISMS A18 (Compliance) General
And last but not least…
Never done
PDCA… Continous improvement
Start over again…
See you at the next cycle…
Q & A
Questions & answers
Appendix
Ramping up…
Relevant PECB Training courses
Check the PECB agenda, select the ISO/IEC 27701 Lead
Implementer
https://pecb.com/en/partnerEvent/event_schedule_list
Training Events
For full detailed information about an event click on the ‘View’ button on the right hand
side under ‘View full details’.
Note: Before applying for any training courses listed below, please make sure you are
registered to PECB
Training Agenda
Relevant Training
PECB ISO 27701 Foundation
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27701/iso-iec-27701-foundation
PECB ISO 27701 Lead Implementer
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27701/iso-iec-27701-lead-implementer
PECB ISO 27701 Lead Auditor
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27701/iso-iec-27701-lead-auditor
Relevant Training
PECB ISO 27001
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Lead Implementer
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27001/iso-iec-27001-lead-implementer
Lead Auditor
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27001/iso-iec-27001-lead-auditor
Relevant Training
PECB ISO 27002
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27002
Lead Manager
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27002/iso-iec-27002-lead-manager
Relevant Training
PECB GDPR
https://pecb.com/en/education-and-certification-for-individuals/gdpr
CDPO
https://pecb.com/en/education-and-certification-for-individuals/gdpr/certified-
data-protection-officer
Relevant Training
PECB ISO29100
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100-
privacy-implementer
Lead Implementer
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100-
privacy-implementer/iso-29100-lead-privacy-implementer
Relevant Training
PECB ISO27035 - Incident Management
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035
Lead Incident Manager
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035
/iso-iec-27035-lead-incident-manager
Relevant Training
PECB ISO27005 - Risk Management
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005
Lead Risk Manager
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005
/iso-27005-lead-risk-manager
ISO/IEC 27701
Training Courses
• ISO/IEC 27701 Foundation
2 Day Course
• ISO/IEC 27701 Lead Implementer
5Days Course
Exam and certification fees are included in the training price.
https://pecb.com/en/education-and-certification-for-individuals/iso-
27701
www.pecb.com/events
THANK YOU
?
info@cyberminute.com CyberMinute
Stefan Mathuvisstefan@qma.be

More Related Content

What's hot

ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListSriramITISConsultant
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesCertification Europe
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 

What's hot (20)

ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_List
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and Challenges
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
ISO 27701
ISO 27701ISO 27701
ISO 27701
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
 

Similar to Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation

ISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access PassISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access PassA-lign
 
ISO Auditing: What Is It and Why Should You Consider It?
ISO Auditing: What Is It and Why Should You Consider It?ISO Auditing: What Is It and Why Should You Consider It?
ISO Auditing: What Is It and Why Should You Consider It?Triumvirate Environmental
 
ISO 27001-Manage IT Risks and Build Customer Confidence
ISO 27001-Manage IT Risks and Build Customer ConfidenceISO 27001-Manage IT Risks and Build Customer Confidence
ISO 27001-Manage IT Risks and Build Customer ConfidenceAl Abbas, PMP, CISSP, MBA, MSc
 
ISO 90012008 Understanding and Internal Auditing.ppt
ISO 90012008 Understanding and Internal Auditing.pptISO 90012008 Understanding and Internal Auditing.ppt
ISO 90012008 Understanding and Internal Auditing.pptFirozKhan158275
 
The Basics of ISO Certification
The Basics of ISO CertificationThe Basics of ISO Certification
The Basics of ISO CertificationDozuki Software
 
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...IEVISION IT SERVICES Pvt. Ltd
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...PECB
 
Why iso 27001_awareness_presentation_en
Why iso 27001_awareness_presentation_enWhy iso 27001_awareness_presentation_en
Why iso 27001_awareness_presentation_enSelby Wilson
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 
PECB Webinar: ISO Internal Audits - A signpost to ISO compliance
PECB Webinar: ISO Internal Audits - A signpost to ISO compliancePECB Webinar: ISO Internal Audits - A signpost to ISO compliance
PECB Webinar: ISO Internal Audits - A signpost to ISO compliancePECB
 
O365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicO365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicNCCOMMS
 
ISO_9001_Mangement_Briefing.pptx
ISO_9001_Mangement_Briefing.pptxISO_9001_Mangement_Briefing.pptx
ISO_9001_Mangement_Briefing.pptxukavathekar
 
Certification Body Approach to ISO 9001:2015 by NQA
Certification Body Approach to ISO 9001:2015 by NQACertification Body Approach to ISO 9001:2015 by NQA
Certification Body Approach to ISO 9001:2015 by NQANQA
 

Similar to Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation (20)

ISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access PassISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access Pass
 
ISO Auditing: What Is It and Why Should You Consider It?
ISO Auditing: What Is It and Why Should You Consider It?ISO Auditing: What Is It and Why Should You Consider It?
ISO Auditing: What Is It and Why Should You Consider It?
 
ISO 27001-Manage IT Risks and Build Customer Confidence
ISO 27001-Manage IT Risks and Build Customer ConfidenceISO 27001-Manage IT Risks and Build Customer Confidence
ISO 27001-Manage IT Risks and Build Customer Confidence
 
ISO 90012008 Understanding and Internal Auditing.ppt
ISO 90012008 Understanding and Internal Auditing.pptISO 90012008 Understanding and Internal Auditing.ppt
ISO 90012008 Understanding and Internal Auditing.ppt
 
The Basics of ISO Certification
The Basics of ISO CertificationThe Basics of ISO Certification
The Basics of ISO Certification
 
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
 
Iso 27001 lead implementer
Iso 27001 lead implementerIso 27001 lead implementer
Iso 27001 lead implementer
 
Iso 27001 lead implementer in al ahmadi
Iso 27001 lead implementer in al ahmadiIso 27001 lead implementer in al ahmadi
Iso 27001 lead implementer in al ahmadi
 
Iso 27001 lead implementer training in kuwaitcity
Iso 27001 lead implementer training in kuwaitcityIso 27001 lead implementer training in kuwaitcity
Iso 27001 lead implementer training in kuwaitcity
 
Damco iso 27001
Damco iso   27001Damco iso   27001
Damco iso 27001
 
Iso 27001 lead auditor
Iso 27001 lead auditorIso 27001 lead auditor
Iso 27001 lead auditor
 
Why iso 27001_awareness_presentation_en
Why iso 27001_awareness_presentation_enWhy iso 27001_awareness_presentation_en
Why iso 27001_awareness_presentation_en
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
 
PECB Webinar: ISO Internal Audits - A signpost to ISO compliance
PECB Webinar: ISO Internal Audits - A signpost to ISO compliancePECB Webinar: ISO Internal Audits - A signpost to ISO compliance
PECB Webinar: ISO Internal Audits - A signpost to ISO compliance
 
O365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicO365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav Lulic
 
ISO_9001_Mangement_Briefing.pptx
ISO_9001_Mangement_Briefing.pptxISO_9001_Mangement_Briefing.pptx
ISO_9001_Mangement_Briefing.pptx
 
Damco iso 27001
Damco iso   27001Damco iso   27001
Damco iso 27001
 
Damco iso 27001
Damco iso   27001Damco iso   27001
Damco iso 27001
 
Certification Body Approach to ISO 9001:2015 by NQA
Certification Body Approach to ISO 9001:2015 by NQACertification Body Approach to ISO 9001:2015 by NQA
Certification Body Approach to ISO 9001:2015 by NQA
 

More from PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 

More from PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 

Recently uploaded

Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17Celine George
 
Basic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
Basic Civil Engg Notes_Chapter-6_Environment Pollution & EngineeringBasic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
Basic Civil Engg Notes_Chapter-6_Environment Pollution & EngineeringDenish Jangid
 
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdfINU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdfbu07226
 
The Benefits and Challenges of Open Educational Resources
The Benefits and Challenges of Open Educational ResourcesThe Benefits and Challenges of Open Educational Resources
The Benefits and Challenges of Open Educational Resourcesaileywriter
 
An Overview of the Odoo 17 Discuss App.pptx
An Overview of the Odoo 17 Discuss App.pptxAn Overview of the Odoo 17 Discuss App.pptx
An Overview of the Odoo 17 Discuss App.pptxCeline George
 
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdfDanh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdfQucHHunhnh
 
How to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS ModuleHow to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS ModuleCeline George
 
Application of Matrices in real life. Presentation on application of matrices
Application of Matrices in real life. Presentation on application of matricesApplication of Matrices in real life. Presentation on application of matrices
Application of Matrices in real life. Presentation on application of matricesRased Khan
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPCeline George
 
IATP How-to Foreign Travel May 2024.pdff
IATP How-to Foreign Travel May 2024.pdffIATP How-to Foreign Travel May 2024.pdff
IATP How-to Foreign Travel May 2024.pdff17thcssbs2
 
Matatag-Curriculum and the 21st Century Skills Presentation.pptx
Matatag-Curriculum and the 21st Century Skills Presentation.pptxMatatag-Curriculum and the 21st Century Skills Presentation.pptx
Matatag-Curriculum and the 21st Century Skills Presentation.pptxJenilouCasareno
 
Basic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumersBasic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumersPedroFerreira53928
 
[GDSC YCCE] Build with AI Online Presentation
[GDSC YCCE] Build with AI Online Presentation[GDSC YCCE] Build with AI Online Presentation
[GDSC YCCE] Build with AI Online PresentationGDSCYCCE
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaasiemaillard
 
Open Educational Resources Primer PowerPoint
Open Educational Resources Primer PowerPointOpen Educational Resources Primer PowerPoint
Open Educational Resources Primer PowerPointELaRue0
 
slides CapTechTalks Webinar May 2024 Alexander Perry.pptx
slides CapTechTalks Webinar May 2024 Alexander Perry.pptxslides CapTechTalks Webinar May 2024 Alexander Perry.pptx
slides CapTechTalks Webinar May 2024 Alexander Perry.pptxCapitolTechU
 
Morse OER Some Benefits and Challenges.pptx
Morse OER Some Benefits and Challenges.pptxMorse OER Some Benefits and Challenges.pptx
Morse OER Some Benefits and Challenges.pptxjmorse8
 

Recently uploaded (20)

Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17
 
Basic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
Basic Civil Engg Notes_Chapter-6_Environment Pollution & EngineeringBasic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
Basic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
 
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdfINU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
 
The Benefits and Challenges of Open Educational Resources
The Benefits and Challenges of Open Educational ResourcesThe Benefits and Challenges of Open Educational Resources
The Benefits and Challenges of Open Educational Resources
 
An Overview of the Odoo 17 Discuss App.pptx
An Overview of the Odoo 17 Discuss App.pptxAn Overview of the Odoo 17 Discuss App.pptx
An Overview of the Odoo 17 Discuss App.pptx
 
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdfDanh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
 
How to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS ModuleHow to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS Module
 
Application of Matrices in real life. Presentation on application of matrices
Application of Matrices in real life. Presentation on application of matricesApplication of Matrices in real life. Presentation on application of matrices
Application of Matrices in real life. Presentation on application of matrices
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
 
IATP How-to Foreign Travel May 2024.pdff
IATP How-to Foreign Travel May 2024.pdffIATP How-to Foreign Travel May 2024.pdff
IATP How-to Foreign Travel May 2024.pdff
 
Matatag-Curriculum and the 21st Century Skills Presentation.pptx
Matatag-Curriculum and the 21st Century Skills Presentation.pptxMatatag-Curriculum and the 21st Century Skills Presentation.pptx
Matatag-Curriculum and the 21st Century Skills Presentation.pptx
 
Basic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumersBasic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumers
 
[GDSC YCCE] Build with AI Online Presentation
[GDSC YCCE] Build with AI Online Presentation[GDSC YCCE] Build with AI Online Presentation
[GDSC YCCE] Build with AI Online Presentation
 
B.ed spl. HI pdusu exam paper-2023-24.pdf
B.ed spl. HI pdusu exam paper-2023-24.pdfB.ed spl. HI pdusu exam paper-2023-24.pdf
B.ed spl. HI pdusu exam paper-2023-24.pdf
 
Operations Management - Book1.p - Dr. Abdulfatah A. Salem
Operations Management - Book1.p  - Dr. Abdulfatah A. SalemOperations Management - Book1.p  - Dr. Abdulfatah A. Salem
Operations Management - Book1.p - Dr. Abdulfatah A. Salem
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Open Educational Resources Primer PowerPoint
Open Educational Resources Primer PowerPointOpen Educational Resources Primer PowerPoint
Open Educational Resources Primer PowerPoint
 
NCERT Solutions Power Sharing Class 10 Notes pdf
NCERT Solutions Power Sharing Class 10 Notes pdfNCERT Solutions Power Sharing Class 10 Notes pdf
NCERT Solutions Power Sharing Class 10 Notes pdf
 
slides CapTechTalks Webinar May 2024 Alexander Perry.pptx
slides CapTechTalks Webinar May 2024 Alexander Perry.pptxslides CapTechTalks Webinar May 2024 Alexander Perry.pptx
slides CapTechTalks Webinar May 2024 Alexander Perry.pptx
 
Morse OER Some Benefits and Challenges.pptx
Morse OER Some Benefits and Challenges.pptxMorse OER Some Benefits and Challenges.pptx
Morse OER Some Benefits and Challenges.pptx
 

Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation

  • 1.
  • 2. • Introduction • Before we start… • ISO27001 implementation vs audit • ISMS vs PIMS, in practice • The implementer view • The auditor view • Q & A Agenda
  • 4. Peter Geelen (CyberMinute) • 20+ years experience in security • Enterprise Security & IAM • Cybersecurity • Data Protection & Privacy • Incident management, Disaster Recovery • Trainer, coach, auditor • ISO27001 Master & Lead ISO27002 • ISO27701 Lead Impl. & Lead Auditor • Certified DPO & Fellow In Privacy • Lead Incident Mgr & Disaster Recovery • ISO27032 Sr. Lead Cybersecurity Mgr • Lead ISO27005 (Risk Mgmt) • Accredited ISO27001/9001 Lead auditor • Accredited Security Trainer My experience Certification Accreditation http://www.cyberminute.com https://ffwd2.me/pgeelen More info (LinkedIn): peter@cyberminute.com
  • 5. Stefan Mathuvis (QMA) • 20 years experience in security • Quality Management • Quality Auditor • Cybersecurity • Security, Data Protection & Privacy • Trainer, coach, auditor • ISO27001 Lead Auditor • ISO9001 Lead Auditor • Lead auditor ESD & GDP Pharma • Lead auditor GQS • CDPO • Master trainer DGQ • Accredited ISO27001 lead auditor • Accredited 9001 Lead auditor My experience Certification Accreditation http://www.qma.be https://ffwd2.me/stefan More info (LinkedIn): Stefan@qma.be
  • 7. • Quick Guide to ISO/IEC 27701-The Newest Privacy Information Standard • PECB: https://pecb.com/past-webinars/quick-guide-to-isoiec-27701-the-newest- privacy-information-standard • Recording: https://youtu.be/ilw4UmMSlU4 • Slideshare: https://www.slideshare.net/PECBCERTIFICATION/quick-guide-to- isoiec-27701-the-newest-privacy-information-standard • ISO/IEC 27701 vs GDPR - What you need to know • PECB: https://pecb.com/past-webinars/isoiec-27701-vs-gdpr-what-you-need-to- know • Recording: https://www.youtube.com/watch?v=P80So3ryvJ8 • Slideshare: https://www.slideshare.net/PECBCERTIFICATION/isoiec-27701-vs- gdpr-what-you-need-to-know For other webinars, see: https://pecb.com/en/webinars Recap: Previous sessions
  • 8. • Remember ISO27001 • ISMS, Information Security (Management System) • 10 Clauses • 114 controls • Based on PDCA Recap: ISO27001 structure
  • 9. Act Plan DoCheck ISO27001 main principle: PDCA Time Quality Improvement Quality Assurance Standard Quality Assurance StandardAct Plan DoCheck
  • 11. Source: PECB ISO27001 Lead Implementer PDCA in ISO27001 clause 6 Planning clause 9 Performance evaluation clause 10 Improvement clause 8 Operation Clause 4 Context of the organization Clause 7 Support Clause 5 Leadership Annex A - Control objectives and controls
  • 12. Extension to ISO27001 (ISMS) • Information security Management system • + Extension to privacy • + interpretation for GDPR = PIMS (Privacy Information Management system) ISO27701 (PIMS)
  • 13. Naming convention To avoid any confusion: • ISMS refers to ISO27001 • PIMS refers to ISO27701 (on top of ISO27001) For this session…
  • 14. ISMS implementation vs audit Opposite or complementary?
  • 15. Officially starts with external audit but…. • You can use the audit techniques during initial implementation • Implement pre-stage audit • Internal audit is needed (official requirement) • System must have sufficient track record before initial audit After initial audit • Yearly surveillance • 3 year cycle to renewal • Continuous maintenance (also for internal audit) • Continuous improvement The ISO audit lifecycle…
  • 16. Initial audit • “Get in control” • Passing the mark • Basic maturity (ref. CMMI … level 3) • Room for growth and maturity Surveillance audit (+ recertification) • “Stay in control” • Focus on improvement • Increasing maturity • Based on metrics and measurement… The ISO audit lifecycle…
  • 17. Starts long before the external audit • To use the audit techniques during initial • Pre-stage audit • Internal audit needed (official requirement) Doesn’t stop after initial external audit • Maintenance The implementation lifecycle…
  • 18. When starting in ISMS implementation • It takes time to adapt business processes to ISO approach • Focus on evidence.. • Not only documentation, • but also operational results that can be tracked • People that know how ISMS plugs in to their work Audit • Not just a check list, but focus on results • Based on evidence (double evidence) • Advisory function (but not consulting) Hints and tips
  • 19. ISMS to PIMS, in practice. Getting the mind shift right…
  • 20. When shifting from ISMS to PIMS • It’s no more about “enterprise only” data • It’s ALSO about “personal data’ • On top of it… Meaning, you’re in the lead with enterprise data, in ISMS. The subject is in the lead when handling personal data… in PIMS (Strong legislation giving power to subject.) Fundamental change in approach
  • 21. ISMS Fundamental change in mindset & environment ISMS ISMS PIMS
  • 22. The implementer/audit view of PIMS Recap from previous sessions.
  • 23. Auditor vs implementer • If you know how the audit works, you know better what to implement • Both in the right spirit • Results based, • not check list based • Growth mindset • Not perfect at first step • Better done than perfect • Think big, act small… Why is this important?
  • 24. • The audit cycle pushes the implementation of PDCA • Continuous improvement • Step by step • Have an independent / external view • Keep the helicopter view, with good relation between • Business • IT • DPO • Legal The auditor view helps to…
  • 25. • Include audit considerations from the start • Involve audit throughout the project • Internal audit vs external audit • External audit • mostly end stage (before you restart the cycle) • Certification target • Internal audit • Separate department • Why not cross check? (cross-department) • External auditor (but still under authority of data controller) Some practical hints
  • 26. • Look at the external auditor as advisor • Not a checklist dummy • [NOT consultant ;) ] • Find the right auditor for you, YOU choose • Experience, expertise • Right mindset (continuous improvement) • Focus on getting results • CMMI: 1… 2… 3… 4… 5… Some practical hints
  • 27. Recap: ISO27701 mapping to ISO27001 4.3 ISO27001 requirements (ISO27701 Clause 5) ISO27701 Topic ISO27001 Remark 5.2 Context of organisation 4 Changed 5.3 Leadership 5 Direct 5.4 Planning 6 Changed 5.5 Support 7 Direct 5.6 Operation 8 Direct 5.7 Performance evaluation 9 Direct 5.8 Improvement 10 Direct
  • 28. Recap: ISO27701 mapping to ISO27001 4.3 ISO27002 requirements (ISO27701 Clause 6) ISO27701 Topic ISO27002 Remark 6.2 Policies 5 Changed 6.3 Organisation 6 Changed 6.4 HR 7 Changed 6.5 Asset Management 8 Changed 6.6 Access Control 9 Changed 6.7 Cryptography 10 Changed 6.8 Physical and environment 11 Changed
  • 29. Recap: ISO27701 mapping to ISO27001 4.3 ISO27002 requirements (ISO27701 Clause 6) ISO27701 Topic ISO27002 Remark 6.9 Operations 12 Changed 6.10 Communications 13 Changed 6.11 Acquisition, Dev & mainten. 14 Changed 6.12 Suppliers 15 Changed 6.13 Incident Mgmt 16 Changed 6.14 Business Continuity 17 Direct 6.15 Compliance 18 Changed
  • 30. The implementer view of ISO27701 Quick tour: special attention
  • 31. Interested parties • ISMS: Mainly enterprise, contractual, customers, … bit of employee • PIMS: strong focus on subject data, in any type Different approach • High impact regulation • Worldwide • Very powerful individual • Define goal, vision, mission & strategy • Documentation! PIMS 5.2 / ISMS 4 (Context) Implementer
  • 32. Interested parties • ISMS: vision, commitment, policy, RACI, • PIMS: accountability (ref. GDPR) Make sure to • Organize regular management meetings • Plan agenda, take notes, … • Register Decisions taken • Plan Communication, incl. all interested parties (incl. external) • Make sure mgmt. takes responsibility. • Make them accountable, … PIMS 5.3 / ISMS 5 (Leadership) Implementer
  • 33. EXTREMELY IMPORTANT • ISMS: risk management is CORE requirement • PIMS: PIA, DPIA (GDPR) You must • Have a risk register • Setup Risk management system (not the software, but the process) • Maintain risk management HINT: how to assess risk in EXISTING environment? (New processes, update of existing processes and regular basis) PIMS 5.4 / ISMS 6 (Planning) Implementer
  • 34. ISMS = PIMS, you must have • resources • Competence • Awareness, communication & education • Documentation You need • Budget • People • Time PIMS 5.5 / ISMS 7 (Support) Implementer
  • 35. PIMS 5.6/5.7/5.8 = ISMS 8/9/10 • Operations • Performance • Improvement You need • Operations: Info security / Data protection / Privacy in your DNA • Performance: plan for metrics and measure (CMMI 4) • Improvement: CONTINUOUSLY Other clauses Implementer
  • 36. Policies • ISMS ISO27002 (114 controls + …) • PIMS ISO27002 + ISO27701 • ISMS prefix “A” = ISO27002 • Measures • Controls • For security we need PPT = people, process & technology PIMS 6 / ISMS Annex
  • 37. Policies • ISMS ISO27002 (114 controls + …) • PIMS ISO27002 + ISO27002 ;.. Tasks • Setup policies / documentation • Approve policies • Execute policies • Update policies on a regular basis PIMS 6.2 / ISMS A5 Implementer
  • 38. ISMS PIMS Serving Management Team idem Enterprise Risk Management Team idem Enterprise Info Sec team idem Enterprise IT operations team idem Enterprise Business idem Enterprise Legal support idem Enterprise / DPO or similar Subject PIMS 6.3 / ISMS A6 (IS Org.) Implementer
  • 39. Info • PIMS: privacy & data protection in • contracting • awareness. Special attention to • Reference of data protection in contracting • People are lazy (maintain awareness) • Training IMPORTANT: everyone must be onboard to protect personal data! PIMS 6.4 / ISMS A7 (HR) General
  • 40. Make sure to implement • Asset inventory / CMDB • Not only HW • Also processes • People & knowledge Special attention to • Classification PIMS 6.5 / ISMS A8 (Asset Mgmt) Implementer
  • 41. ISMS labels categ. PIMS lables Serving 0 - Public Non PII/GDPR Enterprise 1 – Internal Enterprise 2 - Strict internal Enterprise 3 - Critical Enterprise (4 – Secret) Enterprise PII Subject Sensitive PII Subject PIMS 6.5 / ISMS A8 (Asset Mgmt) Implementer
  • 42. Must have • Access control policy • User (de)registration Special attention to • PIMS: identity management • PIMS EXPLICIT: • DO NOT RE-USE user IDs PIMS 6.6 / ISMS A9 (Access ctrl.) Implementer
  • 43. Contains • Crypto policy • Special attention to PII treatment Special attention to • Subject information about crypto in • Website, HR, registration systems, storage, backup, … • Disposal of data ! • Evolution of technology in crypto! PIMS 6.7 / ISMS A10 (Crypto) General
  • 44. Must have • Physical security • Security perimeters • Layered security Special attention to • Core protection, starts with physical • Layered security like • Street, outside, perimeter, • public zone, internal zone, restricted zone, high protection core, … • Define : “who can do what and where (and when)” PIMS 6.8 / ISMS A11 (Physicl Sec.) Implementer
  • 45. Special attention to (See previous sessions on PIMS) • Backup • Event logging • Log protection PIMS 6.9 / ISMS A12 (Operations) Implementer Do what you say, say what you do, … … and prove it
  • 46. Make sure to have • Information transfer policy • Vendor / 3rd party / Data processor policy Special attention to • Vendor/processor • Confidentiality • NDA • Incident reporting & feedback PIMS 6.10 / ISMS A13 (Comm.) General
  • 47. Contains • Development policies • SW acquisition requirements Special attention to • Own responsibility • Vendor/processor responsibility • Sec/DP/Privacy by design • Sec/DP/privacy by default PIMS explicit: no PII for testing purposes! PIMS 6.11 / ISMS A14 (Build or buy) Implement
  • 48. Important • Compensate for lack of physical control • Legal control • PIMS : High risk! Special attention to • Policy • Contracts • Expert legal support • Right to audit! PIMS 6.12 / ISMS A15 (Supplier) Implementer
  • 49. Important • Incident register • Incident = failure of system (opportunity for improvement) • PIMS : High risk for data breaches! Special attention to • Policy • Tracking & improvement • Escalation tracks • Exercise, exercise! PIMS 6.13 / ISMS A16 (Incident) Implementer
  • 50. Important • Maintaining data protection & privacy during disaster • BCM vs DRP Special attention to • Exercise • Testing • Vendors PIMS 6.14 / ISMS A17 (BCM) Implementer
  • 51. Pay attention to • Legislation • Contract obligations • Company responsibility (protect yourself) • Subject rights Evidence • Anything we discussed today… PIMS 6.15 / ISMS A18 (Compliance) General
  • 52. The audit view of ISO27701 Focus on evidence
  • 53. Interested parties • ISMS: documentation on business model, mission, vision, … • PIMS: ISMS documentation, privacy notices, .. Type of community What evidence to find? • Mission/Vision • Community • Business model, processes, type of data • Talking to business & customer dept. PIMS 5.2 / ISMS 4 (Context) Auditor
  • 54. Interested parties • ISMS: documentation on business model, mission, vision, … • PIMS: ISMS documentation, privacy notices, .. Type of community How to audit? • Management meetings, agenda, notes, … • Decisions taken • Communication • Approvals & signature of policies, … PIMS 5.3 / ISMS 5 (Leadership) Auditor
  • 55. Look for • ISMS = Risk management • PIMS = Risk management + PIA/DPIA Evidence • Risk sources: incident register, incident reporting, • Track solution of incident • Data breach reporting (confirmed incidents) • Risk register (setup, up to date, ownership, RACI, …) PIMS 5.4 / ISMS 6 (Planning) Auditor
  • 56. ISMS = PIMS • Check for management support • Check for education plan • Check for awareness Evidence • Interview • Management planning • Education, awareness & communication PIMS 5.5 / ISMS 7 (Support) Auditor
  • 57. PIMS 5.6/5.7/5.8 = ISMS 8/9/10 • Operations • Performance • Improvement Evidence • Operations: processed, procedures, … on the floor • Performance: Find the metrics • Improvement: internal audit, new projects, updates, … Other clauses Auditor
  • 58. To check • Policies • SOA Evidence • Setup policies / documentation • Approval of policies • Execution policies • Updates PIMS 6.2 / ISMS A5 Auditor
  • 59. Check for • organigram • Company organisation • RACI • Segregation of duties Evidence • Roles & responsibilities description • Function description incl. ISMS/PIMS tasks • People IN/OUT PIMS 6.3 / ISMS A6 Auditor
  • 60. Info • PIMS: privacy & data protection in • contracting • awareness. Special attention to • Reference of data protection in contracting • People are laze (maintain awareness) • Training IMPORTANT: everyone must be onboard to protect personal data! PIMS 6.4 / ISMS A7 (HR) General
  • 61. Pay attention to • HR IN/OUT vs. IT IN/OUT Evidence • HR • IT security • Privileged account management • General accounts • In/out events • Regular reviews (x times /yr) PIMS 6.6 / ISMS A9 (Access ctrl.) Auditor
  • 62. Contains • Crypto policy • Special attention to PII treatment Special attention to • Subject information about crypto in • Website, HR, registration systems, storage, backup, … • Disposal of data ! PIMS 6.7 / ISMS A10 (Crypto) General
  • 63. Pay attention to • Building • Locations • Entry, • Zones • Equipment, cabling, • 3rd party (!) Evidence • On site visit PIMS 6.8 / ISMS A11 (Physical) Auditor
  • 64. Pay attention to • Tracing of ISMS/PIMS on the floor • People Evidence • Logs • Processes & procedures • Time stamps • Ownership • Meeting minutes • Documentation • …. PIMS 6.9 / ISMS A12 (Operations) Auditor
  • 65. Make sure to have • Information transfer policy • Vendor / 3rd party / Data processor policy Special attention to • Vendor/processor • Confidentiality • NDA • Incident reporting & feedback PIMS 6.10 / ISMS A13 (Communic.) General
  • 66. Pay attention to • PIMS Annex A.7.4 (controller) • PIMS Annex B.8.4 (processor) Evidence • Agreements • Acquisition procedures • Development policies & processes PIMS 6.11 / ISMS A14 (Build or buy) Auditor
  • 67. Pay attention to • Supplier policies • Vendor relations • Vendor contracts Evidence • Vendor negotiations • Vendor contracts • Vendor audits • 3rd party audit reports • Vendor tracking/invoicing • Vendor management updates PIMS 6.12 / ISMS A15 (Supplier) Auditor
  • 68. Pay attention to • Incident management policy • Incident register • Data breach register • Data breach notifications Evidence • Policy meta data (owner, updates, …) • Incident management procedure • Data breach reporting • DPA communications, … PIMS 6.13 / ISMS A16 (Incident) Auditor
  • 69. Pay attention to • Maintaining data protection & privacy during disaster • BCM vs DRP Evidence • BCM planning • DRP plan • Test plans • Exercises • Awareness, training & communication PIMS 6.14 / ISMS A17 (BCM) Auditor
  • 70. Pay attention to • Legislation • Contract obligations • Company responsibility (protect yourself) • Subject rights Evidence • Anything we discussed today… PIMS 6.15 / ISMS A18 (Compliance) General
  • 71. And last but not least… Never done
  • 72. PDCA… Continous improvement Start over again… See you at the next cycle…
  • 73. Q & A Questions & answers
  • 75. Ramping up… Relevant PECB Training courses
  • 76. Check the PECB agenda, select the ISO/IEC 27701 Lead Implementer https://pecb.com/en/partnerEvent/event_schedule_list Training Events For full detailed information about an event click on the ‘View’ button on the right hand side under ‘View full details’. Note: Before applying for any training courses listed below, please make sure you are registered to PECB Training Agenda
  • 77. Relevant Training PECB ISO 27701 Foundation https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27701/iso-iec-27701-foundation PECB ISO 27701 Lead Implementer https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27701/iso-iec-27701-lead-implementer PECB ISO 27701 Lead Auditor https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27701/iso-iec-27701-lead-auditor
  • 78. Relevant Training PECB ISO 27001 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001 Lead Implementer https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27001/iso-iec-27001-lead-implementer Lead Auditor https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27001/iso-iec-27001-lead-auditor
  • 79. Relevant Training PECB ISO 27002 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27002 Lead Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27002/iso-iec-27002-lead-manager
  • 81. Relevant Training PECB ISO29100 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100- privacy-implementer Lead Implementer https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100- privacy-implementer/iso-29100-lead-privacy-implementer
  • 82. Relevant Training PECB ISO27035 - Incident Management https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035 Lead Incident Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035 /iso-iec-27035-lead-incident-manager
  • 83. Relevant Training PECB ISO27005 - Risk Management https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005 Lead Risk Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005 /iso-27005-lead-risk-manager
  • 84. ISO/IEC 27701 Training Courses • ISO/IEC 27701 Foundation 2 Day Course • ISO/IEC 27701 Lead Implementer 5Days Course Exam and certification fees are included in the training price. https://pecb.com/en/education-and-certification-for-individuals/iso- 27701 www.pecb.com/events
  • 85.