Abstract
The author proposes a set of possible documents that an organization must develop and demonstrate during the certification of its information privacy management system to comply with the international ISO/IEC 27701 standard 2019 “Security techniques. Extension to ISO/IEC 27001 and 27002 for privacy information management. Requirements and guidelines.”
Similar content being viewed by others
References
A. M. Fal’, “Standardization in information security management,” Cybern. Syst. Analysis, Vol. 46, No. 3, 512–515 (2010). https://doi.org/10.1007/s10559-010-9227-9.
ISO/IEC 27001:2013, Information Technology — Security Techniques — Information Security Management Systems — Requirements. URL: https://www.iso.org/standard/54534.html.
ISO/IEC 27002:2013, Information Technology — Security Techniques — Code of Practice for Information Security Controls. URL: https://www.iso.org/standard/54533.html.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). URL: https://eur-lex.europa.eu/eli/reg/2016/679/oj.
ISO/IEC 27701:2019, Security Techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management — Requirements and Guidelines. URL: https://www.iso.org/standard/71670.html.
List of Mandatory Documents Required by ISO 27001 (2013 revision). URL: https://advisera.com/ 27001academy/knowledgebase-category/iso-27001-implementation/list-of-mandatory-documents-required-by-iso-27001-2013-revision.
Best Practice ISO 27001 Required Documentation. URL: https://www.riskmanagementstudio.com/best-practice-iso-27001-required-documentation/.
UK Information Commissioner’s Office. URL: www.ico.org.uk.
European Data Protection Board. URL: www.edpb.europa.eu/edpb_en.
17/EN WP 248rev.1 Guidelines on Data Protection Impact Assessment (DPIA) and Determining whether Processing Is “Likely to Result in a High Risk” for the Purposes of Regulation 2016/679. URL: https://autoriteitpersoonsgegevens.nl/sites/default/files/atoms/files/20171013_wp248_rev01_enpdf.pdf.
EDPB Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Adopted on 13 November 2019. URL: https://edpb.europa.eu/sites/default/files/consultation/edpb_guidelines_201904_dataprotection_by_design_and_by_default.pdf.
NIST Internal Report (NISTIR), 8053, De-Identification of Personal Information. URL: https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8053.pdf.
Author information
Authors and Affiliations
Corresponding author
Additional information
Translated from Kibernetyka ta Systemnyi Analiz, No. 5, September–October, 2021, pp. 143–149.
Rights and permissions
About this article
Cite this article
Fal’, O.M. Documentation in the ISO/IEC 27701 Standard. Cybern Syst Anal 57, 796–802 (2021). https://doi.org/10.1007/s10559-021-00404-3
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10559-021-00404-3