Skip to main content
SpringerLink
Log in

Documentation in the ISO/IEC 27701 Standard

  • Published:
Cybernetics and Systems Analysis Aims and scope

Abstract

The author proposes a set of possible documents that an organization must develop and demonstrate during the certification of its information privacy management system to comply with the international ISO/IEC 27701 standard 2019 “Security techniques. Extension to ISO/IEC 27001 and 27002 for privacy information management. Requirements and guidelines.”

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. A. M. Fal’, “Standardization in information security management,” Cybern. Syst. Analysis, Vol. 46, No. 3, 512–515 (2010). https://doi.org/10.1007/s10559-010-9227-9.

    Article  Google Scholar 

  2. ISO/IEC 27001:2013, Information Technology — Security Techniques — Information Security Management Systems — Requirements. URL: https://www.iso.org/standard/54534.html.

  3. ISO/IEC 27002:2013, Information Technology — Security Techniques — Code of Practice for Information Security Controls. URL: https://www.iso.org/standard/54533.html.

  4. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). URL: https://eur-lex.europa.eu/eli/reg/2016/679/oj.

  5. ISO/IEC 27701:2019, Security Techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management — Requirements and Guidelines. URL: https://www.iso.org/standard/71670.html.

  6. List of Mandatory Documents Required by ISO 27001 (2013 revision). URL: https://advisera.com/ 27001academy/knowledgebase-category/iso-27001-implementation/list-of-mandatory-documents-required-by-iso-27001-2013-revision.

  7. Best Practice ISO 27001 Required Documentation. URL: https://www.riskmanagementstudio.com/best-practice-iso-27001-required-documentation/.

  8. UK Information Commissioner’s Office. URL: www.ico.org.uk.

  9. European Data Protection Board. URL: www.edpb.europa.eu/edpb_en.

  10. 17/EN WP 248rev.1 Guidelines on Data Protection Impact Assessment (DPIA) and Determining whether Processing Is “Likely to Result in a High Risk” for the Purposes of Regulation 2016/679. URL: https://autoriteitpersoonsgegevens.nl/sites/default/files/atoms/files/20171013_wp248_rev01_enpdf.pdf.

  11. EDPB Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Adopted on 13 November 2019. URL: https://edpb.europa.eu/sites/default/files/consultation/edpb_guidelines_201904_dataprotection_by_design_and_by_default.pdf.

  12. NIST Internal Report (NISTIR), 8053, De-Identification of Personal Information. URL: https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8053.pdf.

Download references

Author information

Authors and Affiliations

  1. V. M. Glushkov Institute of Cybernetics, National Academy of Sciences of Ukraine, Kyiv, Ukraine

    O. M. Fal’

Authors
  1. O. M. Fal’
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to O. M. Fal’.

Additional information

Translated from Kibernetyka ta Systemnyi Analiz, No. 5, September–October, 2021, pp. 143–149.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Fal’, O.M. Documentation in the ISO/IEC 27701 Standard. Cybern Syst Anal 57, 796–802 (2021). https://doi.org/10.1007/s10559-021-00404-3

Download citation

  • Received:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10559-021-00404-3

Keywords

Search

Navigation