IS0 27701:2019
IS0 27701:2019
Privacy Information Management System
- Certified organization to conduct Lead AuditorTraining in ISO 31000 by LMS, (Accredited from International Accreditation Service a member of International Accreditation Forum www.iaf.nu)
- Licensed Training Partner with Cyber Accreditation Board (www.cyberab.org) an initiative of US Dept of Defense.
- Member organization of Quality Council of India (www.qcin.org)
- Licensed institute partner with CMMI Institute, Pittsburgh, USA (www.cmmiinstitute.com)
- Government eMarket Place (GeM) approved Organization (www.gem.gov.in)
- Approved trainer and examiner for GDPR from Accredia - an Italian Accreditation Body
CMMI Institute
Experiential Learning Objectives (Practice Based)
- Understand the operations of an Privacy Information Management System based on ISO 27701
- Relate between ISO 27001, ISO 27002, ISO 29134 and other ISMS family of standards including regulations
- Practice to lead an audit and audit team
- Interpret the requirements of ISO 27701 in the context of an PIMS audit
- Experience auditor competencies to: plan, write NC reports and conduct audits as per ISO 19011
DAY 1 CONTENT
- About the course
- Standards, principles and definitions
- Overview
- Security techniques related to ISO 27701
- Specific requirements related to ISO 27001
- Specific guidance related to ISO 27002
- ISO 27002 guidance for PII controllers
- ISO 27002 guidance for PII processors
DAY 2 CONTENT
- Review of Day 1 learning
- General Data Protection Regulations (GDPR) and Indian Legislation
- Planning the implementation of a PIMS
- Security techniques related to ISO 27701
- Context of the organization
- Leadership
- Planning
- Support
- Operation
- Performance evaluation
- Improvement
DAY 3 CONTENT
- Review of Day 2 learning
- Implementing a PIMS
- Information security policies
- Organization of information security
- Human resource security
- Asset management
- Cryptography
- Physical and environmental security
- Operations security
- Communications security
- Systems acquisition, development and maintenance
- Supplier and third party relationships
- Information security incident management
- Information security aspects of business continuity management
- Compliance
DAY 4 CONTENT
- Review of Day 3 learning
- PIMS monitoring, continual improvement and preparation for the certification audit
- Conditions for collection and processing.
- Obligations to PII principals
- Privacy by design and privacy by default
- PII sharing, transfer, and disclosure
- Conditions for collection and processing
- Obligations to PII principals
- Privacy by design and privacy by default
- PII sharing, transfer, and disclosure
- Annex A - PIMS-specific reference control objectives and controls (PII Controllers)
- Annex B - PIMS-specific reference control objectives and controls (PII Processors)
DAY 5 CONTENT
- Review of Day 4 learning
- Annex C - Mapping to ISO 29100
- Annex D - Mapping to the General Data Protection Regulation
- Annex E - Mapping to ISO 27018 and ISO 29151
- Privacy by design and privacy by default
- Annex F - How to apply ISO 27701 to ISO 27001 and ISO 27002
- Course Summary & Preparation for Examination
- Written Examination
