Implementation and certification to the Information Security Management System under ISO 27001:2013 provides organizations with a consistent framework of risk management and governance and forms a foundation of sound information security practices. With stricter privacy requirements, both in the United States and internationally, adding the Privacy Information Management System under ISO 27701:2019 provides further adherence to privacy requirements and adds specific controls for data controllers and/or data processors. This standard requires ISO 27001 certification. The combination of these two standards provides an organization with ongoing compliance and sustainability of evolving technologies and requirements. We'll present a review of each standard and quick review of current privacy legislation with case studies of organizations that reduced risk, increased efficiencies and boosted customer confidence.
Identify critical relationships between privacy and information security and how common controls can provide a greater value to managing legal, regulatory, contractual requirements.
Learn strategy to gain management and customer confidence through applying a standardized, systematic method for the protection of multiple types of information as a data custodian, data processors or data collector.
Analyze the current privacy and information security program within your organization to determine potential gaps and areas of improvement