Leveraging ISO 27701 to Improve Data Privacy and Security Compliance31 Aug 2020 | Leonard Kamau
This blog will discuss how UAE entities can leverage on ISO 27701 with their existing information security management system to help improve data privacy and enhance compliance with the various security standards that they operate.
ISO 27701 is a new standard, published in August 2019, for information and data privacy. It describes a framework for “controllers” and “processors” of personally identifying information (PII) to manage data privacy and enable regulatory compliance. Most UAE entities have implemented or are in the process of implementing the UAE IA standard as a management system for their information security. The UAE IA standard is primarily based on the ISO 27001 standard.
The UAE has two applicable data protection regulatory requirements specific to Financial Services Free Zones, the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM), respectively. Both are only applicable to organisations operating in the two Free Zones. Case in point:
ISO 27701 serves as an enhancement to ISO 27001. It is one of several risk management standards, which assures that your organisation complies with the applicable PII regulations. The full usage of this new standard would only be realised once your organisation has implemented ISO 27001 or UAE IA standard(s). The reason for this is because, ISO 27001/UAE IA standard does not independently fulfil the requirements of privacy, which is why the extension is significant.
Below are the extension mappings and correlation that underscores how the two standards are linked together to achieve privacy.
|ISO/IEC 27001 (Information Security Management System)||ISO 27701 Privacy Information Management System (PIMS)|
|1||Information security||Information Security and Privacy|
|2||information security management||Information security and privacy information management|
|3||information security management system (ISMS)||Privacy information management system (PIMS)|
|4||Information security objective||Information security and privacy objectives|
|5||Information security performance||Information security and privacy performance|
|6||Information security requirements||Information security and privacy requirements|
|7||Information security risk||Information security and privacy risk|
|8||Information security risk assessment||Information security and privacy risk assessment|
|9||Information security risk treatment||Information security and privacy risk treatment|
In summary, Integrating ISO 27701 will create a Privacy Information Management System (PIMS) hence reducing risk to the privacy rights of individuals. The UAE IA standard, which is the primary ISMS standard for most entities within the UAE, can get the ISO 27701 extension to enable the organisation to meet the required privacy requirements.
For you to realise these significant advantages for your organisation, get in touch with our consultants at Digital14.com/protect, and we shall guide you on ensuring that your organisation is at the forefront of integrating its ISMS with the PIM.
Connect with us