ISO/IEC 2770149
ISO/IEC 27701:2019 Clause 5.2.1 · ISO/IEC 27701:2019 Clause 5.2.2 · ISO/IEC 27701:2019 Clause 5.2.3 · ISO/IEC 27701:2019 Clause 5.2.4 · ISO/IEC 27701:2019 Clause 5.4.1.2 · ISO/IEC 27701:2019 Clause 5.4.1.3 · ISO/IEC 27701:2019 Clause 6.12.1.2 · ISO/IEC 27701:2019 Clause 6.13.1.1 · ISO/IEC 27701:2019 Clause 6.2.1.1 · ISO/IEC 27701:2019 Clause 6.3.1.1 · ISO/IEC 27701:2019 Clause 6.4.2.2 · ISO/IEC 27701:2019 Clause 6.5.2.1 · ISO/IEC 27701:2019 Clause 6.6.2.1 · ISO/IEC 27701:2019 Clause 7.2.1 / Annex A.7.2.1 · ISO/IEC 27701:2019 Clause 7.2.2 / Annex A.7.2.2 · ISO/IEC 27701:2019 Clause 7.2.3 / Annex A.7.2.3 · ISO/IEC 27701:2019 Clause 7.2.4 / Annex A.7.2.4 · ISO/IEC 27701:2019 Clause 7.2.5 / Annex A.7.2.5 · ISO/IEC 27701:2019 Clause 7.2.6 / Annex A.7.2.6 · ISO/IEC 27701:2019 Clause 7.2.7 / Annex A.7.2.7 · ISO/IEC 27701:2019 Clause 7.2.8 / Annex A.7.2.8 · ISO/IEC 27701:2019 Clause 7.3.1 / Annex A.7.3.1 · ISO/IEC 27701:2019 Clause 7.3.10 / Annex A.7.3.10 · ISO/IEC 27701:2019 Clause 7.3.2 / Annex A.7.3.2 · ISO/IEC 27701:2019 Clause 7.3.3 / Annex A.7.3.3 · ISO/IEC 27701:2019 Clause 7.3.4 / Annex A.7.3.4 · ISO/IEC 27701:2019 Clause 7.3.5 / Annex A.7.3.5 · ISO/IEC 27701:2019 Clause 7.3.6 / Annex A.7.3.6 · ISO/IEC 27701:2019 Clause 7.3.7 / Annex A.7.3.7 · ISO/IEC 27701:2019 Clause 7.3.8 / Annex A.7.3.8 · ISO/IEC 27701:2019 Clause 7.3.9 / Annex A.7.3.9 · ISO/IEC 27701:2019 Clause 7.4.1 / Annex A.7.4.1 · ISO/IEC 27701:2019 Clause 7.4.2 / Annex A.7.4.2 · ISO/IEC 27701:2019 Clause 7.4.3 / Annex A.7.4.3 · ISO/IEC 27701:2019 Clause 7.4.4 / Annex A.7.4.4 · ISO/IEC 27701:2019 Clause 7.4.5 / Annex A.7.4.5 · ISO/IEC 27701:2019 Clause 7.5.1 / Annex A.7.5.1 · ISO/IEC 27701:2019 Clause 7.5.2 / Annex A.7.5.2 · ISO/IEC 27701:2019 Clause 8.2.1 / Annex B.8.2.1 · ISO/IEC 27701:2019 Clause 8.2.2 / Annex B.8.2.2 · ISO/IEC 27701:2019 Clause 8.2.5 / Annex B.8.2.5 · ISO/IEC 27701:2019 Clause 8.3.1 / Annex B.8.3.1 · ISO/IEC 27701:2019 Clause 8.4.1 / Annex B.8.4.1 · ISO/IEC 27701:2019 Clause 8.4.2 / Annex B.8.4.2 · ISO/IEC 27701:2019 Clause 8.5.1 / Annex B.8.5.1 · ISO/IEC 27701:2019 Clause 8.5.2 / Annex B.8.5.2 · ISO/IEC 27701:2019 Clause 8.5.5 / Annex B.8.5.5 · ISO/IEC 27701:2019 Clause 8.5.7 / Annex B.8.5.7 · ISO/IEC 27701:2019 Clause 8.5.8 / Annex B.8.5.8
Requirements in this framework
- Access control for PII
- Access, correction and erasure
- Accuracy and quality
- Addressing security in supplier agreements for PII
- Automated decision making
- Basis for PII transfer between jurisdictions (processor)
- Change of sub-contractor to process PII
- Classification of PII
- Contracts with PII processors
- Countries and international organizations to which PII can be transferred
- Country or region of PII processing
- Customer agreement
- Customer obligations
- Determine when and how consent is to be obtained
- Determining and fulfilling obligations to PII principals
- Determining information for PII principals
- Determining the scope of the PIMS
- Disclosure of sub-contractors used to process PII
- Engagement of a sub-contractor to process PII
- Handling requests
- Identify and document purpose
- Identify basis for PII transfer between jurisdictions
- Identify lawful basis
- Information security policies for PII protection
- Information security roles and responsibilities for PII
- Joint PII controller
- Limit collection
- Limit processing
- Obligations to PII principals (processor)
- Obtain and record consent
- Organization's purposes
- PII controllers' obligations to inform third parties
- PII de-identification and deletion at end of processing
- PII minimization objectives
- Privacy awareness, education and training
- Privacy impact assessment
- Privacy information management system
- Privacy risk assessment
- Privacy risk treatment
- Providing copy of PII processed
- Providing information to PII principals
- Providing mechanism to modify or withdraw consent
- Providing mechanism to object to PII processing
- Records related to processing PII
- Responsibilities and procedures for PII breaches
- Return, transfer or disposal of PII (processor)
- Temporary files (processor)
- Understanding the needs and expectations of interested parties
- Understanding the organization and its context