ISO 27701 2019 Standards - Privacy Information Management Systems (PIMS) - Awareness Course

- Description
- Curriculum

ISO 27701 2019 standard specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a privacy information management system (PIMS) in the form of an extension to ISO 27001 and ISO 27002 for privacy management within the context of the organization. ISO 27001 2019 standard specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing. ISO 27001 2019 standard is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which are PII controllers and/or PII processors processing PII within ISMS. ISO 27701 2019 foundations course teaches you the process approach and the requirements and benefits of ISO 27701 2019. The essential objective of ISO 27701 2019 foundations course is to create awareness for participants regarding various basic requirements of the ISO 27701 2019 standard & impart working knowledge on how these requirements can be interpreted to suit the organization’s processes, products, people & customers. Who is it for?
Who Should Attend?
- Anyone involved in the planning, implementing, maintaining, supervising or auditing of an ISO 27701 2019 privacy information management systems
- Jobseekers interested in understanding the best privacy information management practices followed by the organisations
- Anyone looking to gain skills and knowledge to improve their organisation’s privacy information management systems
Key Benefits
- Understand the structure of ISO 27701 2019 standard
- Learn importance and benefits of an ISO 27701 2019 privacy information management system
- Understand key requirements, terms and definitions of ISO 27701 2019
- Understand main concepts such as risk-based thinking, process approach and Plan-Do-Check-Act
- Prepare yourself to participate in ISO 27701 2019 standards implementation process
- Understand asset management practices to ensure information security
- Understand the requirements for access control, human resource security, cryptography, physical and environmental security, operations security, communications security and security in supplier relationships
- Understand the information security incident management techniques
- Understand the method of managing privacy information risks, its impact and drive continual improvement
- Understand documents and records relevant to ISO 27701 2019 privacy information management system , critical to the products and services delivered and those required to meet customer and regulatory requirements
- Fill gaps in your professional knowledge
Learning & Evaluation Method
This is a live and interactive course. Once you purchase the course, our team will contact you to plan the training. No matter where you are located, we schedule the classes based on your convenience and time zone. You can plan to attend the training in sessions of 4 or 8 hr duration, based on how much time you can spend in a day.
Certification
There are increasing numbers of organizations, who prefer candidates those who have completed management system trainings from a recognized institution. Certification demonstrates your commitment to superior professionalism, upholding industry standards, and continued learning. These merits can help boost your professional credibility and prestige within your own network, in your organisation, with your current clients, and when pursuing new business opportunities. After the successful completion of the course and final exam, you will be awarded with a certificate of completion issued by QGlobal. Your credentials will be made available in the global online directory and can be verified by anyone searching with the certificate number. Without doubt we can say that our training courses are well recognized and sought after by organizations across various geographies.
Buy for group Are you planning to buy this course for a group? We have the best prices for you! Select ‘Buy for Group’ option and add to the cart. You will get a discount of 60 – 75% for a group of up to 10 participants. To make a group purchase, create your group name and add individual emails of up to 10 participants. Each participant will get the access to the course materials, exam and the certificate. We will arrange one live-online session for the entire group.
Total: 206 Courses View all
Total: 206 Courses View all
-
1Introduction to standards and certification
- Purpose of standardization
- Benefits of certification
-
2Introduction to ISO 27701 standards
- Structure of this document
- Application of ISO/IEC 27001:2013 requirements
- Application of ISO/IEC 27002:2013 guidelines
- Customer
-
3ISO 27701 Additional ISO/IEC 27002 guidance for PII processors
- General
- Conditions for collection and processing
- Customer agreement
- Organization’s purposes
- Marketing and advertising use
- Infringing instruction
- Customer obligations
- Records related to processing PII
- Obligations to PII principals
- Obligations to PII principals
- Privacy by design and privacy by default
- Temporary files
- Return, transfer or disposal of PII
- PII transmission controls
- PII sharing, transfer, and disclosure
- Basis for PII transfer between jurisdictions
- Countries and international organizations to which PII can be transferred
- Records of PII disclosure to third parties
- Notification of PII disclosure requests
- Legally binding PII disclosures
- Disclosure of subcontractors used to process PII
- Engagement of a subcontractor to process PII
- Change of subcontractor to process PII
-
4ISO 27701 Additional ISO/IEC 27002 guidance for PII controllers
- Conditions for collection and processing
- Identify and document purpose
- Identify lawful basis
- Determine when and how consent is to be obtained
- Obtain and record consent
- Privacy impact assessment
- Contracts with PII processors
- Joint PII controller
- Records related to processing PII
- Obligations to PII principals
- Determining and fulfilling obligations to PII principals
- Determining information for PII principals
- Providing information to PII principals
- Providing mechanism to modify or withdraw consent
- Providing mechanism to object to PII processing
- Access, correction and/or erasure
- PII controllers' obligations to inform third parties
- Providing copy of PII processed
- Handling requests
- Automated decision making
- Privacy by design and privacy by default
- Limit collection
- Limit processing
- Accuracy and quality
- PII minimization objectives
- PII de-identification and deletion at the end of processing
- Temporary files
- Retention
- Disposal
- PII transmission controls
- PII sharing, transfer, and disclosure
- Identify basis for PII transfer between jurisdictions
- Identify basis for PII transfer between jurisdictions
- Countries and international organizations to which PII can be transferred
- Records of transfer of PII
- Records of PII disclosure to third parties
-
5ISO 27701 PIMS-specific guidance related to ISO/IEC 27002
- Information security policies
- Organization of information security
- Human resource security
- Asset management
- Access control
- Cryptography
- Physical and environmental security
- Operations security
- Communications security
- Systems acquisition, development and maintenance
- Security requirements of information systems
- Information security incident management
- Compliance
-
6ISO 27701 PIMS-specific requirements related to ISO/IEC 27001
- Context of the organization
- Understanding the organization and its context
- Understanding the needs and expectations of interested parties
- Determining the scope of the information security management system
- Information security management system
- Leadership
- Leadership and commitment
- Policy
- Organizational roles, responsibilities and authorities
- Planning
- Actions to address risks and opportunities
- Information security risk assessment
- Information security risk treatment
- Information security objectives and planning to achieve them
- Support
- Resources
- Competence
- Awareness
- Communication
- Documented information
- Creating and updating
- Control of documented information
- Operation
- Operational planning and control
- Information security risk assessment
- Information security risk treatment
- Performance evaluation
- Monitoring, measurement, analysis and evaluation
- Internal audit
- Management review
- Improvement
- Nonconformity and corrective action
- Continual improvement