A path between the ISO 27001 certification and the GDPR toolkit
Assign topic to the user
Answer: In the Article 32, EU GDPR requires the implementation of security controls, so in our EU GDPR Toolkit we have included 11 documents from ISO 27001 that will cover this requirement - here they are:
- IT Security Policy (in the ISO 27001 toolkit this one is called the Acceptable Use Policy)
- Access Control Policy
- Security Procedures for IT Department (in the ISO 27001 toolkit this one is called the Operating Procedures for Information and Communication Technology)
- Bring Your Own Device (BYOD) Policy
- Mobile Device and Teleworking Policy
- Clear Desk and Clear Screen Policy
- Information Classification Policy
- Policy on the Use of Encryption Article 32
- Disaster Recovery Plan Article 32
- Internal Audit Procedure Article 32
- ISO 27001 Internal Audit Checklist
The point is, the implementation of these security controls is ca 50% of the whole GDPR implementation, while the rest of the effort should be focused on privacy and legal issues.
These links will help you:
- Diagram of the EU GDPR implementation process https://advisera.com/eugdpracademy/free-downloads/
- EU GDPR Documentation Toolkit - you'll find a list of all documents on that page: https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/
Comment as guest or Sign in
Oct 31, 2017