Expert Advice Community

Guest

GDPR and ISO 27001

  Quote
Guest
Guest user Created:   Sep 01, 2020 Last commented:   Sep 01, 2020

GDPR and ISO 27001

I'm part of a team who is working to achieve ISO 27001 certification for a government datacenter ( this is the scope of the current project).
I am interested to know what would be the common grounds ( mapping) between ISO 27001 and GDPR for this project?
What area we have to focus to ensure that both GDPR and ISO 27001 are compliant. What would be the documentation that would be required by the certification examiners?
Thank you in advance.

0 1

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 01, 2020

 I'm part of a team who is working to achieve ISO 27001 certification for a government datacenter ( this is the scope of the current project).

1 - I am interested to know what would be the common grounds (mapping) between ISO 27001 and GDPR for this project?

Answer: There are many points where the ISO 27001 standard can help achieve compliance with GDPR. Here are just a few of the most relevant ones:
- Risk assessment (clause 6.1.2), to support the classification of information (control A.8.2.1)
- Compliance, through control  A.18.1.1 (Identification of applicable legislation and contractual requirements) and  control  A.18.1.4  (Privacy and protection  of personally identifiable information)
- Breach  notification, through control A.16.1 (Management of information security incidents and improvements) 
- Asset  management, through controls from section A.8  (Asset  management) 
- Privacy  by  Design, through controls from section A.14  (System acquisitions, development, and maintenance)
- Supplier   Relationships, through control A.15.1 (Information security in supplier relationships)

For further information, see:
- What is EU GDPR and how can ISO 27001 help? https://info.advisera.com/27001academy/free-download/what-is-eu-gdpr-and-how-can-iso-27001-help
- Diagram of EU GDPR & ISO 27001 integrated implementation https://info.advisera.com/eugdpracademy/free-download/diagram-of-eu-gdpr-and-iso-27001-integrated-implementation

ISO 27001 standards' family has a specific standard called ISO 27701, which is based on ISO 27001 and defines a Privacy Information Management System, which presents as one of its annexes a map between ISO 27001 and GDPR.

For further information, see:
- Relationship between ISO 27701, ISO 27001, and ISO 27002 https://advisera.com/27001academy/blog/2019/12/10/relationship-between-iso-27701-iso-27001-and-iso-27002/

2 - What area we have to focus to ensure that both GDPR and ISO 27001 are compliant. What would be the documentation that would be required by the certification examiners?
Thank you in advance.

Answer: First is important to note that certification is applicable only to ISO 27001. Certification auditors will look for GDPR related documentation only if this regulation is identified as part of the ISMS scope.

Considering that, for ISO 27001 certification, you need to cover clauses from section 4 to 10 and controls from Annex A identified as applicable as a result of risk assessment and due to legal requirements. For a certification audit, the following article will show you the documents auditors will be looking for:
- Checklist of mandatory documentation required by ISO 27001:2013 (PDF) https://info.advisera.com/27001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-27001


Regarding GDPR, the following article will show you the mandatory documents:
- List of mandatory documents required by EU GDPR https://advisera.com/eugdpracademy/knowledgebase/list-of-mandatory-documents-required-by-eu-gdpr/

To see how documents compliant with ISO 27001 and GDPR looks like, please take a look at the free demo of our EU GDPR & ISO 27001 Integrated Documentation Toolkit at this link: https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit/

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Aug 31, 2020

Aug 31, 2020

Suggested Topics