SOC Type 2, GDPR and ISO 27001
Assign topic to the user
Answer: We are not experts on SOC Type 2, but this information (from the official site of American Institute of CPAs) about SOC 2 and ISO 27001 can be interesting for you: https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/othermapping/trust-services-map-to-iso-27001.xlsx
Regarding ISO 27001 and GDPR, ISO 27001 is a standard which focus on protection of information, and EU GDPR is a regulation defining requirements for protection of privacy, so ISO 27001 can be used as basis to achieve compliance with ca 50% of EU GDPR.
These articles will provide you further explanation about ISO 27001 and GDPR:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- 9 steps for implementing GDPR https://advisera.com/articles/9-steps-for-implementing-gdpr/
- Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/
2 - How to avoid duplicated effort.
Answer: To avoid duplicated effort you should first map the correlation between the requirements of these three documents, to identify which ones are similar, and only then plan the documents you have to create.
This material will provide you further explanation about ISO 27001 and GDPR:
- How to integrate GDPR with ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-gdpr-with-iso-27001-free-webinar-on-demand/
Comment as guest or Sign in
Jun 23, 2018