09 Sep 2019
Session Block—Standards and Applications 14:00 - 14:20

The pending ISO/IEC 27701 Privacy Information Management System (PIMS) standard is built upon the existing ISO/IEC 27001 Information Security Management System (ISMS) standard to establish an universal privacy control set for controllers and processors. The primary applications of the new standard are to help controllers and processors reconcile applicable regulatory requirements into their internal controls and to validate compliance of controls between business partners such as co-controllers, processors, and sub-processors. The standard contains an annex providing a mapping between GDPR and ISO/IEC 27701 as an example of how the standard controls correspond to the European regulation. While this example is highly relevant to the state of privacy regulations, EU is not the only jurisdiction with applicable privacy regulation. 


To that end, the presenter proposes that additional mappings of privacy regulations against ISO/IEC 27701 would be beneficial to the privacy community. The presenter has prepared several mappings including regulations from Australia, Brazil, California, Canada, Hong Kong, Singapore, South Korea, and Turkey for this purpose. The plan is to publish these mappings as open source so enable validation of existing mappings, addition of new mappings, and general consumption by the privacy community. The presenter will present the mapping project to the community ahead of launching into open source.


The presenter will also showcase a data visualization tool designed to help users make sense of the relationship between these regulations and ISO/IEC 27701. The data visualization tool is also intended for open source consumption.

Director, Certification Policy


Discussion not started yet.