Please note: This sample shows only a small part of the complete Enhanced Gap Assessment tool. This comprehensive gap assessmnet tool includes the exact text of the ISO/IEC 27701 Standard broken down by individual requirement within a user friendly spreadsheet.
ISO/IEC 27701 Enhanced Gap Assessment Tool Privacy Information Management System Requirements
Terms used:
Note: Requirements are indicated within the ISO/IEC 27701 standard by the use of the word "shall" and by numbered lists, for example, a) to g).
PIMS: Privacy Information Management System
ISO27701 REQUIREMENTS
ACTION OWNER
REQS MET?
ACTION NEEDED TO MEET REQUIREMENTS
5 PIMS-specific requirements related to ISO/IEC 27001 5.1 General l The requirements of ISO/IEC 27001:2013 mentioning "information security" shall be extended to the protection of privacy as potentially affected by the processing of PII. NOTE: In practice, where "information security" is used in ISO/IEC 27001:2013, "information security and privacy” applies instead (see Annex F). Total:
Yes
1
5.2 Context of the organization 5.2.1 Understanding the organization and its context l The organization shall determine its role as a PII controller (including as a joint PII controller) and/or a PII processor. l The organization shall determine external and internal factors that are relevant to its context and that affect its ability to achieve the intended outcome(s) of its PIMS. For example, these can include: — applicable privacy legislation; — applicable regulations; — applicable judicial decisions; — applicable organizational context, governance, policies and procedures; — applicable administrative decisions; — applicable contractual requirements. l Where the organization acts in both roles (e.g. a PII controller and a PII processor), separate roles shall be determined, each of which is the subject of a separate set of controls. NOTE: The role of the organization can be different for each instance of the processing of PII, since it depends on who determines the purposes and means of the processing.
Purchase online at www.certikit.com For any questions, please email sales@certikit.com
Yes Yes
Yes
ISO/IEC 27701 Enhanced Gap Assessment Dashboard To refresh chart data, click on “Refresh All” on the Data ribbon.
Gap assessment results AREA OF STANDARD
REQS IN SECTION
5.1 General 5.2 Context of the organization 5.3 Leadership (no requirements) 5.4 Planning 5.5 Support (no requirements) 5.6 Operation (no requirements) 5.7 Performance evaluation (no requirements) 5.8 Improvement (no requirements) 7.2 Conditions for collection and processing 7.3 Obligations to PII principals 7.4 Privacy by design and privacy by default 7.5 PII sharing, transfer, and disclosure 8.2 Conditions for collection and processing 8.3 Obligations to PII principals 8.4 Privacy by design and privacy by default 8.5 PII sharing, transfer, and disclosure Total
NO OF REQS MET
1 6 0 6 0 0 0 0 8 10 9 4 6 1 3 8 62
Percentage level of conformity to the ISO/IEC 27701 standard radar chart
PERCENTAGE CONFORMITY
1 6
100% 100%
6
100%
8 10 9 4 6 1 3 8 62
5.1 General 8.5 PII sharing, transfer, and 100% disclosure 90% 8.4 Privacy by design and privacy by 80% 70% default 60% 50% 8.3 Obligations to PII principals 40% 30% 20% 10% 8.2 Conditions for collection and 0% processing
100% 100% 100% 100% 100% 100% 100% 100% 100%
5.6 Operation (no requirements) 5.7 Performance evaluation (no requirements)
7.3 Obligations to PII principals 5.8 Improvement (no requirements) 7.2 Conditions for collection and processing
100%
REQS IN SECTION
8
100%
100%
100%
100% 9
90%
9
8
8
8
80%
70% 6
6
6 4
6
60% 50%
4
3 1
1
1
0
0
0
0
0
0
0
0
0
5.5 Support (no requirements)
7.4 Privacy by design and privacy by default
10 10
6
5.4 Planning
Percentage level of conformity to the ISO/IEC 27701 standard
NO OF REQS MET
6
5.3 Leadership (no requirements)
7.5 PII sharing, transfer, and disclosure
Level of conformity to the ISO/IEC 27701 standard
10 9 8 7 6 5 4 3 2 1 0
5.2 Context of the organization
0
Purchase online at www.certikit.com For any questions, please email sales@certikit.com
1
3
40% 30% 20%
10% 0%
0%
0%
0%
0%
0%
100%
100%
100%
100%
100%
100%
100%