ISO/IEC 27701 Toolkit Version 1 AREA
DOC REF
DOCUMENT
00. Implementation resources
None None None None PIMS-DOC-00-1 PIMS-DOC-00-2 PIMS-DOC-00-3 PIMS-DOC-00-4 PIMS-DOC-00-5 PIMS-DOC-00-6 PIMS-FORM-00-1 PIMS-FORM-00-2 PIMS-FORM-00-3 PIMS-FORM-00-4 PIMS-FORM-00-5
CERTIKIT - Toolkit Completion Instructions CERTIKIT - ISO27701 Implementation Guide CERTIKIT - ISO27701 Toolkit Index CERTIKIT - Standard Licence Terms ISO27701 Project Initiation Document ISO27701 Project Plan (Microsoft Project) ISO27701 Project Plan (Microsoft Excel) ISO27701 Documentation Log Privacy Introduction Presentation Executive Support Letter Assessment Evidence Meeting Minutes ISO27701 Gap Assessment Tool ISO27701 Progress Report Certification Readiness Checklist This folder is intentionally left blank
01-04 Scope, refs, terms,general 05. PIMS-specific requirements related to ISO-IEC 27001
PIMS-DOC-05-1 PIMS-DOC-05-2 PIMS-DOC-05-3 PIMS-DOC-05-4 PIMS-FORM-05-1 PIMS-FORM-05-2
PIMS Extensions to Existing ISMS Risk Assessment and Treatment Process Applicable Privacy Legislation Privacy Awareness Presentation ISO27001 and ISO27701 Statement of Applicability Internal Audit Checklist This folder is intentionally left blank
06-08. ISO27002 guidance 09. ISO27701 Annex A controls for controllers A72 Conditions for collection and processing
None None None None None PIMS-DOC-A72-1 PIMS-DOC-A72-2 PIMS-DOC-A72-3 PIMS-DOC-A72-4 PIMS-DOC-A72-5 PIMS-DOC-A72-6 PIMS-DOC-A72-7 PIMS-FORM-A72-1 PIMS-FORM-A72-2 PIMS-FORM-A72-3 PIMS-FORM-A72-4 PIMS-FORM-A72-5 PIMS-FORM-A72-6 PIMS-FORM-A72-7 PIMS-FORM-A72-8 PIMS-FORM-A72-9
EXAMPLE Consent Request Form EXAMPLE Legitimate Interest Assessment Form EXAMPLE PII - Initial Questionnaire EXAMPLE PII Analysis Form EXAMPLE Privacy Impact Assessment PII Analysis Procedure Legitimate Interest Assessment Procedure PII Controller-Processor Agreement Policy PII Processor Assessment Procedure Letter to Processors Privacy Impact Assessment Process Privacy Impact Assessment Report Records of Processing Activities PII Analysis Form PIA Questionnaire PII - Initial Questionnaire Legitimate Interest Assessment Form Consent Request Form Contract Review Tool PII Processor Assessment Privacy Impact Assessment Tool
A73 Obligations to PII principals
None None None None None None None None None PIMS-DOC-A73-1 PIMS-DOC-A73-2 PIMS-DOC-A73-3 PIMS-DOC-A73-4 PIMS-DOC-A73-5 PIMS-FORM-A73-1 PIMS-FORM-A73-2 PIMS-FORM-A73-3 PIMS-FORM-A73-4 PIMS-FORM-A73-5 PIMS-FORM-A73-6
EXAMPLE PII Principal Request Form EXAMPLE Privacy Notice - CCTV EXAMPLE Privacy Notice - Employment EXAMPLE Privacy Notice - Newsletter Signup EXAMPLE Privacy Notice - Online Purchase EXAMPLE Privacy Notice - Website Enquiry EXAMPLE Privacy Notice Planning Form - Other Source EXAMPLE Privacy Notice Planning Form - PII Principal EXAMPLE Website Privacy Policy Privacy Notice Procedure Website Privacy Policy CCTV Policy PII Principal Request Procedure PII Principal Request Register Privacy Notice Planning Form - PII Principal Privacy Notice Planning Form - Other Source PII Principal Request Form PII Principal Request Rejection PII Principal Request Charge PII Principal Request Time Extension
A74 Privacy by design and privacy by default
PIMS-DOC-A74-1 PIMS-DOC-A74-2
Records Retention and Protection Policy Privacy and Data Protection Policy
Page 1 of 2
A75 PII sharing transfer and disclosure
None None PIMS-DOC-A75-1 PIMS-FORM-A75-1 PIMS-FORM-A75-2
EXAMPLE Records of PII Disclosures EXAMPLE Records of PII Transfers Procedure for International Transfers of PII Records of PII Disclosures Records of PII Transfers
PIMS-DOC-B82-1 PIMS-FORM-B82-1 PIMS-FORM-B82-2
PII Processor Policy Records of Processing Activities Processor Employee Confidentiality Agreement
10. ISO27701 Annex B controls for processors B82 Conditions for collection and processing
Requirements addressed in other folders
B83 Obligations to PII principals B84 Privacy by design and by default
PIMS-DOC-B84-1
Processor Security Controls
B85 PII sharing transfer and disclosure
PIMS-DOC-B85-1 PIMS-DOC-B85-2 PIMS-FORM-B85-1 PIMS-FORM-B85-2 PIMS-FORM-B85-3
Customer PII Transfer Policy PII Disclosure Procedure Records of Processor PII Transfers Records of Processor PII Disclosures Sub-Processor Agreement
Page 2 of 2