ISO/IEC 27701:2019. Privacy Information Management System from Udemy

This course details the requirements of ISO/IEC 27701:2019, the latest standard published by ISO (The International Organization for Standardization) to define controls for an organization that processes a Personally Identifiable Information (PII).

ISO/IEC 27701 is an extension for privacy of ISO/IEC 27001 (the Information Security Management System standard) and can be used by any organization regardless of its location and size, regardless if it acts as PII (Personally Identifiable Information) controller, PII processor or both.

Protecting privacy is a significant business concern. According to IBM the average cost of a data breach is USD 3.6 million, and legal obligations are increasingly stringent. As we get more connected, governments all over the world are introducing various privacy regulations, such as the European Union’s General Data Protection Regulation (GDPR). ISO/ For example Microsoft was an active member of the committee that developed ISO/IEC 27701.

The course includes 5 sections:

- the first one is the Introductory section where we discuss about general aspects, definitions, privacy principles, privacy actors, international standards for privacy or the relationship of ISO/IEC 27701:2019 with the GDPR;

- the second section is about the general management system requirements including Context of the organization, Leadership, Planning, Support, Operation, Performance evaluation and Improvement.

- the third section discusses the information security controls (114) from ISO/IEC 27001 with privacy additions, where they are present. The following sets of controls are included: Information security and privacy policies, Organization of information security and privacy, Human resources security, Asset management, Access control, Cryptography, Physical and environmental security, Operations security, Communications security, Systems acquisition, development and maintenance, Supplier relationships, Incident management, Information security and privacy aspects of business continuity and Compliance;

- the fourth section includes requirements and guidelines for organizations that act as PII controllers and

- section five is about requirements and guidelines for organizations that act as PII processors.

From this course you will get all the knowledge you need to understand what a Privacy Information Management System is.

You can use this information to:

- work as a privacy consultant;

- participate in management system audits;

- enhance an organization's information security management system to meet the additional requirements of ISO/IEC 27701;

- implement a Privacy Information Management System in a company;

... or you can just have a better understanding of what is ISO approach on processing personally identifiable information.

You will get from this course concise information that you can re-visit at any time since Udemy offers life-time access and as you complete the training you will obtain a certificate for completion, that can be useful to demonstrate your competence.

What's inside

Learning objectives

The requirements of iso/iec 27701:2019
The relationship between iso/iec 27701 and iso/iec 27001
What is a privacy information management system (pims)

A brief presentation of the information security controls in iso/iec 27001
What are the requirements for organizations acting as pii controllers and pii processors

The requirements of iso/iec 27701:2019
The relationship between iso/iec 27701 and iso/iec 27001
What is a privacy information management system (pims)
A brief presentation of the information security controls in iso/iec 27001
What are the requirements for organizations acting as pii controllers and pii processors

Syllabus

General aspects about the standard and the concept of privacy, including what represents Personally Identifiable Information (PII), PII controllers and processors, relation with the GDPR

Traffic lights

Read about what's good

what should give you pause

and possible dealbreakers

Details the requirements of ISO/IEC 27701:2019, which is the latest standard for defining controls for organizations processing Personally Identifiable Information (PII)

Explores the relationship between ISO/IEC 27701 and ISO/IEC 27001, which allows learners to understand how privacy controls integrate with information security management

Covers requirements for organizations acting as PII controllers and processors, which is essential for compliance with privacy regulations like GDPR

Examines the information security controls from ISO/IEC 27001 with privacy additions, which helps learners understand how to enhance existing systems

Requires familiarity with ISO/IEC 27001, which may necessitate additional training for learners without prior experience in information security management systems

Focuses on the 2019 version of ISO/IEC 27701, so learners should verify that this version is current and applicable to their specific needs and jurisdiction

Reviews summary

Comprehensive iso/iec 27701 standard overview

According to learners, this course provides a solid and clear overview of the ISO/IEC 27701:2019 standard, detailing its requirements and its relationship with ISO/IEC 27001 and GDPR. Students find it highly relevant for professional application, particularly for those involved in PIMS implementation, auditing, or consulting. While the course is praised for being concise and easy to follow, some reviewers note that it primarily serves as an introductory guide rather than a deep dive into complex practical scenarios. Overall, it is considered a valuable starting point for understanding the standard.

Course is to the point and time efficient.

"The course is concise and covers the essential aspects without unnecessary filler."

"I was able to complete it quickly and get the core knowledge I needed."

"Good for getting a focused understanding of the standard efficiently."

Shows relationship to related standards/regs.

"The section on the relationship between ISO 27701 and GDPR was particularly helpful."

"Understanding how it builds on ISO 27001 was crucial, and the course explained this well."

"I appreciated the clear connections drawn between the standard and major regulations like GDPR."

Helpful for PIMS implementation/auditing.

"Highly relevant for anyone working with privacy information management systems or aiming for PIMS certification."

"This information is extremely useful for my job in compliance and data protection."

"As a consultant, this course gave me the necessary foundation to discuss ISO 27701 with clients."

Explains standard requirements clearly.

"This course gives a good overview of ISO 27701 and how it extends ISO 27001."

"The content is well-structured and easy to understand, perfect for grasping the basics of the standard."

"I found the explanations of the ISO/IEC 27701 requirements very clear and concise."

Provides an overview, not deep expertise.

"It's a good starting point, but if you need a deep practical understanding, you'll need more resources."

"The course is relatively high-level; I would have liked more detailed implementation examples."

"While it covers the requirements, it doesn't delve into complex scenarios or real-world challenges."

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in ISO/IEC 27701:2019. Privacy Information Management System with these activities:

Review GDPR requirements

Show steps

Reinforce your understanding of GDPR, as ISO/IEC 27701 builds upon its principles.

Browse courses on GDPR Compliance

Show steps

Review the key articles and principles of GDPR.
Identify areas where GDPR and ISO/IEC 27701 overlap.

Develop a data flow diagram

Show steps

Visualize data flows within an organization to identify potential privacy risks and ensure compliance with ISO/IEC 27701.

Show steps

Identify the key data flows within an organization.
Map the flow of PII through the organization.
Identify potential privacy risks at each stage of the data flow.
Develop controls to mitigate the identified risks.

Read 'Privacy Engineering'

Show steps

Expand your understanding of privacy engineering principles, which are essential for implementing effective privacy controls.

View Putting Knowledge to Work on Amazon

Show steps

Read the book, focusing on chapters related to data flow and privacy enhancing technologies.
Relate the concepts in the book to the controls outlined in ISO/IEC 277001.

Four other activities

Expand to see all activities and additional details

Show all seven activities

Study 'The Privacy Engineer's Manifesto'

Show steps

Gain insights into the practical aspects of privacy engineering, which are essential for implementing effective privacy controls.

View The Privacy Engineer’s Companion on Amazon

Show steps

Read the book, focusing on the framework for privacy engineering.
Relate the concepts in the book to the controls outlined in ISO/IEC 27701.

Develop a PIMS implementation checklist

Show steps

Synthesize your learning by creating a checklist to guide the implementation of a Privacy Information Management System (PIMS).

Show steps

Review the requirements of ISO/IEC 27701.
Break down the requirements into actionable steps.
Organize the steps into a checklist format.
Include references to the relevant clauses in the standard.

Conduct a Privacy Impact Assessment (PIA)

Show steps

Apply your knowledge by conducting a PIA for a hypothetical or real-world scenario, solidifying your understanding of PII processing risks.

Show steps

Select a process that involves processing PII.
Identify the potential privacy risks associated with the process.
Develop mitigation strategies to address the identified risks.
Document the findings and recommendations in a PIA report.

Participate in a mock audit

Show steps

Practice your auditing skills by participating in a mock audit of a PIMS, reinforcing your understanding of the standard's requirements.

Show steps

Form a group with other students.
Select a scenario for the mock audit.
Assign roles (auditor, auditee).
Conduct the mock audit.
Provide feedback to each other.

Career center

Learners who complete ISO/IEC 27701:2019. Privacy Information Management System will develop knowledge and skills that may be useful to these careers:

Privacy Consultant

A Privacy Consultant advises organizations on how to manage and protect personal data, ensuring compliance with privacy laws and regulations. This course directly aligns with the consultant's responsibilities by providing a detailed understanding of the ISO/IEC 27701 standard, a key framework for establishing a Privacy Information Management System. The course explains the requirements for both PII controllers and processors, allowing the Privacy Consultant to tailor advice to specific organizational roles. The consultant will be able to guide organizations through implementing the standard, conducting audits, and enhancing their information security management system with privacy controls.

See salaries and explore the career path for Privacy Consultant

Data Protection Officer

The role of a Data Protection Officer is to ensure an organization's compliance with data protection laws, a responsibility directly supported by the content of this course. This course's detailed explanation of ISO/IEC 27701 provides the officer with a framework for implementing and managing a robust Privacy Information Management System. The officer will be equipped to understand the relationship with other standards like ISO/IEC 27001, as well as the requirements for both PII controllers and processors, and to implement relevant privacy controls. A Data Protection Officer would benefit from this course's coverage of privacy principles, risk assessment, and the practical implementation of data protection measures.

See salaries and explore the career path for Data Protection Officer

Privacy Program Manager

A Privacy Program Manager develops and oversees an organization’s privacy program. This course helps a privacy manager gain familiarity with the ISO/IEC 27701 framework as it provides the necessary knowledge to build a robust privacy program. The course covers all key elements of a Privacy Information Management System, including the relationship between privacy and information security, requirements for data controllers and processors, and the practical aspects of implementing security controls. A privacy program manager can use this information in the development of policies and procedures for their organization.

See salaries and explore the career path for Privacy Program Manager

Compliance Officer

A Compliance Officer ensures that an organization adheres to all relevant laws, regulations, and internal policies. This course on the ISO/IEC 27701 standard is useful to a compliance officer because it provides a detailed framework for managing privacy compliance. The course explains the requirements for PII controllers and processors, and the relationship of the standard with regulations such as GDPR. A Compliance Officer can use this knowledge to implement a Privacy Information Management System and to conduct audits. The course's coverage on subjects such as policy, risk assessment, and incident management is very relevant to a compliance role.

See salaries and explore the career path for Compliance Officer

Information Security Analyst

An Information Security Analyst protects an organization’s information assets. This course helps build a foundation in privacy management, which is a core component of information security that a security analyst should know. This course introduces privacy principles and explores how to implement privacy controls within the context of information security. An analyst will find the section on information security controls based on ISO/IEC 27001, with specific privacy additions, to be very useful. They will also be able to understand the requirements for PII controllers and processors, and how it fits into the organization's overall security posture.

See salaries and explore the career path for Information Security Analyst

Information Security Manager

An Information Security Manager oversees information security protocols for an organization. This course helps a manager understand how to integrate privacy into their existing information security systems. The course details the relationship between ISO/IEC 27701 and the ISO/IEC 27001 standard, and it explains how to add privacy controls. This course is particularly relevant because of its focus on the management system requirements, which includes leadership and planning, and the security controls from the ISO/IEC 27001 standard, with privacy additions. An Information Security Manager would find significant value in the course's discussion of controls related to policies, operations, and incident management.

See salaries and explore the career path for Information Security Manager

Internal Auditor

An Internal Auditor assesses an organization's internal controls. This course will be useful for those who wish to conduct audits of a Privacy Information Management System. The course explains the requirements of the ISO/IEC 27701 standard, as well as its relationship to ISO/IEC 27001. Internal auditors will find particularly valuable the sections that cover the general management system requirements and the security controls, along with the privacy additions, including policies, operations, and compliance. Those who study this course will be well-equipped to assess an organization's adherence to data protection practices.

See salaries and explore the career path for Internal Auditor

Risk Manager

A Risk Manager identifies and mitigates risks for an organization, a role that is significantly impacted by data privacy concerns. This course's coverage of ISO/IEC 27701 helps build a foundation for managing privacy risks. The course educates the risk manager on the requirements for PII controllers and processors, and their obligations to PII principals. The course helps implement the ISO standard for information security, allowing the risk manager to understand and manage the risks related to personally identifiable information. A Risk Manager can use the knowledge of the standards to guide their organization’s practices.

See salaries and explore the career path for Risk Manager

Chief Information Officer

A Chief Information Officer oversees an organization's information technology strategy. This course provides a strong understanding of the ISO/IEC 27701 standard. This course introduces the management system requirements and the security controls, with privacy additions, of the standard. A CIO will find the course helpful in understanding how to implement a Privacy Information Management System as part of an organization’s overall strategy. The material in this course provides a CIO with the knowledge to align information technology systems with privacy requirements.

See salaries and explore the career path for Chief Information Officer

IT Project Manager

An IT Project Manager oversees technology projects within an organization. This course may be useful in IT projects that involve handling personally identifiable information, as it provides a detailed understanding of the requirements of implementing a Privacy Information Management System based on the ISO/IEC 27701. An IT Project Manager may find sections of the course that address the management system requirements, the security controls, and the requirements for PII controllers and processors to be especially helpful. This understanding allows them to manage projects with privacy considerations in mind.

See salaries and explore the career path for IT Project Manager

System Administrator

A System Administrator manages an organization's IT infrastructure. System administrators who understand privacy related issues are invaluable since they handle information systems that may contain personally identifiable information. This course may be useful to a system administrator because it covers the security controls, and their privacy implications, that stem from the ISO/IEC 27001 standard. System administrators who complete this course would have additional insights into how they can support an organization’s privacy goals through the proper configuration and maintenance of systems.

See salaries and explore the career path for System Administrator

Software Developer

A Software Developer builds and maintains software applications. This course introduces the elements of privacy. Understanding how to treat personal data is an increasingly important skill for a software developer to possess. This course may be useful as it familiarizes developers with privacy principles, requirements for PII controllers and processors, and the security controls that impact software development. This course also touches upon privacy by design and privacy by default, which are essential concepts for developers. The course provides a comprehensive understanding of the key considerations developers should keep in mind.

See salaries and explore the career path for Software Developer

Business Analyst

A Business Analyst analyzes an organization's processes and data. This course may be useful for a business analyst because it covers the requirements an organization must meet when following the ISO/IEC 27701 standard. The course covers the relationship between privacy and information security. It introduces the general management system requirements of the standard, along with the requirements for PII controllers and processors. A business analyst may find this information useful when gathering business requirements that are related to personal data.

See salaries and explore the career path for Business Analyst

Legal Counsel

Legal Counsel provides legal advice and support to an organization. This course provides a detailed overview of the ISO/IEC 27701 standard. The course introduces the GDPR and its relationship to the ISO standard. The course explains the concepts and requirements that surround personally identifiable information and its processing. A legal counsel is likely to work closely with those who implement the standard, and this course may be useful for them as they guide and oversee their organization’s privacy-related efforts.

See salaries and explore the career path for Legal Counsel

Project Coordinator

A Project Coordinator supports project teams with administrative and organizational tasks. This course may be useful as it provides a foundation in the ISO/IEC 27701 standard. The course explains key privacy concepts, including PII controllers and processors, as well as the general requirements of the standard. It also covers the management system requirements, information security controls, and the specific obligations of organizations that handle personal data. This is useful knowledge as the coordinator provides support to projects that may involve personal data.

See salaries and explore the career path for Project Coordinator

ISO/IEC 27701

2019. Privacy Information Management System

What's inside

Learning objectives

Syllabus

Traffic lights

Save this course

Reviews summary

Comprehensive iso/iec 27701 standard overview

Activities

Career center

Reading list

Share

Similar courses