We’ve previously discussed the role of risk assessment as defined by the International Organization of Standardization (ISO) 31000, and generally speaking, we’ve found that risk management is a key practice to supporting security and compliance. To better support organizations approaching risk assessment, ISO published the supplementary document, ISO/IEC 31010, “Risk assessment technique.”

In this article, we’ll provide a brief overview of the processes and techniques advocated by this publication.

Read More

The Internet of Things (IoT) was seen as the next big thing for the consumer market. While the impact of IoT technology is still unfolding, there is no doubt that IoT devices have made a much bigger impact in the commercial space. IoT networks are changing how we handle major industrial processes, from healthcare to supply chain logistics and manufacturing. Accordingly, the ISO has put forth a document, ISO 30141, on best practices and characteristics of operational IoT systems. 

Read More

As previously discussed, ISO/IEC 27701 is a comprehensive international standard that provides specific privacy guidelines for organizations attempting to meet additional standards for handling PII in line with jurisdictions like GDPR. This document aligns ISO-compliant organizations with PII-focused standards by implementing Privacy Information Management Systems (PIMS).

So far, we’ve covered how ISO 27701 refines ISO 27001 and ISO 27002 guidelines to emphasize handling PII and those specific to data controllers. In this final blog post of our series, we will look closely at Section 8 of ISO 27701 and explore specific guidelines for processors handling PII.

Read More