Post by account_disabled on Mar 10, 2024 3:57:25 GMT -6
The iso 27001 standard is a standard generated by the international organization for standardization (iso) that describes the correct way to manage information security within a company. This is the main security standard -at a global level- for the management of information. Its central axis is the information security management system (isms), for which "All employees of the organization must contribute to the establishment of the standard", as summarized by isotools . Understanding that it is practically impossible to guarantee total information security, the iso 27001 standard aims to ensure that organizations are aware of the risks associated with information management, assuming them, minimizing them and managing them through a documented, systematic, structured, efficient, repeatable process. And adaptable to possible changes that risks, the environment and technology may present. To obtain an iso 27001 certification, the company must comply with certain steps: previous stage. Here, companies must implement 14 basic steps to begin their process towards certification.
Among the main ones are the use of a project management methodology, having the support of all management in the implementation process, defining the scope of the security system, determining a risk assessment policy, implementation of controls Germany Mobile Number List and measures correctives. Review audit. External personnel will review that the above is fulfilled to proceed with the certification process. Main audit. Here, a group of auditors will verify that the above measures meet their objectives. If everything is in order, the company can be certified. Periodic reviews. Once the certification is approved, the organization monitors said company for 3 years to ensure that it complies with data protection efforts. 2. Iso 27701 the iso 27701 standard is a security standard that arises from the publication of the general data protection regulation (rgpd or gdpr in english) in 2018, and which proposes to implement an information privacy management system (sgpi) for the application of policies and controls that protect the company's personal data, either from the point of view of the personal data controller (data controller) or the personal data processor (data processor).
When we talk about data controller, we refer to that natural or legal person, public or private, who decides aspects of the processing of personal data such as the purpose and use of the data or conservation periods; being also the person to whom the interested party who intends to exercise any of their rights in terms of data protection must go. On the other hand, when we talk about data processor we are referring to that service provider who, hired by the data controller, must access personal data that is the responsibility of the data controller. In fact, simply accessing or viewing data already implies “processing” as, for example, in the case of providers that provide maintenance or it support services. Although they do not have to manipulate personal data to provide the service, they are considered data processors. This standard contemplates 31 controls within annex a - data controller and 18 controls in annex b - data processor, including security in the storage, transfer and requests for rectification, access, cancellation and opposition to the use of personal data. 3. Iso 27017 iso 27017 is a security standard that provides controls for both customers and cloud service providers. Its importance lies in the precision with which it establishes relationships between clients and cloud service providers, determining what the client can demand and what information the provider must provide. Compliance with this guide allows us to strengthen cybersecurity and the management of the service regarding architecture, security measures, available functionalities, encryption technology and geographical location of data.