The Inner Circle

 View Only

ISO/IEC 27557:2022 Information security, cybersecurity and privacy protection - Application of ISO 31000:2018 for organizational privacy risk management

  • 1.  ISO/IEC 27557:2022 Information security, cybersecurity and privacy protection - Application of ISO 31000:2018 for organizational privacy risk management

    Posted Nov 11, 2022 03:03:00 PM
    Hi All,

    ISO/IEC just published ISO/IEC 27557:2022 Information security, cybersecurity, and privacy protection - Application of ISO 31000:2018 for organizational privacy risk management

    This document provides guidelines for organizational privacy risk management, extended from ISO 31000:2018.

    This document guides organizations in integrating risks related to the processing of personally identifiable information (PII) as part of an organizational privacy risk management program. It distinguishes between the impact that processing PII can have on an individual with consequences for organizations (e.g., reputational damage). It also guides incorporating the following into the overall organizational risk assessment:

    - organizational consequences of adverse privacy impacts on individuals; and

    - organizational consequences of privacy events that damage the organization (e.g., by harming its reputation) without causing any adverse privacy impacts to individuals.

    This document assists in the implementation of a risk-based privacy program that can be integrated into the overall risk management of the organization.

    This document applies to all types and sizes of organizations processing PII or developing products and services that can be used to process PII, including public and private companies, government entities, and non-profit organizations.

    This standard can be previewed here: https://www.iso.org/obp/ui/#iso:std:iso-iec:27557:ed-1:v1:en

    This standard can be purchased here: https://www.iso.org/standard/71675.html




    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------