Author Archives: Vijayashankar Na
ISO-8: ISO 27701
ISO 27701 was published on August 6, 2019 as an extension of ISO 27001:2013. It was a framework for management of Privacy of Personal data and included requirements for Privacy Risk Assessment, Privacy Impact Assessment, Data Protection Impact assessment and … Continue reading
MOVEit vulnerability exploited.. Where was DPIA?
A Russian ransomware gang CLOp has reportedly been exploiting a zero day vulnerability in a secure file transfer software called MOVEit and has reportedly affected hundreds of businesses in UK and USA. Moveit is a managed file transfer software product … Continue reading
ISO-7: Planning, Implementing, evaluation and Review
In the series of articles so far, we have discussed the Scope of ISMS under ISO 27001 as well as the Leadership requirements and some aspects of Planning. In this article let us list out all the requirements specified under … Continue reading
ISO-6: Governance Structure
We are presenting a series of articles in this series to spread the awareness and understanding of ISO 27001, ISO 27701 and PDPCSI. ISO 27001 is a certifiable standard while ISO 27701 is a requirement which can be certified only … Continue reading
ISO-5: Classification of Assets
In the previous article we discussed the need for creating Asset Inventory as part of the Context setting. In the process, we identified four different aspects such as “Data Storage Points”, “Data Collection Points”, Data Processing Points” and “Data Disclosure … Continue reading
ISO-4: Understanding the Context
Before an organization sets about to establish an ISMS or an auditor starts an ISO 27001 audit, it is essential to understand and set the ‘Context’ in which the activity needs to be planned and implemented. By ‘Context’ we mean … Continue reading