Category Archives: Cyber Law

ISO-6: Governance Structure

We are presenting a series of articles in this series to spread the awareness and understanding of ISO 27001, ISO 27701 and PDPCSI. ISO 27001 is a certifiable standard while ISO 27701 is a requirement which can be certified only … Continue reading

Posted in Cyber Law | Leave a comment

ISO-5: Classification of Assets

In the previous article we discussed the need for creating Asset Inventory as part of the Context setting. In the process, we identified four different aspects such as “Data Storage Points”, “Data Collection Points”, Data Processing Points” and “Data Disclosure … Continue reading

Posted in Cyber Law | Leave a comment

ISO-4: Understanding the Context

Before an organization sets about to establish an ISMS or an auditor starts an ISO 27001 audit, it is essential to understand and set the ‘Context’ in which the activity needs to be planned and implemented. By ‘Context’ we mean … Continue reading

Posted in Cyber Law | Leave a comment

ISO-3: Structure -10 clauses with 93 Controls

ISO 27001:2022 adopts a structure of presenting the requirements through the main document that consists of 10 clauses and the Annexe A which indicates 93 controls. In comparison, PDPSI adopts 12 Standards and 50 Model Implementation Specifications. The first three … Continue reading

Posted in Cyber Law | Leave a comment

ISO-2: 93 controls in Four categories

The Annex A of ISO 27001:2022 contains 93 controls in four categories. The Organizational Controls under A.5 has 37 sub Controls, People Controls under A.6 has 8 sub controls, Physical Controls under A.7 has 14 sub controls and Technology controls … Continue reading

Posted in Cyber Law | Leave a comment

ISO-1: The Scope of ISO 27001:2022

The scope of the ISO 27001:2022 standard is to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. (ISMS). The ISMS preserves the confidentiality, integrity and availability of information by applying a risk management process. … Continue reading

Posted in Cyber Law | Leave a comment