What is ISO 27552?
The new ISO 27552 standard is an extension to ISO 27001/02, and expands the mandatory clauses and controls (4 to 10), to encompass privacy requirements. This will continue to drive organisations to have Data Privacy by design and default, within their Information Security Management System (ISMS).
The new standard will specify a Privacy Information Management System (PIMS) based on ISO/IEC 27001, 27002 and 29100 (privacy framework). It will apply to both controllers and processors of Personally Identifiable Information (PII), who will see new specific guidance, and have obligations to meet.
Adopting this new standard will strengthen and enhance all Data Protection and GDPR policies and procedures, which organisations have in place. It will also bring many potential benefits for PII Controllers and PII Processors.
When is it coming?
The draft of the standard is now available and in it s current form will expire at the end of February 2019. The official release was expected by the end of 2018, but will now be later in 2019, the ISO/IEC JTC1/SC 27 working group, expect to publish this new standard for PIMS (Personal Information Management System). Bookmark this page for updates.
Who does it affect?
All organisations who are certified or compliant to ISO 27001/2, will want to adopt this new standard, ISO 27552. Organisations who want to be certified in ISO 27552 will need to be certified to ISO 27001, as a prerequisite. Advent IM can help your organisation implement the standard or to get certified