What is ISO 27552?
The new ISO 27552 standard is an extension to ISO 27001/02, and expands the mandatory clauses and controls (4 to 10), to encompass privacy requirements. This will continue to drive organisations to have Data Privacy by design and default, within their Information Security Management System (ISMS).
The new standard will specify a Privacy Information Management System (PIMS) based on ISO/IEC 27001, 27002 and 29100 (privacy framework). It will apply to both controllers and processors of Personally Identifiable Information (PII), who will see new specific guidance, and have obligations to meet.
Adopting this new standard will strengthen and enhance all Data Protection and GDPR policies and procedures, which organisations have in place.
When is it coming?
By the end of 2018, or more likely Q1 2019, the ISO/IEC JTC1/SC 27 working group, expect to publish this new standard for PIMS (Personal Information Management System).
Who does it affect?
All organisations who are certified or compliant to ISO 27001/2, will want to adopt this new standard, ISO 27552. Organisations who want to be certified in ISO 27552 will need to be certified to ISO 27001, as a prerequisite. Advent IM can help your organisation implement the standard or to get certified.