Monthly Archives: July 2023

We are presenting a series of articles in this series to spread the awareness and understanding of ISO 27001, ISO 27701 and PDPCSI. ISO 27001 is a certifiable standard while ISO 27701 is a requirement which can be certified only … Continue reading →

In the previous article we discussed the need for creating Asset Inventory as part of the Context setting. In the process, we identified four different aspects such as “Data Storage Points”, “Data Collection Points”, Data Processing Points” and “Data Disclosure … Continue reading →

Before an organization sets about to establish an ISMS or an auditor starts an ISO 27001 audit, it is essential to understand and set the ‘Context’ in which the activity needs to be planned and implemented. By ‘Context’ we mean … Continue reading →

ISO 27001:2022 adopts a structure of presenting the requirements through the main document that consists of 10 clauses and the Annexe A which indicates 93 controls. In comparison, PDPSI adopts 12 Standards and 50 Model Implementation Specifications. The first three … Continue reading →

The Annex A of ISO 27001:2022 contains 93 controls in four categories. The Organizational Controls under A.5 has 37 sub Controls, People Controls under A.6 has 8 sub controls, Physical Controls under A.7 has 14 sub controls and Technology controls … Continue reading →

The scope of the ISO 27001:2022 standard is to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. (ISMS). The ISMS preserves the confidentiality, integrity and availability of information by applying a risk management process. … Continue reading →