SlideShare una empresa de Scribd logo

Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly

E
Events2018

How ISO 27001 can assist with your GDPR compliance

Empresariales
1 de 20
Descargar para leer sin conexión
How ISO 27001 can assist with your GDPR compliance GDPR Summit May 30th 2018 Sharon O’ Reilly IT Governance Ltd www.itgovernance.co.uk
Introduction: Speaker Background – GRC/GDPR Consultant Ireland – IT Governance – Certified Data Protection Practitioner and Practitioner Course Trainer – Certified Trainer: Data Protection, Information Security, Management Systems – Certified ISO 27001 Lead Auditor and Lead Implementer – 16Years experience as a consultant to Irish Industry – Specialising in ISO 27001, Data Protection ,PCI DSS consultancy – Have consulted to organisations across multiple sectors – Experienced auditor and compliance systems implementer and contract manager – Engaged by clients to audit key suppliers and act as lead for external certification and client audits – BSc and MSc Analytical Science – 10 Years experience in the pharmaceutical regulatory and compliance areas 2 © IT Governance Ltd 2018
Overview Overview The GDPR is with us as of Friday 25th May but it is widely acknowledged that there is much still to be done to achieve compliance. The purpose of this presentation is to explain clearly and simply how ISO 27001 can help you in your quest to achieve and maintain GDPR compliance. 3 © IT Governance Ltd 2018
Overview GDPR: EU General Data Protection Regulation. This Regulation needs to be considered alongside the new Irish Data Protection Act which was signed into law on Thursday 24th May 2018. ISO 27001:2013: Information Security Management Systems Standard (current version issued in 2013) and is the international gold standard in the information security management sphere. 4 © IT Governance Ltd 2018
Overview But what has ISO 27001 got to do with GDPR compliance???? Quite a lot actually…….. 5 © IT Governance Ltd 2018
GOOD NEWS!! Many organisations have been struggling with their GDPR compliance programmes……why is there no standard we can use??? There is…..ISO 27001 is all about creating robust and practical information security management systems and creating a culture of security. While this does not cover all aspects of GDPR compliance it does cover many key areas. 6 © IT Governance Ltd 2018
Overview GDPR compliance is a legal necessity. Information Security Management is a business essential. Put them together and you have a very valuable framework which will allow you to manage GDPR compliance going forward and maintain best practise in information security. 7 © IT Governance Ltd 2018
Overview 8 © IT Governance Ltd 2018 GDPR ISO 27001Robust and sustainable data governance framework
ISO 27001 and GDPR 9 KEY REQUIREMENTS GDPR ISO 27001 Risk-based approach Systematic approach to information security Data Processing Principles 4 - 6 Accountability Security of Processing Continual Improvement à à à à à à à à à à à é IT Governance Ltd 2018
RISK-BASED APPROACH The GDPR requires organisations to adopt appropriate policies, procedures and processes to protect the personal data they hold. This involves taking a risk-based approach to data protection and building a workplace culture of data privacy and security. 10 © IT Governance Ltd 2018
SYSTEMATIC APPROACH TO INFORMATION SECURITY ISO 27001 provides exactly that – a systematic approach to information security management with mandatory systems or processes which “manage/control the controls”. It is a management systems standard. 11 © IT Governance Ltd 2018
GDPR PRINCIPLES OF PROCESSING 12 • Processed lawfully, fairly and in a transparent manner 1 • Collected for specified, explicit and legitimate purposes 2 • Adequate, relevant and limited to what is necessary 3 • Accurate and, where necessary, kept up to date (ISO 27001) 4 • Retained only for as long as necessary (ISO 27001) 5 • Processed in an appropriate manner to maintain security (ISO 27001) 6 Accountability © IT Governance Ltd 2018
ACCOUNTABILITY The (GDPR) introduces a new principle- that of accountability. The GDPR requires that your organisation can demonstrate compliance with all the principles. So, your organisation needs to build such a culture and to be able to demonstrate accountability 13 © IT Governance Ltd 2018
ACCOUNTABILITY An ISMS (Information Security Management System) produces records to demonstrate that it is working correctly = Accountability 14 © IT Governance Ltd 2018
SECURITY OF PROCESSING Article 32 of the GDPR says that technical and organisational measures must be taken to “ensure a level of security appropriate to the risk”. ISO 27001 mandates risk management to identify such measures and Annex A identifies specific control measures. 15 © IT Governance Ltd 2018
CONTINUAL IMPROVEMENT The GDPR refers to “regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing” (Article 32). 16 © IT Governance Ltd 2018
CONTINUAL IMPROVEMENT An ISO 27001-aligned ISMS provides measures to “continually improve the suitability, adequacy and effectiveness of the ISMS. Applying this approach to continual improvement also supports compliance with the GDPR. 17 © IT Governance Ltd 2018
More good news…..added extras Using ISO 27001 as a framework for managing GDPR compliance not only makes GDPR compliance simpler both at the implementation phase and on a continuous and sustainable basis but also gives us many more extra benefits……. 18 © IT Governance Ltd 2018
More good news…..added extras - Protection of all information – not just personal data - Assurance to the outside world – “we take security seriously” - Reduced reputational risks – “bad headline avoidance” 19 © IT Governance Ltd 2018
Conclusion Thank You 20 © IT Governance Ltd 2018

Recomendados

NQA ISO 27701:2019 - PIM
NQA ISO 27701:2019 - PIMNQA ISO 27701:2019 - PIM
NQA ISO 27701:2019 - PIM
NA Putra
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
NA Putra
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex A
NA Putra
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice?
Patten John
 
GDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantGDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliant
Ilesh Dattani
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001
NQA
 
GDPR vs ISO27001 en
GDPR vs ISO27001 enGDPR vs ISO27001 en
GDPR vs ISO27001 en
Walter Vannini
 
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
PECB
 

Recomendados

NQA ISO 27701:2019 - PIM
NQA ISO 27701:2019 - PIMNQA ISO 27701:2019 - PIM
NQA ISO 27701:2019 - PIM
NA Putra
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
NA Putra
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex A
NA Putra
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice?
Patten John
 
GDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantGDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliant
Ilesh Dattani
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001
NQA
 
GDPR vs ISO27001 en
GDPR vs ISO27001 enGDPR vs ISO27001 en
GDPR vs ISO27001 en
Walter Vannini
 
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
PECB
 
ISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access PassISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access Pass
A-lign
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
NQA
 
27001 2015(+a1)
27001 2015(+a1)27001 2015(+a1)
27001 2015(+a1)
Carlos Ayil
 
NQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA Your Risk Assurance Partner
NQA Your Risk Assurance Partner
NQA
 
we45 ISO-27001 Case Study
we45 ISO-27001 Case Studywe45 ISO-27001 Case Study
we45 ISO-27001 Case Study
we45
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
It security iso 27001
It security iso 27001It security iso 27001
It security iso 27001
Iris Maaß
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
Vigilant Software
 
Iso 27001 certification body in singapore
Iso 27001 certification body in singaporeIso 27001 certification body in singapore
Iso 27001 certification body in singapore
iassingapore
 
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
himalya sharma
 
Iso 27001 10_apr_2006
Iso 27001 10_apr_2006Iso 27001 10_apr_2006
Iso 27001 10_apr_2006
Khawar Nehal khawar.nehal@atrc.net.pk
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
PECB
 
ISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guideISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guide
Verde Ventures Pvt. Ltd.
 
Mr. ahmed obaid the ceo guide to implement iso 27001
Mr. ahmed obaid the ceo guide to implement iso 27001Mr. ahmed obaid the ceo guide to implement iso 27001
Mr. ahmed obaid the ceo guide to implement iso 27001
qualitysummit
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementation
himalya sharma
 
ISO 27001 Checklist - ISMS Scope - Clause 4.3 - 38 checklist Questions
ISO 27001 Checklist - ISMS Scope - Clause 4.3 - 38 checklist QuestionsISO 27001 Checklist - ISMS Scope - Clause 4.3 - 38 checklist Questions
ISO 27001 Checklist - ISMS Scope - Clause 4.3 - 38 checklist Questions
himalya sharma
 
Guide on ISO 27001 Controls
Guide on ISO 27001 ControlsGuide on ISO 27001 Controls
Guide on ISO 27001 Controls
VISTA InfoSec
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx
jesusamckone
 
2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx
RAJU852744
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 

Más contenido relacionado

La actualidad más candente

NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
NQA
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
PECB
 
Mr. ahmed obaid the ceo guide to implement iso 27001
Mr. ahmed obaid the ceo guide to implement iso 27001Mr. ahmed obaid the ceo guide to implement iso 27001
Mr. ahmed obaid the ceo guide to implement iso 27001
qualitysummit
 

La actualidad más candente (19)

ISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access PassISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access Pass
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
 
27001 2015(+a1)
27001 2015(+a1)27001 2015(+a1)
27001 2015(+a1)
 
NQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA Your Risk Assurance Partner
NQA Your Risk Assurance Partner
 
we45 ISO-27001 Case Study
we45 ISO-27001 Case Studywe45 ISO-27001 Case Study
we45 ISO-27001 Case Study
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
It security iso 27001
It security iso 27001It security iso 27001
It security iso 27001
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
Iso 27001 certification body in singapore
Iso 27001 certification body in singaporeIso 27001 certification body in singapore
Iso 27001 certification body in singapore
 
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
 
Iso 27001 10_apr_2006
Iso 27001 10_apr_2006Iso 27001 10_apr_2006
Iso 27001 10_apr_2006
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
 
ISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guideISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guide
 
Mr. ahmed obaid the ceo guide to implement iso 27001
Mr. ahmed obaid the ceo guide to implement iso 27001Mr. ahmed obaid the ceo guide to implement iso 27001
Mr. ahmed obaid the ceo guide to implement iso 27001
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementation
 
ISO 27001 Checklist - ISMS Scope - Clause 4.3 - 38 checklist Questions
ISO 27001 Checklist - ISMS Scope - Clause 4.3 - 38 checklist QuestionsISO 27001 Checklist - ISMS Scope - Clause 4.3 - 38 checklist Questions
ISO 27001 Checklist - ISMS Scope - Clause 4.3 - 38 checklist Questions
 
Guide on ISO 27001 Controls
Guide on ISO 27001 ControlsGuide on ISO 27001 Controls
Guide on ISO 27001 Controls
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 

Similar a Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly

2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx
jesusamckone
 
2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx
RAJU852744
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
toncik
 
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
ekyklos Κύκλος Ιδεών για τη Εθνική Ανασυγκρότηση
 
GDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementationGDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementation
FERMA
 

Similar a Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly (20)

2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx
 
2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Data Protection and Data Privacy
Data Protection and Data PrivacyData Protection and Data Privacy
Data Protection and Data Privacy
 
Security, GDRP, and IT outsourcing: How to get it right
Security, GDRP, and IT outsourcing: How to get it rightSecurity, GDRP, and IT outsourcing: How to get it right
Security, GDRP, and IT outsourcing: How to get it right
 
CV jagroop jagpal
CV jagroop jagpalCV jagroop jagpal
CV jagroop jagpal
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
 
General Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) ComplianceGeneral Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) Compliance
 
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
Solution Brief: Helping prepare for risk & compliance challenges for GDPR
Solution Brief: Helping prepare for risk & compliance challenges for GDPRSolution Brief: Helping prepare for risk & compliance challenges for GDPR
Solution Brief: Helping prepare for risk & compliance challenges for GDPR
 
Cv jagroop jagpal
Cv jagroop jagpalCv jagroop jagpal
Cv jagroop jagpal
 
GDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementationGDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementation
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information security
 
ISO 27002 2013 Atualizações / mudanças
ISO 27002 2013 Atualizações / mudanças ISO 27002 2013 Atualizações / mudanças
ISO 27002 2013 Atualizações / mudanças
 
Satori GDPR Overview 2018
Satori GDPR Overview 2018Satori GDPR Overview 2018
Satori GDPR Overview 2018
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO Standards
 

Último

GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
pujan9679
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
pr788182
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
Roofing Contractor
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
ZurliaSoop
 
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowPARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 

Último (20)

GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck Template
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
 
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTSJAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
 
Buy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail AccountsBuy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail Accounts
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
 
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowPARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 Updated
 

Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly

  • 1. How ISO 27001 can assist with your GDPR compliance GDPR Summit May 30th 2018 Sharon O’ Reilly IT Governance Ltd www.itgovernance.co.uk
  • 2. Introduction: Speaker Background – GRC/GDPR Consultant Ireland – IT Governance – Certified Data Protection Practitioner and Practitioner Course Trainer – Certified Trainer: Data Protection, Information Security, Management Systems – Certified ISO 27001 Lead Auditor and Lead Implementer – 16Years experience as a consultant to Irish Industry – Specialising in ISO 27001, Data Protection ,PCI DSS consultancy – Have consulted to organisations across multiple sectors – Experienced auditor and compliance systems implementer and contract manager – Engaged by clients to audit key suppliers and act as lead for external certification and client audits – BSc and MSc Analytical Science – 10 Years experience in the pharmaceutical regulatory and compliance areas 2 © IT Governance Ltd 2018
  • 3. Overview Overview The GDPR is with us as of Friday 25th May but it is widely acknowledged that there is much still to be done to achieve compliance. The purpose of this presentation is to explain clearly and simply how ISO 27001 can help you in your quest to achieve and maintain GDPR compliance. 3 © IT Governance Ltd 2018
  • 4. Overview GDPR: EU General Data Protection Regulation. This Regulation needs to be considered alongside the new Irish Data Protection Act which was signed into law on Thursday 24th May 2018. ISO 27001:2013: Information Security Management Systems Standard (current version issued in 2013) and is the international gold standard in the information security management sphere. 4 © IT Governance Ltd 2018
  • 5. Overview But what has ISO 27001 got to do with GDPR compliance???? Quite a lot actually…….. 5 © IT Governance Ltd 2018
  • 6. GOOD NEWS!! Many organisations have been struggling with their GDPR compliance programmes……why is there no standard we can use??? There is…..ISO 27001 is all about creating robust and practical information security management systems and creating a culture of security. While this does not cover all aspects of GDPR compliance it does cover many key areas. 6 © IT Governance Ltd 2018
  • 7. Overview GDPR compliance is a legal necessity. Information Security Management is a business essential. Put them together and you have a very valuable framework which will allow you to manage GDPR compliance going forward and maintain best practise in information security. 7 © IT Governance Ltd 2018
  • 8. Overview 8 © IT Governance Ltd 2018 GDPR ISO 27001Robust and sustainable data governance framework
  • 9. ISO 27001 and GDPR 9 KEY REQUIREMENTS GDPR ISO 27001 Risk-based approach Systematic approach to information security Data Processing Principles 4 - 6 Accountability Security of Processing Continual Improvement √ √ √ √ √ √ √ √ √ √ √ √© IT Governance Ltd 2018
  • 10. RISK-BASED APPROACH The GDPR requires organisations to adopt appropriate policies, procedures and processes to protect the personal data they hold. This involves taking a risk-based approach to data protection and building a workplace culture of data privacy and security. 10 © IT Governance Ltd 2018
  • 11. SYSTEMATIC APPROACH TO INFORMATION SECURITY ISO 27001 provides exactly that – a systematic approach to information security management with mandatory systems or processes which “manage/control the controls”. It is a management systems standard. 11 © IT Governance Ltd 2018
  • 12. GDPR PRINCIPLES OF PROCESSING 12 • Processed lawfully, fairly and in a transparent manner 1 • Collected for specified, explicit and legitimate purposes 2 • Adequate, relevant and limited to what is necessary 3 • Accurate and, where necessary, kept up to date (ISO 27001) 4 • Retained only for as long as necessary (ISO 27001) 5 • Processed in an appropriate manner to maintain security (ISO 27001) 6 Accountability © IT Governance Ltd 2018
  • 13. ACCOUNTABILITY The (GDPR) introduces a new principle- that of accountability. The GDPR requires that your organisation can demonstrate compliance with all the principles. So, your organisation needs to build such a culture and to be able to demonstrate accountability 13 © IT Governance Ltd 2018
  • 14. ACCOUNTABILITY An ISMS (Information Security Management System) produces records to demonstrate that it is working correctly = Accountability 14 © IT Governance Ltd 2018
  • 15. SECURITY OF PROCESSING Article 32 of the GDPR says that technical and organisational measures must be taken to “ensure a level of security appropriate to the risk”. ISO 27001 mandates risk management to identify such measures and Annex A identifies specific control measures. 15 © IT Governance Ltd 2018
  • 16. CONTINUAL IMPROVEMENT The GDPR refers to “regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing” (Article 32). 16 © IT Governance Ltd 2018
  • 17. CONTINUAL IMPROVEMENT An ISO 27001-aligned ISMS provides measures to “continually improve the suitability, adequacy and effectiveness of the ISMS. Applying this approach to continual improvement also supports compliance with the GDPR. 17 © IT Governance Ltd 2018
  • 18. More good news…..added extras Using ISO 27001 as a framework for managing GDPR compliance not only makes GDPR compliance simpler both at the implementation phase and on a continuous and sustainable basis but also gives us many more extra benefits……. 18 © IT Governance Ltd 2018
  • 19. More good news…..added extras - Protection of all information – not just personal data - Assurance to the outside world – “we take security seriously” - Reduced reputational risks – “bad headline avoidance” 19 © IT Governance Ltd 2018
  • 20. Conclusion Thank You 20 © IT Governance Ltd 2018