ISO/IEC 27701, adopted in 2019, added a requirement additional to ISO/IEC 27001, section 4.2.
Here is the relevant paragraph to article 31 GDPR:
5.2.2 Understanding the needs and expectations of interested parties
The organization shall include among its interested parties (see ISO/IEC 27001:2013, 4.2), those parties having interests or responsibilities associated with the processing of PII, including the PII principals.
ISO/IEC 27701, adopted in 2019, added a requirement additional to ISO/IEC 27001, section 4.2.
Here is the relevant paragraph to article 31 GDPR:
5.2.2 Understanding the needs and expectations of interested parties
The organization shall include among its interested parties (see ISO/IEC 27001:2013, 4.2), those parties having interests or responsibilities associated with the processing of PII, including the PII principals.
[…]
Sign in
to read the full text