Privacy Information Management System per ISO/IEC 27701 - Refinements in European context

This document specifies refinements for an application of ISO/IEC 27701 in a European context.
An organization can use this document for the implementation of the generic requirements and controls of ISO/IEC 27701 according to its context and its applicable obligations.
Certification bodies can use the specifications in this document as a basis for certification criteria verifying conformity to ISO/IEC 27701.
Certification criteria based on these specifications can provide a certification model under ISO/IEC 17065 for processing operations performed within the scope of a Privacy Information Management System according to ISO/IEC 27701, which can be combined with certification requirements for ISO/IEC 27701 under ISO/IEC 17021.
Accreditation bodies or regulatory authorities can use provisions in this document as criteria to establish certification mechanisms.

Datenschutz-Informationsmanagementsystem per ISO/IEC 27701 - Verfeinerungen im europäischen Kontext

Dieses Dokument legt Verfeinerungen für eine Anwendung von ENISO/IEC27701 in einem europäischen Kon
text fest.
Dieses Dokument ist für dieselben Entitäten wie in ISO/IEC27701 anwendbar: alle Arten und Größen von Organisationen, einschließlich öffentlicher und privater Unternehmen, öffentlicher Stellen und gemeinnützi
ger Organisationen, die verantwortliche Stellen und/oder Auftragsdatenverarbeiter im Rahmen eines ISMS (Informationssicherheitsmanagementsystem) sind.
Eine Organisation kann dieses Dokument für die Umsetzung der allgemeinen Anforderungen und Maßnahmen von ENISO/IEC27701 je nach ihrem Kontext und ihren geltenden Verpflichtungen verwenden.
Zertifizierungskriterien, die auf diesen Verfeinerungen basieren, können ein Zertifizierungsmodell nach ISO/IEC17065 für Verarbeitungsvorgänge bereitstellen, die im Rahmen eines Datenschutz- Informationsmanagementsystems nach ENISO/IEC27701 durchgeführt werden, das mit Zertifizie
rungsanforderungen für ENISO/IEC27701 nach ISO/IEC17021 kombiniert werden kann.

Système de management de la protection de la vie privée conformément à l'EN ISO/IEC 27701 - Affinements relatifs au contexte européen

Le présent document fournit les affinements relatifs à l'application de l'EN ISO/IEC 27701 dans un contexte européen.
Le présent document s'applique aux mêmes entités que l'ISO/IEC 27701, c'est-à-dire aux organisations de tous types et de toutes tailles, y compris les entreprises publiques et privées, les entités gouvernementales et les organisations à but non lucratif, qui sont des responsables de traitement de DCP et/ou des sous-traitants de DCP qui traitent les DCP à l'aide d'un SMSI.
Une organisation peut utiliser le présent document pour mettre en oeuvre les exigences et mesures de sécurité génériques de l'EN ISO/IEC 27701 conformément à son contexte et aux obligations qui lui incombent.
Les critères de certification basés sur ces affinements peuvent procurer un modèle de certification en vertu de l'ISO/IEC 17065 pour les opérations de traitement réalisées dans le domaine d'application d'un système de management de la protection de la vie privée conformément à l'EN ISO/IEC 27701, qui peut être combiné avec les exigences de certification relatives à l'EN ISO/IEC 27701 en vertu de l'ISO/IEC 17021.

Sistem upravljanja informacij o varstvu podatkov po ISO/IEC 27701 - Izboljšave v evropskem kontekstu

Ta dokument določa izboljšave za uporabo standarda ISO/IEC 27701 v evropskem kontekstu.
Organizacija lahko uporablja ta dokument za izvajanje splošnih zahtev in kontrol iz standarda ISO/IEC 27701 v skladu z njegovim okvirom in veljavnimi obveznostmi.
Certifikacijski organi lahko uporabljajo specifikacije iz tega dokumenta kot osnovo za merila certificiranja za preverjanje skladnosti s standardom ISO/IEC 27701.
Merila certificiranja, ki temeljijo na teh specifikacijah, lahko zagotavljajo model za certificiranje v skladu s standardom ISO/IEC 17065 za operacije obdelovanja, izvedenih v okviru sistema za upravljanje informacij o zasebnosti v skladu s standardom ISO/IEC 27701, ki jih je mogoče združiti s certifikacijskimi zahtevami za standard ISO/IEC 27701 v skladu s standardom ISO/IEC 17021.
Akreditacijski ali regulativni organi lahko uporabljajo določila iz tega dokumenta kot merila za vzpostavitev mehanizmov certificiranja.

General Information

Status
Published
Public Enquiry End Date
15-Jan-2023
Publication Date
11-Apr-2024
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
20-Mar-2024
Due Date
25-May-2024
Completion Date
12-Apr-2024

Buy Standard

Standard
EN 17926:2024
English language
37 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
Draft
prEN 17926:2023
English language
37 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN 17926:2024
01-maj-2024
Sistem upravljanja informacij o varstvu podatkov po ISO/IEC 27701 - Izboljšave v
evropskem kontekstu
Privacy Information Management System per ISO/IEC 27701 - Refinements in European
context
Datenschutz-Informationsmanagementsystem per ISO/IEC 27701 - Verfeinerungen im
europäischen Kontext
Système de management de la protection de la vie privée conformément à l'EN ISO/IEC
27701 - Affinements relatifs au contexte européen
Ta slovenski standard je istoveten z: EN 17926:2023
ICS:
35.030 Informacijska varnost IT Security
SIST EN 17926:2024 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN 17926:2024

---------------------- Page: 2 ----------------------
SIST EN 17926:2024


EUROPEAN STANDARD EN 17926

NORME EUROPÉENNE

EUROPÄISCHE NORM
November 2023
ICS 35.030

English version

Privacy Information Management System per ISO/IEC
27701 - Refinements in European context
Système de management de la protection de la vie Datenschutz-Informationsmanagementsystem per
privée conformément à l'EN ISO/IEC 27701 - ISO/IEC 27701 - Konkretisierungen im europäischen
Affinements relatifs au contexte européen Kontext
This European Standard was approved by CEN on 13 April 2023.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for
giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.






















CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2023 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. EN 17926:2023 E
reserved worldwide for CEN national Members and for
CENELEC Members.

---------------------- Page: 3 ----------------------
SIST EN 17926:2024
EN 17926:2023 (E)
Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms and definitions . 5
4 Structure of this document . 5
5 Privacy information management system for PII processing operations . 6
6 Requirement for PII processing operations . 6
Annex A (normative) Information security and privacy controls . 7
Annex B (normative) PIMS-specific reference control objectives and controls (PII Controllers) 19
Annex C (normative) PIMS-specific reference control objectives and controls (PII Processors) .26
Annex D (informative) Model for combination of management system certification governed by
certification requirements in ISO/IEC 17021 with a non-tangible product-based certification
governed by certification requirements in ISO/IEC 17065 .29
Annex E (informative) Relationship between this European Standard and the General Data
Protection Regulation .
...

SLOVENSKI STANDARD
oSIST prEN 17926:2023
01-januar-2023
Sistem upravljanja informacij o varstvu podatkov po ISO/IEC 27701 - Izboljšave v
evropskem kontekstu
Privacy Information Management System per ISO/IEC 27701 - Refinements in European
context
Datenschutz-Informationsmanagementsystem per ISO/IEC 27701 - Verfeinerungen im
europäischen Kontext
Ta slovenski standard je istoveten z: prEN 17926
ICS:
35.030 Informacijska varnost IT Security
oSIST prEN 17926:2023 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN 17926:2023

---------------------- Page: 2 ----------------------
oSIST prEN 17926:2023


EUROPEAN STANDARD DRAFT
prEN 17926
NORME EUROPÉENNE

EUROPÄISCHE NORM

November 2022
ICS

English version

Privacy Information Management System per ISO/IEC
27701 - Refinements in European context
 Datenschutz-Informationsmanagementsystem per
ISO/IEC 27701 - Verfeinerungen im europäischen
Kontext
This draft European Standard is submitted to CEN members for enquiry. It has been drawn up by the Technical Committee
CEN/CLC/JTC 13.

If this draft becomes a European Standard, CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal
Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any
alteration.

This draft European Standard was established by CEN and CENELEC in three official versions (English, French, German). A
version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language
and notified to the CEN-CENELEC Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.Recipients of this draft are invited to submit, with their comments, notification
of any relevant patent rights of which they are aware and to provide supporting documentation.

Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without
notice and shall not be referred to as a European Standard.

---------------------- Page: 3 ----------------------
oSIST prEN 17926:2023

---------------------- Page: 4 ----------------------
oSIST prEN 17926:2023
prEN 17926:2022 (E)
Contents Page
European foreword . 2
Introduction . 3
1 Scope . 4
2 Normative references . 4
3 Terms and definitions . 4
4 Structure of this document . 4
5 Privacy information management system for PII processing operations . 5
6 Requirement for PII processing operations . 5
Annex A (normative) Information security and privacy controls . 6
Annex B (normative) PIMS-specific reference control objectives and controls (PII Controllers) 18
Annex C (normative) PIMS-specific reference control objectives and controls (PII Processors) 25
Annex D (informative) Model for combination of management system certification governed by
certification requirements in ISO/IEC 17021 with a non-tangible product-based certification
governed by certification requirements in ISO/IEC 17065 . 28
Annex E (informative) Relationship between this European Standard and the Genera
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.