27001: versus 27701 – cross-reference and you are (should already have been) done

I take it you all have noticed the issuance of ISO 27701:2019 (here), a.k.a. ISO/IEC 27552 in development..?

Apart from the odd fact that it refers to the 001 and 002 in their :2013 original, but not include the :2014 and :2015 formally ratified updates to the 001. [Rightfully skipping the :2017 since that’s a local variant.]
And apart from the fact that it should mostly be a mapping exercise when (sic; not if) one would have been decently GDPR-compliant per May 25th of last year but then, I know I know, you’re still trying to piece together your 2700x:201y compliance basics like having a ‘register’ [only dunces have a legal-style ‘register’, separate from the IT architectures that should have been around at all Levels as they would be a. a basic requirement for any half+ baked Information/IT management, b. compliance requirement for 2700x/x+1 anyway or how else would you know what you were/are protecting in the first place?

Really. In all the GDPR implementations that I advised/consulted/implemented on (some #36), I seem to have been compliant avant les lettres des exigences et lignes directrices. Apparently, a standard was required. To be compliant with.
If you need a standard to be(come) compliant with an EU rule ‘of law’ [Regulation; note the difference?], you have better things to do, like a study program on Security 101 or rather 0.01 – if you have demonstrated (by wanting to go where apparently you weren’t, only now) such incompetence, at the very least you may want to consider to be released of your duties immediately, with discharge of past ‘performance’, to free up all of your time to get a grip on such basics.
Oh and one could also want a standard to be certified on [‘against’ – a better characterisation]. Admitting you’re joining the circus, not doing serious work rather joining, instead of ..?

Otherwise, the 27701 is just a mapping indeed, from the GDPR req’s to what you’d need to do. Noting also the wording has a lot of ‘can’, ‘may’ et al.

Returning to the intro: Have any of you found any problems, yet, with 27701 ..?
Would want to learn so please reply.

In lieu of kind regards:

[‘In lieu of’ ..?? You mean, through total irrelevance ..? Utrecht Papendorp]

Leave a Reply

Maverisk / Étoiles du Nord