ISO 27701
Skill packages tagged with “ISO 27701”
ISO 27701 Controller Controls (Annex A)
Implement and document ISO 27701 Clause 7 and Annex A controls specific to PII controllers. Covers conditions for collection/processing, obligations to PII principals, privacy by design/default, and PII sharing/transfer/disclosure with implementation status, evidence, and justification for exclusions.
ISO 27701 DPIA Program
Establish a Data Protection Impact Assessment (DPIA) program aligned to ISO 27701 Clause 7.2.5 and GDPR Article 35. Create DPIA methodology with WP29/EDPB screening criteria, screen processing activities for high-risk triggers, conduct individual DPIAs, and track risk mitigation with residual risk assessment.
ISO 27701 PII Processing Inventory
Build the PII processing inventory (Record of Processing Activities / ROPA) and data flow map for ISO 27701. Catalogs every processing activity with purpose, legal basis, data categories, PII principals, recipients, retention periods, and cross-border transfers. Produces a data flow map showing PII flows between systems, parties, and jurisdictions.
ISO 27701 PIMS Extension Author
Guided elaboration of PIMS documentation as an extension to ISMS: PII processing inventory, privacy objectives, processing purposes and legal basis, controller/processor annex controls, and privacy policy drafting aligned to Clause 6 controller obligations.
ISO 27701 PIMS Internal Audit
Plan and document a PIMS-specific internal audit. Covers audit planning, execution checklist, findings, nonconformities, and corrective actions focused on privacy controls and PII processing compliance.
ISO 27701 PIMS Scope Definition
Define the Privacy Information Management System (PIMS) scope per ISO/IEC 27701:2019+AMD1:2024 Clauses 5.2.1–5.2.4 — organization role as PII controller, processor, or both (5.2.1); interested parties and their privacy needs (5.2.2); PII principal categories, applicable regulations (GDPR, LGPD, CCPA/CPRA, PIPEDA, PDPA, APPI, POPIA, PIPL), PIMS boundaries, cross-border transfers, privacy objectives, and exclusions (5.2.3); and ISMS linkage (5.2.4). Foundation skill for all ISO 27701 documentation.
ISO 27701 PIMS Statement of Applicability
Create the PIMS Statement of Applicability covering both Annex A (controller) and Annex B (processor) controls. Maps each control to In/Out with justification, implementation status, and evidence — the PIMS-specific equivalent of the ISO 27001 SoA.
ISO 27701 Privacy Policy Generator
Generate a comprehensive privacy policy/notice aligned to ISO 27701 Clause 6 controller obligations. Uses PII inventory and controller controls as inputs to produce a legally-grounded, auditable privacy policy covering all 15 mandatory topics, plus a condensed privacy notice for user-facing communication.
ISO 27701 Privacy Risk Assessment
Conduct a privacy-specific risk assessment focusing on risks to PII principals per ISO 27701 Clause 5.4 (2019) / Clause 6.6 (2025). Defines all 8 individual-focused privacy impact criteria (physical harm, financial loss, discrimination, reputational damage, emotional distress, loss of autonomy, identity theft, social disadvantage — not organizational CIA-triad categories), identifies privacy threats per processing activity and PII principal category, scores risks on a 5x5 privacy impact matrix, assesses DPIA triggers per GDPR Art. 35 / EDPB WP248 rev.01, and plans treatment using privacy-specific options (minimize, pseudonymize, anonymize, consent, purpose limitation, encryption, deletion).
ISO 27701 Processor Controls (Annex B)
Implement and document ISO 27701 Clause 8 and Annex B controls specific to PII processors. Covers conditions for processing, obligations to PII principals, privacy by design/default, sub-processor management, and PII sharing/transfer/disclosure with implementation status, evidence, and justification for exclusions.
ISO 27701 Security Controls Overlay
Create the privacy overlay for the 93 ISO 27002:2022 security controls. For each control in the SoA, document what additional privacy-specific implementation is needed per ISO 27701 Clause 6. Covers all four control themes (Organizational, People, Physical, Technological) with privacy augmentation guidance and evidence mapping.