Date: Jul 11, 2022, 11:39:06 AM
Date: Jul 11, 2022, 11:46:47 AM
Name: ISO/IEC 27701 [2019]
Name: ISO/IEC 27701 [2019]
Description: Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management
Description: Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management
| t | 1 | {} | t | 1 | { |
| 2 | "authors": [ | ||||
| 3 | "Jeremy Dannenmuller" | ||||
| 4 | ], | ||||
| 5 | "label": "ISO/IEC 27701 [2019]", | ||||
| 6 | "language": "EN", | ||||
| 7 | "refs": null, | ||||
| 8 | "uuid": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 9 | "values": [ | ||||
| 10 | { | ||||
| 11 | "category": "Information security aspects of business continuity management", | ||||
| 12 | "code": "6.14.2.1", | ||||
| 13 | "label": "Availability of information processing facilities", | ||||
| 14 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 15 | "referential_label": "ISO 27701", | ||||
| 16 | "uuid": "00cb20cc-21a0-417a-9782-ed6587f1d6f5" | ||||
| 17 | }, | ||||
| 18 | { | ||||
| 19 | "category": "Information security policies", | ||||
| 20 | "code": "6.2.1.1", | ||||
| 21 | "label": "Policies for information security", | ||||
| 22 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 23 | "referential_label": "ISO 27701", | ||||
| 24 | "uuid": "0225b44b-be7a-4cce-a4db-1d804e4d47c8" | ||||
| 25 | }, | ||||
| 26 | { | ||||
| 27 | "category": "Improvement", | ||||
| 28 | "code": "5.8.2", | ||||
| 29 | "label": "Continual improvement", | ||||
| 30 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 31 | "referential_label": "ISO 27701", | ||||
| 32 | "uuid": "029a9fae-c6a4-4b3c-8487-2ed20996a951" | ||||
| 33 | }, | ||||
| 34 | { | ||||
| 35 | "category": "Communication security", | ||||
| 36 | "code": "6.10.2.3", | ||||
| 37 | "label": "Electronic messaging", | ||||
| 38 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 39 | "referential_label": "ISO 27701", | ||||
| 40 | "uuid": "0320a79e-6c9f-45e3-90a0-c360e8f57b45" | ||||
| 41 | }, | ||||
| 42 | { | ||||
| 43 | "category": "PII sharing transfer and disclosure", | ||||
| 44 | "code": "B.8.5.8", | ||||
| 45 | "label": "Change of subcontractor to process PII", | ||||
| 46 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 47 | "referential_label": "ISO 27701", | ||||
| 48 | "uuid": "0637458d-cb4d-47aa-9553-d3e86757aaaa" | ||||
| 49 | }, | ||||
| 50 | { | ||||
| 51 | "category": "Physical and environment security", | ||||
| 52 | "code": "6.8.1.3", | ||||
| 53 | "label": "Securing offices rooms and facilities", | ||||
| 54 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 55 | "referential_label": "ISO 27701", | ||||
| 56 | "uuid": "066dee47-1f12-4243-94bd-a89fbde7fd31" | ||||
| 57 | }, | ||||
| 58 | { | ||||
| 59 | "category": "Conditions for collection and processing", | ||||
| 60 | "code": "A.7.2.3", | ||||
| 61 | "label": "Determine when and how consent is to be obtained", | ||||
| 62 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 63 | "referential_label": "ISO 27701", | ||||
| 64 | "uuid": "06c65ef3-fc74-4e9f-b923-bc4b8da06454" | ||||
| 65 | }, | ||||
| 66 | { | ||||
| 67 | "category": "Asset Management", | ||||
| 68 | "code": "6.5.1.2", | ||||
| 69 | "label": "Ownership of Assets", | ||||
| 70 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 71 | "referential_label": "ISO 27701", | ||||
| 72 | "uuid": "06eed3d5-8e62-42ff-a727-aee4d27a21a3" | ||||
| 73 | }, | ||||
| 74 | { | ||||
| 75 | "category": "Access control", | ||||
| 76 | "code": "6.6.2.2", | ||||
| 77 | "label": "User access provisionning", | ||||
| 78 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 79 | "referential_label": "ISO 27701", | ||||
| 80 | "uuid": "0769cff8-adbc-4d3a-921d-622fbce40473" | ||||
| 81 | }, | ||||
| 82 | { | ||||
| 83 | "category": "Organisation of information security", | ||||
| 84 | "code": "6.3.1.2", | ||||
| 85 | "label": "Segregation of duties", | ||||
| 86 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 87 | "referential_label": "ISO 27701", | ||||
| 88 | "uuid": "085873ce-e760-40cd-80a4-6f402785696f" | ||||
| 89 | }, | ||||
| 90 | { | ||||
| 91 | "category": "Obligations to PII principals", | ||||
| 92 | "code": "A.7.3.2", | ||||
| 93 | "label": "Determining information for PII principals", | ||||
| 94 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 95 | "referential_label": "ISO 27701", | ||||
| 96 | "uuid": "087dde64-823a-495c-92ec-8a282577821f" | ||||
| 97 | }, | ||||
| 98 | { | ||||
| 99 | "category": "Context of the organization", | ||||
| 100 | "code": "5.2.4", | ||||
| 101 | "label": "Information security management system", | ||||
| 102 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 103 | "referential_label": "ISO 27701", | ||||
| 104 | "uuid": "0af7c1ab-dad9-4aa2-aefb-4e5dbf4805c7" | ||||
| 105 | }, | ||||
| 106 | { | ||||
| 107 | "category": "Access control", | ||||
| 108 | "code": "6.6.4.2", | ||||
| 109 | "label": "Secure log-on procedures", | ||||
| 110 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 111 | "referential_label": "ISO 27701", | ||||
| 112 | "uuid": "0d503be4-a66d-4f49-b960-a987f6aface6" | ||||
| 113 | }, | ||||
| 114 | { | ||||
| 115 | "category": "Organisation of information security", | ||||
| 116 | "code": "6.3.1.5", | ||||
| 117 | "label": "Information security in project management", | ||||
| 118 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 119 | "referential_label": "ISO 27701", | ||||
| 120 | "uuid": "0e6f5f89-2755-4448-8183-da973df45b83" | ||||
| 121 | }, | ||||
| 122 | { | ||||
| 123 | "category": "PII sharing transfer and disclosure", | ||||
| 124 | "code": "B.8.5.1", | ||||
| 125 | "label": "Basis for PII transfer between jurisdictions", | ||||
| 126 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 127 | "referential_label": "ISO 27701", | ||||
| 128 | "uuid": "0f6b0b0e-403e-4695-9c32-8bdd4ad17718" | ||||
| 129 | }, | ||||
| 130 | { | ||||
| 131 | "category": "Asset Management", | ||||
| 132 | "code": "6.5.1.1", | ||||
| 133 | "label": "Inventory of Assets", | ||||
| 134 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 135 | "referential_label": "ISO 27701", | ||||
| 136 | "uuid": "0fd4927b-596a-42f6-b155-052785edbfc5" | ||||
| 137 | }, | ||||
| 138 | { | ||||
| 139 | "category": "Operations security", | ||||
| 140 | "code": "6.9.1.3", | ||||
| 141 | "label": "Capacity management", | ||||
| 142 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 143 | "referential_label": "ISO 27701", | ||||
| 144 | "uuid": "103a6955-e9f8-4b66-91ba-bf2cc0e0e8fe" | ||||
| 145 | }, | ||||
| 146 | { | ||||
| 147 | "category": "Compliance", | ||||
| 148 | "code": "6.15.1.2", | ||||
| 149 | "label": "Intellectual property rights", | ||||
| 150 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 151 | "referential_label": "ISO 27701", | ||||
| 152 | "uuid": "1285dd9e-108d-4ecf-bccf-8a3f4807963a" | ||||
| 153 | }, | ||||
| 154 | { | ||||
| 155 | "category": "Privacy by design and privacy by default", | ||||
| 156 | "code": "B.8.4.3", | ||||
| 157 | "label": "PII transmission controls", | ||||
| 158 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 159 | "referential_label": "ISO 27701", | ||||
| 160 | "uuid": "1416da16-528c-45f4-b1b9-6a305ae1c81f" | ||||
| 161 | }, | ||||
| 162 | { | ||||
| 163 | "category": "Systems acquisition development and maintenance", | ||||
| 164 | "code": "6.11.2.6", | ||||
| 165 | "label": "Secure Development Environment", | ||||
| 166 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 167 | "referential_label": "ISO 27701", | ||||
| 168 | "uuid": "16b30180-3754-43da-8bdb-9528fc5e6cde" | ||||
| 169 | }, | ||||
| 170 | { | ||||
| 171 | "category": "Asset Management", | ||||
| 172 | "code": "6.5.1.4", | ||||
| 173 | "label": "Return of Assets", | ||||
| 174 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 175 | "referential_label": "ISO 27701", | ||||
| 176 | "uuid": "18c97f9e-20c9-48a4-b1db-b3ba08a6fd4a" | ||||
| 177 | }, | ||||
| 178 | { | ||||
| 179 | "category": "Systems acquisition development and maintenance", | ||||
| 180 | "code": "6.11.2.8", | ||||
| 181 | "label": "System security testing", | ||||
| 182 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 183 | "referential_label": "ISO 27701", | ||||
| 184 | "uuid": "190024e1-afae-4346-b094-9f84f6d2e759" | ||||
| 185 | }, | ||||
| 186 | { | ||||
| 187 | "category": "Human resources security", | ||||
| 188 | "code": "6.4.1.2", | ||||
| 189 | "label": "Terms and conditions of employment", | ||||
| 190 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 191 | "referential_label": "ISO 27701", | ||||
| 192 | "uuid": "19e032bb-b8b3-40a1-b976-4ac29f8ef613" | ||||
| 193 | }, | ||||
| 194 | { | ||||
| 195 | "category": "Privacy by design and privacy by default", | ||||
| 196 | "code": "A.7.4.6", | ||||
| 197 | "label": "Temporary files", | ||||
| 198 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 199 | "referential_label": "ISO 27701", | ||||
| 200 | "uuid": "1ad68deb-f72a-4f4c-816b-fb755544777e" | ||||
| 201 | }, | ||||
| 202 | { | ||||
| 203 | "category": "Compliance", | ||||
| 204 | "code": "6.15.2.2", | ||||
| 205 | "label": "Compliance with security policies and standards", | ||||
| 206 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 207 | "referential_label": "ISO 27701", | ||||
| 208 | "uuid": "1bdbc783-3069-42f5-a4f7-745c0290be02" | ||||
| 209 | }, | ||||
| 210 | { | ||||
| 211 | "category": "Systems acquisition development and maintenance", | ||||
| 212 | "code": "6.11.2.2", | ||||
| 213 | "label": "System change control procedures", | ||||
| 214 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 215 | "referential_label": "ISO 27701", | ||||
| 216 | "uuid": "1d0c7281-35c6-403c-9c9b-40e9826e73e3" | ||||
| 217 | }, | ||||
| 218 | { | ||||
| 219 | "category": "Compliance", | ||||
| 220 | "code": "6.15.1.5", | ||||
| 221 | "label": "Regulation of cryptographic controls", | ||||
| 222 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 223 | "referential_label": "ISO 27701", | ||||
| 224 | "uuid": "1d6c8b29-418c-4a68-89e8-55ce63bed691" | ||||
| 225 | }, | ||||
| 226 | { | ||||
| 227 | "category": "Access control", | ||||
| 228 | "code": "6.6.2.1", | ||||
| 229 | "label": "User registration and de-registration", | ||||
| 230 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 231 | "referential_label": "ISO 27701", | ||||
| 232 | "uuid": "1ee8390e-ebeb-4253-ae87-49358ff8730f" | ||||
| 233 | }, | ||||
| 234 | { | ||||
| 235 | "category": "Conditions for collection and processing", | ||||
| 236 | "code": "A.7.2.4", | ||||
| 237 | "label": "Obtain and record consent", | ||||
| 238 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 239 | "referential_label": "ISO 27701", | ||||
| 240 | "uuid": "1f597457-a336-4e09-b660-2a680154b8b0" | ||||
| 241 | }, | ||||
| 242 | { | ||||
| 243 | "category": "Support", | ||||
| 244 | "code": "5.5.1", | ||||
| 245 | "label": "Resources", | ||||
| 246 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 247 | "referential_label": "ISO 27701", | ||||
| 248 | "uuid": "1fc549c9-c0dd-407a-9648-c3fe0869bc67" | ||||
| 249 | }, | ||||
| 250 | { | ||||
| 251 | "category": "Access control", | ||||
| 252 | "code": "6.6.4.5", | ||||
| 253 | "label": "Access control to program source code", | ||||
| 254 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 255 | "referential_label": "ISO 27701", | ||||
| 256 | "uuid": "203fb144-2604-4162-b5c9-f40d22ba2fee" | ||||
| 257 | }, | ||||
| 258 | { | ||||
| 259 | "category": "Information security incident management", | ||||
| 260 | "code": "6.13.1.7", | ||||
| 261 | "label": "Collection of evidence", | ||||
| 262 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 263 | "referential_label": "ISO 27701", | ||||
| 264 | "uuid": "238e2cbd-9c07-4f08-b2f5-1f43df4a4c11" | ||||
| 265 | }, | ||||
| 266 | { | ||||
| 267 | "category": "Improvement", | ||||
| 268 | "code": "5.8.1", | ||||
| 269 | "label": "Nonconformity and corrective action", | ||||
| 270 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 271 | "referential_label": "ISO 27701", | ||||
| 272 | "uuid": "256ae75a-a97f-46c8-b022-e4525a52c177" | ||||
| 273 | }, | ||||
| 274 | { | ||||
| 275 | "category": "Access control", | ||||
| 276 | "code": "6.6.2.4", | ||||
| 277 | "label": "Management of secret authentication information of users", | ||||
| 278 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 279 | "referential_label": "ISO 27701", | ||||
| 280 | "uuid": "27b2e55d-2709-4a74-b75f-89ffa80b0096" | ||||
| 281 | }, | ||||
| 282 | { | ||||
| 283 | "category": "Actions to address risks and opportunities", | ||||
| 284 | "code": "5.4.1.2", | ||||
| 285 | "label": "Information Security Risk Assessment", | ||||
| 286 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 287 | "referential_label": "ISO 27701", | ||||
| 288 | "uuid": "28849802-7b7e-46dd-b720-b2bc4db6a67b" | ||||
| 289 | }, | ||||
| 290 | { | ||||
| 291 | "category": "Organisation of information security", | ||||
| 292 | "code": "6.3.1.4", | ||||
| 293 | "label": "Contact with special interest groups", | ||||
| 294 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 295 | "referential_label": "ISO 27701", | ||||
| 296 | "uuid": "2a8bce28-154e-4d0d-b829-fee0cd93f861" | ||||
| 297 | }, | ||||
| 298 | { | ||||
| 299 | "category": "Information security aspects of business continuity management", | ||||
| 300 | "code": "6.14.1.3", | ||||
| 301 | "label": "Verify review and evaluate information security continuity", | ||||
| 302 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 303 | "referential_label": "ISO 27701", | ||||
| 304 | "uuid": "2a93cf52-ffa5-4da5-85b2-ad39d456cb0d" | ||||
| 305 | }, | ||||
| 306 | { | ||||
| 307 | "category": "Information security policies", | ||||
| 308 | "code": "6.2.1.2", | ||||
| 309 | "label": "Review of the policies for information security", | ||||
| 310 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 311 | "referential_label": "ISO 27701", | ||||
| 312 | "uuid": "2abce681-3b58-4c4f-ae56-03eba536e201" | ||||
| 313 | }, | ||||
| 314 | { | ||||
| 315 | "category": "Physical and environment security", | ||||
| 316 | "code": "6.8.1.4", | ||||
| 317 | "label": "Protecting against external and environmental threats", | ||||
| 318 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 319 | "referential_label": "ISO 27701", | ||||
| 320 | "uuid": "2c979e09-e057-4cb5-b6b7-800842783110" | ||||
| 321 | }, | ||||
| 322 | { | ||||
| 323 | "category": "Compliance", | ||||
| 324 | "code": "6.15.2.1", | ||||
| 325 | "label": "Independent review of information security", | ||||
| 326 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 327 | "referential_label": "ISO 27701", | ||||
| 328 | "uuid": "2f712e97-a7bc-40cb-9552-216fd30ef148" | ||||
| 329 | }, | ||||
| 330 | { | ||||
| 331 | "category": "Privacy by design and privacy by default", | ||||
| 332 | "code": "B.8.4.2", | ||||
| 333 | "label": "Return transfer or disposal of PII", | ||||
| 334 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 335 | "referential_label": "ISO 27701", | ||||
| 336 | "uuid": "30525d18-fe33-4813-9519-7816bce5723f" | ||||
| 337 | }, | ||||
| 338 | { | ||||
| 339 | "category": "Information security incident management", | ||||
| 340 | "code": "6.13.1.1", | ||||
| 341 | "label": "Responsibilities and procedures", | ||||
| 342 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 343 | "referential_label": "ISO 27701", | ||||
| 344 | "uuid": "30817081-369d-410d-8db7-25f43a1abd43" | ||||
| 345 | }, | ||||
| 346 | { | ||||
| 347 | "category": "Systems acquisition development and maintenance", | ||||
| 348 | "code": "6.11.1.2", | ||||
| 349 | "label": "Securing application services on public networks", | ||||
| 350 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 351 | "referential_label": "ISO 27701", | ||||
| 352 | "uuid": "35ef0801-fa39-478f-94a4-cffaf3f2107c" | ||||
| 353 | }, | ||||
| 354 | { | ||||
| 355 | "category": "Context of the organization", | ||||
| 356 | "code": "5.2.3", | ||||
| 357 | "label": "Determining the scope of the information security management system", | ||||
| 358 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 359 | "referential_label": "ISO 27701", | ||||
| 360 | "uuid": "36ebd0b0-ab2d-4a7e-b98a-aa048fb6c84e" | ||||
| 361 | }, | ||||
| 362 | { | ||||
| 363 | "category": "Communication security", | ||||
| 364 | "code": "6.10.1.3", | ||||
| 365 | "label": "Segregation in networks", | ||||
| 366 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 367 | "referential_label": "ISO 27701", | ||||
| 368 | "uuid": "37d74fdf-8f6d-4197-a298-a30c646a5f53" | ||||
| 369 | }, | ||||
| 370 | { | ||||
| 371 | "category": "Operations security", | ||||
| 372 | "code": "6.9.1.2", | ||||
| 373 | "label": "Change management", | ||||
| 374 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 375 | "referential_label": "ISO 27701", | ||||
| 376 | "uuid": "389d1443-d248-4f66-b980-bbdcb50e6c15" | ||||
| 377 | }, | ||||
| 378 | { | ||||
| 379 | "category": "Human resources security", | ||||
| 380 | "code": "6.4.2.2", | ||||
| 381 | "label": "Information security awareness education and training", | ||||
| 382 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 383 | "referential_label": "ISO 27701", | ||||
| 384 | "uuid": "3a003a78-d047-4ac0-941c-7ad67491d421" | ||||
| 385 | }, | ||||
| 386 | { | ||||
| 387 | "category": "Conditions for collection and processing", | ||||
| 388 | "code": "A.7.2.6", | ||||
| 389 | "label": "Contracts with PII processors", | ||||
| 390 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 391 | "referential_label": "ISO 27701", | ||||
| 392 | "uuid": "3bbc82c8-7c23-4e11-9c3d-c8a8c19dd08c" | ||||
| 393 | }, | ||||
| 394 | { | ||||
| 395 | "category": "Privacy by design and privacy by default", | ||||
| 396 | "code": "A.7.4.2", | ||||
| 397 | "label": "Limit processing", | ||||
| 398 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 399 | "referential_label": "ISO 27701", | ||||
| 400 | "uuid": "3dafed59-ef7c-43fc-814c-a17c832b319f" | ||||
| 401 | }, | ||||
| 402 | { | ||||
| 403 | "category": "Physical and environment security", | ||||
| 404 | "code": "6.8.1.2", | ||||
| 405 | "label": "Physical entry controls", | ||||
| 406 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 407 | "referential_label": "ISO 27701", | ||||
| 408 | "uuid": "3f68a76b-6c1d-4fcb-952e-c2e9de3d9363" | ||||
| 409 | }, | ||||
| 410 | { | ||||
| 411 | "category": "Support", | ||||
| 412 | "code": "5.5.2", | ||||
| 413 | "label": "Competence", | ||||
| 414 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 415 | "referential_label": "ISO 27701", | ||||
| 416 | "uuid": "3fa8deba-8222-473b-b966-dff98dd64a3e" | ||||
| 417 | }, | ||||
| 418 | { | ||||
| 419 | "category": "Human resources security", | ||||
| 420 | "code": "6.4.1.1", | ||||
| 421 | "label": "Screening", | ||||
| 422 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 423 | "referential_label": "ISO 27701", | ||||
| 424 | "uuid": "40d912e5-c0d5-44c6-90eb-bdd3a9f7d5c4" | ||||
| 425 | }, | ||||
| 426 | { | ||||
| 427 | "category": "Obligations to PII principals", | ||||
| 428 | "code": "A.7.3.8", | ||||
| 429 | "label": "Providing copy of PII processed", | ||||
| 430 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 431 | "referential_label": "ISO 27701", | ||||
| 432 | "uuid": "442e6409-082e-4613-b000-49d141240fc5" | ||||
| 433 | }, | ||||
| 434 | { | ||||
| 435 | "category": "Systems acquisition development and maintenance", | ||||
| 436 | "code": "6.11.2.3", | ||||
| 437 | "label": "Technical review of applications after operating platform changes", | ||||
| 438 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 439 | "referential_label": "ISO 27701", | ||||
| 440 | "uuid": "4607f451-23b6-40ed-89f2-71cb91a4d282" | ||||
| 441 | }, | ||||
| 442 | { | ||||
| 443 | "category": "Support", | ||||
| 444 | "code": "5.5.5.2", | ||||
| 445 | "label": "Creating and updating", | ||||
| 446 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 447 | "referential_label": "ISO 27701", | ||||
| 448 | "uuid": "4630e54e-2bfb-462e-b88d-4392efe7f276" | ||||
| 449 | }, | ||||
| 450 | { | ||||
| 451 | "category": "Support", | ||||
| 452 | "code": "5.5.3", | ||||
| 453 | "label": "Awareness", | ||||
| 454 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 455 | "referential_label": "ISO 27701", | ||||
| 456 | "uuid": "466033e1-6c60-4db2-bf61-ebcae6645a0b" | ||||
| 457 | }, | ||||
| 458 | { | ||||
| 459 | "category": "Operation", | ||||
| 460 | "code": "5.6.2", | ||||
| 461 | "label": "Information security risk assessment", | ||||
| 462 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 463 | "referential_label": "ISO 27701", | ||||
| 464 | "uuid": "4c9f0ab8-778b-4c94-aea9-68921b5ad148" | ||||
| 465 | }, | ||||
| 466 | { | ||||
| 467 | "category": "Communication security", | ||||
| 468 | "code": "6.10.2.2", | ||||
| 469 | "label": "Agreements on information transfer", | ||||
| 470 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 471 | "referential_label": "ISO 27701", | ||||
| 472 | "uuid": "4cfd17b6-5841-4fa7-8d3b-227af4d3b652" | ||||
| 473 | }, | ||||
| 474 | { | ||||
| 475 | "category": "Context of the organization", | ||||
| 476 | "code": "5.2.1", | ||||
| 477 | "label": "Understanding the organization and its context", | ||||
| 478 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 479 | "referential_label": "ISO 27701", | ||||
| 480 | "uuid": "514811fc-ca1a-49be-89cc-57f0042a77aa" | ||||
| 481 | }, | ||||
| 482 | { | ||||
| 483 | "category": "Cryptography", | ||||
| 484 | "code": "6.7.1.1", | ||||
| 485 | "label": "Policy on the use of cryptographic controls", | ||||
| 486 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 487 | "referential_label": "ISO 27701", | ||||
| 488 | "uuid": "53e91bf7-76ed-4cb8-b308-21f1dbd52aa3" | ||||
| 489 | }, | ||||
| 490 | { | ||||
| 491 | "category": "Information security incident management", | ||||
| 492 | "code": "6.13.1.2", | ||||
| 493 | "label": "Reporting information security events", | ||||
| 494 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 495 | "referential_label": "ISO 27701", | ||||
| 496 | "uuid": "54d38b77-2e5c-4c4e-b47b-b936518e8094" | ||||
| 497 | }, | ||||
| 498 | { | ||||
| 499 | "category": "Access control", | ||||
| 500 | "code": "6.6.3.1", | ||||
| 501 | "label": "Use of secret authentication information", | ||||
| 502 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 503 | "referential_label": "ISO 27701", | ||||
| 504 | "uuid": "55f0123d-1c82-4352-8700-03a66e9d72fc" | ||||
| 505 | }, | ||||
| 506 | { | ||||
| 507 | "category": "Privacy by design and privacy by default", | ||||
| 508 | "code": "A.7.4.5", | ||||
| 509 | "label": "PII de-identification and deletion at the end of processing", | ||||
| 510 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 511 | "referential_label": "ISO 27701", | ||||
| 512 | "uuid": "56844655-7f50-46ec-bfc1-6d40fa74b31b" | ||||
| 513 | }, | ||||
| 514 | { | ||||
| 515 | "category": "PII sharing transfer and disclosure", | ||||
| 516 | "code": "B.8.5.5", | ||||
| 517 | "label": "Legally binding PII disclosures", | ||||
| 518 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 519 | "referential_label": "ISO 27701", | ||||
| 520 | "uuid": "56dc629e-506a-4502-b42d-a49e72ed7ec9" | ||||
| 521 | }, | ||||
| 522 | { | ||||
| 523 | "category": "Physical and environment security", | ||||
| 524 | "code": "6.8.1.5", | ||||
| 525 | "label": "Working in secure areas", | ||||
| 526 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 527 | "referential_label": "ISO 27701", | ||||
| 528 | "uuid": "58c52280-09b2-4c91-ab59-eb995f5688fd" | ||||
| 529 | }, | ||||
| 530 | { | ||||
| 531 | "category": "Access control", | ||||
| 532 | "code": "6.6.1.1", | ||||
| 533 | "label": "Access control policy", | ||||
| 534 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 535 | "referential_label": "ISO 27701", | ||||
| 536 | "uuid": "5cdeff98-2016-4d39-858e-3fc915185b52" | ||||
| 537 | }, | ||||
| 538 | { | ||||
| 539 | "category": "Organisation of information security", | ||||
| 540 | "code": "6.3.1.1", | ||||
| 541 | "label": "Information security roles and responsibilities", | ||||
| 542 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 543 | "referential_label": "ISO 27701", | ||||
| 544 | "uuid": "64cdbec6-e81c-4baf-92bf-1ce53cf3d8b2" | ||||
| 545 | }, | ||||
| 546 | { | ||||
| 547 | "category": "Support", | ||||
| 548 | "code": "5.5.5.1", | ||||
| 549 | "label": "General", | ||||
| 550 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 551 | "referential_label": "ISO 27701", | ||||
| 552 | "uuid": "65f112a9-3b20-4f18-950b-085d0be3f114" | ||||
| 553 | }, | ||||
| 554 | { | ||||
| 555 | "category": "Operations security", | ||||
| 556 | "code": "6.9.6.2", | ||||
| 557 | "label": "Restrictions on software installation", | ||||
| 558 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 559 | "referential_label": "ISO 27701", | ||||
| 560 | "uuid": "66d4273e-98cd-4d08-9acb-08ba787db13a" | ||||
| 561 | }, | ||||
| 562 | { | ||||
| 563 | "category": "Support", | ||||
| 564 | "code": "5.5.5.3", | ||||
| 565 | "label": "Control of documented information", | ||||
| 566 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 567 | "referential_label": "ISO 27701", | ||||
| 568 | "uuid": "6780dda7-2c33-496b-81e3-9d868f47b61d" | ||||
| 569 | }, | ||||
| 570 | { | ||||
| 571 | "category": "Physical and environment security", | ||||
| 572 | "code": "6.8.2.9", | ||||
| 573 | "label": "Clear desk and clear screen policy", | ||||
| 574 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 575 | "referential_label": "ISO 27701", | ||||
| 576 | "uuid": "67d95c58-fdf0-439d-8ce6-277238136141" | ||||
| 577 | }, | ||||
| 578 | { | ||||
| 579 | "category": "Operations security", | ||||
| 580 | "code": "6.9.5.1", | ||||
| 581 | "label": "Installation of software on operational systems", | ||||
| 582 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 583 | "referential_label": "ISO 27701", | ||||
| 584 | "uuid": "6a78d184-cc44-461e-af3d-3ebc8380b78f" | ||||
| 585 | }, | ||||
| 586 | { | ||||
| 587 | "category": "Systems acquisition development and maintenance", | ||||
| 588 | "code": "6.11.2.7", | ||||
| 589 | "label": "Outsourced development", | ||||
| 590 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 591 | "referential_label": "ISO 27701", | ||||
| 592 | "uuid": "6ac5a193-c021-4df4-abd1-bb0aed4af36a" | ||||
| 593 | }, | ||||
| 594 | { | ||||
| 595 | "category": "Information security incident management", | ||||
| 596 | "code": "6.13.1.4", | ||||
| 597 | "label": "Assessment of and decision on information security events", | ||||
| 598 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 599 | "referential_label": "ISO 27701", | ||||
| 600 | "uuid": "6c50d8a4-6793-479b-84af-f3cf94fe4102" | ||||
| 601 | }, | ||||
| 602 | { | ||||
| 603 | "category": "Information security incident management", | ||||
| 604 | "code": "6.13.1.3", | ||||
| 605 | "label": "Reporting information security weaknesses", | ||||
| 606 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 607 | "referential_label": "ISO 27701", | ||||
| 608 | "uuid": "6dd7fb16-a5f8-4722-9197-bf198327ed8b" | ||||
| 609 | }, | ||||
| 610 | { | ||||
| 611 | "category": "Human resources security", | ||||
| 612 | "code": "6.4.2.1", | ||||
| 613 | "label": "Management responsibilities", | ||||
| 614 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 615 | "referential_label": "ISO 27701", | ||||
| 616 | "uuid": "6ddcd365-eeca-473d-b9ad-03726ae858d8" | ||||
| 617 | }, | ||||
| 618 | { | ||||
| 619 | "category": "Privacy by design and privacy by default", | ||||
| 620 | "code": "A.7.4.3", | ||||
| 621 | "label": "Accuracy and quality", | ||||
| 622 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 623 | "referential_label": "ISO 27701", | ||||
| 624 | "uuid": "6ee51d2e-83fe-4198-8118-dc7db98515b1" | ||||
| 625 | }, | ||||
| 626 | { | ||||
| 627 | "category": "Operations security", | ||||
| 628 | "code": "6.9.1.1", | ||||
| 629 | "label": "Documented operating procedures", | ||||
| 630 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 631 | "referential_label": "ISO 27701", | ||||
| 632 | "uuid": "70a53056-137e-429a-9483-0a2e92a24fac" | ||||
| 633 | }, | ||||
| 634 | { | ||||
| 635 | "category": "Asset Management", | ||||
| 636 | "code": "6.5.3.3", | ||||
| 637 | "label": "Physical media transfer", | ||||
| 638 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 639 | "referential_label": "ISO 27701", | ||||
| 640 | "uuid": "71761dbc-aea1-4d01-b09d-abe2e67c4f1a" | ||||
| 641 | }, | ||||
| 642 | { | ||||
| 643 | "category": "Access control", | ||||
| 644 | "code": "6.6.4.4", | ||||
| 645 | "label": "Use of privileged utility programs", | ||||
| 646 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 647 | "referential_label": "ISO 27701", | ||||
| 648 | "uuid": "719158a7-c965-46e2-bed9-d273925a3fdd" | ||||
| 649 | }, | ||||
| 650 | { | ||||
| 651 | "category": "Operations security", | ||||
| 652 | "code": "6.9.4.3", | ||||
| 653 | "label": "Administrator and operator logs", | ||||
| 654 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 655 | "referential_label": "ISO 27701", | ||||
| 656 | "uuid": "7405dca3-2282-47e2-ac19-1992ff0a0228" | ||||
| 657 | }, | ||||
| 658 | { | ||||
| 659 | "category": "Operations security", | ||||
| 660 | "code": "6.9.1.4", | ||||
| 661 | "label": "Separation of development testing and operational environments", | ||||
| 662 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 663 | "referential_label": "ISO 27701", | ||||
| 664 | "uuid": "777d9c77-1093-4a4f-9c1f-ff9db9aa96c1" | ||||
| 665 | }, | ||||
| 666 | { | ||||
| 667 | "category": "Physical and environment security", | ||||
| 668 | "code": "6.8.2.4", | ||||
| 669 | "label": "Equipment maintenance", | ||||
| 670 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 671 | "referential_label": "ISO 27701", | ||||
| 672 | "uuid": "77d78b64-a53d-4a62-9b00-7bc4c6df5d99" | ||||
| 673 | }, | ||||
| 674 | { | ||||
| 675 | "category": "Performance Evaluation", | ||||
| 676 | "code": "5.7.1", | ||||
| 677 | "label": "Monitoring measurement analysis and evaluation", | ||||
| 678 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 679 | "referential_label": "ISO 27701", | ||||
| 680 | "uuid": "78bae82d-72d6-4b22-abc1-d49747a6dbad" | ||||
| 681 | }, | ||||
| 682 | { | ||||
| 683 | "category": "Systems acquisition development and maintenance", | ||||
| 684 | "code": "6.11.1.1", | ||||
| 685 | "label": "Information security requirements analysis and specification", | ||||
| 686 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 687 | "referential_label": "ISO 27701", | ||||
| 688 | "uuid": "7b804877-23cc-4f04-9979-8b6f985d04b9" | ||||
| 689 | }, | ||||
| 690 | { | ||||
| 691 | "category": "Performance Evaluation", | ||||
| 692 | "code": "5.7.2", | ||||
| 693 | "label": "Internal audit", | ||||
| 694 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 695 | "referential_label": "ISO 27701", | ||||
| 696 | "uuid": "7b8aa5d2-9afa-4e76-a038-1bb4f169fc23" | ||||
| 697 | }, | ||||
| 698 | { | ||||
| 699 | "category": "Privacy by design and privacy by default", | ||||
| 700 | "code": "A.7.4.1", | ||||
| 701 | "label": "Limit collection", | ||||
| 702 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 703 | "referential_label": "ISO 27701", | ||||
| 704 | "uuid": "7bc37de2-8b17-4965-980c-94260e7c84c9" | ||||
| 705 | }, | ||||
| 706 | { | ||||
| 707 | "category": "Communication security", | ||||
| 708 | "code": "6.10.2.4", | ||||
| 709 | "label": "Confidentiality or non-disclosure agreements", | ||||
| 710 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 711 | "referential_label": "ISO 27701", | ||||
| 712 | "uuid": "7fab270e-33dc-4df8-853b-770b47ed8b67" | ||||
| 713 | }, | ||||
| 714 | { | ||||
| 715 | "category": "Information security incident management", | ||||
| 716 | "code": "6.13.1.6", | ||||
| 717 | "label": "Learning from information security incidents", | ||||
| 718 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 719 | "referential_label": "ISO 27701", | ||||
| 720 | "uuid": "805044a1-7f8c-40b4-9a29-5a9724624a69" | ||||
| 721 | }, | ||||
| 722 | { | ||||
| 723 | "category": "Asset Management", | ||||
| 724 | "code": "6.5.3.2", | ||||
| 725 | "label": "Disposal of media", | ||||
| 726 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 727 | "referential_label": "ISO 27701", | ||||
| 728 | "uuid": "8247018f-5966-4fa1-86ed-74f89a17752d" | ||||
| 729 | }, | ||||
| 730 | { | ||||
| 731 | "category": "Access control", | ||||
| 732 | "code": "6.6.4.1", | ||||
| 733 | "label": "Information access restriction", | ||||
| 734 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 735 | "referential_label": "ISO 27701", | ||||
| 736 | "uuid": "84f2f3dc-54c0-4b96-8d27-8f2ae47a2964" | ||||
| 737 | }, | ||||
| 738 | { | ||||
| 739 | "category": "Compliance", | ||||
| 740 | "code": "6.15.2.3", | ||||
| 741 | "label": "Technical compliance review", | ||||
| 742 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 743 | "referential_label": "ISO 27701", | ||||
| 744 | "uuid": "853373dc-8dc4-451e-b100-55d42aee4ffe" | ||||
| 745 | }, | ||||
| 746 | { | ||||
| 747 | "category": "Asset Management", | ||||
| 748 | "code": "6.5.1.3", | ||||
| 749 | "label": "Acceptable Use of Assets", | ||||
| 750 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 751 | "referential_label": "ISO 27701", | ||||
| 752 | "uuid": "85b65a44-6cca-498f-ab76-1079d0bdfadc" | ||||
| 753 | }, | ||||
| 754 | { | ||||
| 755 | "category": "Conditions for collection and processing", | ||||
| 756 | "code": "B.8.2.3", | ||||
| 757 | "label": "Marketing and advertising use", | ||||
| 758 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 759 | "referential_label": "ISO 27701", | ||||
| 760 | "uuid": "8862ca92-f431-48c6-b565-fd5fb9aa46d8" | ||||
| 761 | }, | ||||
| 762 | { | ||||
| 763 | "category": "Organisation of information security", | ||||
| 764 | "code": "6.3.2.2", | ||||
| 765 | "label": "Teleworking", | ||||
| 766 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 767 | "referential_label": "ISO 27701", | ||||
| 768 | "uuid": "8bb579d1-e9c6-4883-92a9-185cb3987b66" | ||||
| 769 | }, | ||||
| 770 | { | ||||
| 771 | "category": "Leadership", | ||||
| 772 | "code": "5.3.1", | ||||
| 773 | "label": "Leadership and commitment", | ||||
| 774 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 775 | "referential_label": "ISO 27701", | ||||
| 776 | "uuid": "8d3a8ce7-3c35-4aed-8143-32f5d2279054" | ||||
| 777 | }, | ||||
| 778 | { | ||||
| 779 | "category": "Leadership", | ||||
| 780 | "code": "5.3.2", | ||||
| 781 | "label": "Policy", | ||||
| 782 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 783 | "referential_label": "ISO 27701", | ||||
| 784 | "uuid": "8d6462fd-5a10-4847-92d1-da2585439e5e" | ||||
| 785 | }, | ||||
| 786 | { | ||||
| 787 | "category": "Privacy by design and privacy by default", | ||||
| 788 | "code": "A.7.4.4", | ||||
| 789 | "label": "PII minimization objectives", | ||||
| 790 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 791 | "referential_label": "ISO 27701", | ||||
| 792 | "uuid": "8e26c999-8f20-4cfc-8682-3d14c4d8315d" | ||||
| 793 | }, | ||||
| 794 | { | ||||
| 795 | "category": "Conditions for collection and processing", | ||||
| 796 | "code": "A.7.2.8", | ||||
| 797 | "label": "Records related to processing PII", | ||||
| 798 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 799 | "referential_label": "ISO 27701", | ||||
| 800 | "uuid": "8e697e5d-c974-44eb-b973-d6c8ba916725" | ||||
| 801 | }, | ||||
| 802 | { | ||||
| 803 | "category": "Asset Management", | ||||
| 804 | "code": "6.5.2.3", | ||||
| 805 | "label": "Handling of Assets", | ||||
| 806 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 807 | "referential_label": "ISO 27701", | ||||
| 808 | "uuid": "8f246d95-7e65-4fdf-a9bd-a567e537843e" | ||||
| 809 | }, | ||||
| 810 | { | ||||
| 811 | "category": "Context of the organization", | ||||
| 812 | "code": "5.2.2", | ||||
| 813 | "label": "Understanding the needs and expectations of interested parties", | ||||
| 814 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 815 | "referential_label": "ISO 27701", | ||||
| 816 | "uuid": "8f6ef571-4efe-4df1-bca5-92af7e966240" | ||||
| 817 | }, | ||||
| 818 | { | ||||
| 819 | "category": "Systems acquisition development and maintenance", | ||||
| 820 | "code": "6.11.2.1", | ||||
| 821 | "label": "Secure development policy", | ||||
| 822 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 823 | "referential_label": "ISO 27701", | ||||
| 824 | "uuid": "8fa447dd-b5e2-4be0-9784-4386ba03abf5" | ||||
| 825 | }, | ||||
| 826 | { | ||||
| 827 | "category": "Asset Management", | ||||
| 828 | "code": "6.5.2.1", | ||||
| 829 | "label": "Classification of information", | ||||
| 830 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 831 | "referential_label": "ISO 27701", | ||||
| 832 | "uuid": "91bd3542-b178-4c2e-a62e-ba5d37360ca4" | ||||
| 833 | }, | ||||
| 834 | { | ||||
| 835 | "category": "Systems acquisition development and maintenance", | ||||
| 836 | "code": "6.11.1.3", | ||||
| 837 | "label": "Protecting application services transactions", | ||||
| 838 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 839 | "referential_label": "ISO 27701", | ||||
| 840 | "uuid": "92cc1326-12da-4199-b805-9dfb5a6f5870" | ||||
| 841 | }, | ||||
| 842 | { | ||||
| 843 | "category": "Supplier relationships", | ||||
| 844 | "code": "6.12.2.2", | ||||
| 845 | "label": "Managing changes to supplier services", | ||||
| 846 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 847 | "referential_label": "ISO 27701", | ||||
| 848 | "uuid": "94aa96fa-a2fa-4507-bec5-05fe0db41b9f" | ||||
| 849 | }, | ||||
| 850 | { | ||||
| 851 | "category": "Information security objectives and planning to achieve them", | ||||
| 852 | "code": "5.4.2", | ||||
| 853 | "label": "Information security objectives and planning to achieve them", | ||||
| 854 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 855 | "referential_label": "ISO 27701", | ||||
| 856 | "uuid": "9a30e1ba-93d3-4e96-b8d9-663f2720e90a" | ||||
| 857 | }, | ||||
| 858 | { | ||||
| 859 | "category": "PII sharing transfer and disclosure", | ||||
| 860 | "code": "B.8.5.3", | ||||
| 861 | "label": "Records of PII disclosure to third parties", | ||||
| 862 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 863 | "referential_label": "ISO 27701", | ||||
| 864 | "uuid": "9b1c4774-db02-4e14-9b1b-c4fc81438413" | ||||
| 865 | }, | ||||
| 866 | { | ||||
| 867 | "category": "Access control", | ||||
| 868 | "code": "6.6.2.3", | ||||
| 869 | "label": "Management of privileged access rights", | ||||
| 870 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 871 | "referential_label": "ISO 27701", | ||||
| 872 | "uuid": "9bb3a441-d077-49a3-a20f-c91f431104e3" | ||||
| 873 | }, | ||||
| 874 | { | ||||
| 875 | "category": "PII sharing transfer and disclosure", | ||||
| 876 | "code": "A.7.5.2", | ||||
| 877 | "label": "Countries and international organizations to which PII can be transferred", | ||||
| 878 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 879 | "referential_label": "ISO 27701", | ||||
| 880 | "uuid": "9cc453f9-ec65-4091-b72f-c4411023de64" | ||||
| 881 | }, | ||||
| 882 | { | ||||
| 883 | "category": "Supplier relationships", | ||||
| 884 | "code": "6.12.1.3", | ||||
| 885 | "label": "Information and communication technology supply chain", | ||||
| 886 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 887 | "referential_label": "ISO 27701", | ||||
| 888 | "uuid": "9d3cc972-695b-4700-b0ad-a53891329322" | ||||
| 889 | }, | ||||
| 890 | { | ||||
| 891 | "category": "Cryptography", | ||||
| 892 | "code": "6.7.1.2", | ||||
| 893 | "label": "Key management", | ||||
| 894 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 895 | "referential_label": "ISO 27701", | ||||
| 896 | "uuid": "9eac1198-8099-4b6c-931c-f59fbc2ec30e" | ||||
| 897 | }, | ||||
| 898 | { | ||||
| 899 | "category": "Human resources security", | ||||
| 900 | "code": "6.4.2.3", | ||||
| 901 | "label": "Disciplinary procedures", | ||||
| 902 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 903 | "referential_label": "ISO 27701", | ||||
| 904 | "uuid": "9f509e16-fd65-4121-8144-c2403c924dfb" | ||||
| 905 | }, | ||||
| 906 | { | ||||
| 907 | "category": "PII sharing transfer and disclosure", | ||||
| 908 | "code": "B.8.5.6", | ||||
| 909 | "label": "Disclosure of subcontractors used to process PII", | ||||
| 910 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 911 | "referential_label": "ISO 27701", | ||||
| 912 | "uuid": "a0091b82-4864-49dc-a885-a27cd933d4aa" | ||||
| 913 | }, | ||||
| 914 | { | ||||
| 915 | "category": "Operations security", | ||||
| 916 | "code": "6.9.2.1", | ||||
| 917 | "label": "Controls against malware", | ||||
| 918 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 919 | "referential_label": "ISO 27701", | ||||
| 920 | "uuid": "a0494662-1835-44f8-b600-df2d2bcdaf7f" | ||||
| 921 | }, | ||||
| 922 | { | ||||
| 923 | "category": "Obligations to PII principals", | ||||
| 924 | "code": "A.7.3.6", | ||||
| 925 | "label": "Access correction and/or erasure", | ||||
| 926 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 927 | "referential_label": "ISO 27701", | ||||
| 928 | "uuid": "a1141b2f-868c-4c8c-bb32-911732b9adf9" | ||||
| 929 | }, | ||||
| 930 | { | ||||
| 931 | "category": "Leadership", | ||||
| 932 | "code": "5.3.3", | ||||
| 933 | "label": "Organizational roles responsibilities and authorities", | ||||
| 934 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 935 | "referential_label": "ISO 27701", | ||||
| 936 | "uuid": "a3a2049e-f29c-4bae-9c23-d791feba7e0e" | ||||
| 937 | }, | ||||
| 938 | { | ||||
| 939 | "category": "Support", | ||||
| 940 | "code": "5.5.4", | ||||
| 941 | "label": "Communication", | ||||
| 942 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 943 | "referential_label": "ISO 27701", | ||||
| 944 | "uuid": "a3d0ca70-89d8-4e54-9ced-20159cf4e3bd" | ||||
| 945 | }, | ||||
| 946 | { | ||||
| 947 | "category": "Compliance", | ||||
| 948 | "code": "6.15.1.3", | ||||
| 949 | "label": "Protection of records", | ||||
| 950 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 951 | "referential_label": "ISO 27701", | ||||
| 952 | "uuid": "a66fa2a1-6237-4552-abd5-be6df3856d09" | ||||
| 953 | }, | ||||
| 954 | { | ||||
| 955 | "category": "Access control", | ||||
| 956 | "code": "6.6.4.3", | ||||
| 957 | "label": "Password management system", | ||||
| 958 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 959 | "referential_label": "ISO 27701", | ||||
| 960 | "uuid": "a681fb35-04d6-4adc-bde8-b044a26c970d" | ||||
| 961 | }, | ||||
| 962 | { | ||||
| 963 | "category": "Compliance", | ||||
| 964 | "code": "6.15.1.4", | ||||
| 965 | "label": "Privacy and protection of personally identifiable information", | ||||
| 966 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 967 | "referential_label": "ISO 27701", | ||||
| 968 | "uuid": "a77afead-e763-41a6-a803-af6b3d0a2cb2" | ||||
| 969 | }, | ||||
| 970 | { | ||||
| 971 | "category": "Supplier relationships", | ||||
| 972 | "code": "6.12.1.2", | ||||
| 973 | "label": "Addressing security within supplier agreements", | ||||
| 974 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 975 | "referential_label": "ISO 27701", | ||||
| 976 | "uuid": "a793e4bc-6bd9-49a4-8c4b-4933dc7d2238" | ||||
| 977 | }, | ||||
| 978 | { | ||||
| 979 | "category": "Information security aspects of business continuity management", | ||||
| 980 | "code": "6.14.1.2", | ||||
| 981 | "label": "Implementing information security continuity", | ||||
| 982 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 983 | "referential_label": "ISO 27701", | ||||
| 984 | "uuid": "a86710e7-c5bf-4fa7-a311-8757ab2b801b" | ||||
| 985 | }, | ||||
| 986 | { | ||||
| 987 | "category": "Operations security", | ||||
| 988 | "code": "6.9.4.1", | ||||
| 989 | "label": "Event logging", | ||||
| 990 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 991 | "referential_label": "ISO 27701", | ||||
| 992 | "uuid": "a87901f1-5d34-46af-afc7-0375e59721f6" | ||||
| 993 | }, | ||||
| 994 | { | ||||
| 995 | "category": "Supplier relationships", | ||||
| 996 | "code": "6.12.1.1", | ||||
| 997 | "label": "Information security policy for supplier relationships", | ||||
| 998 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 999 | "referential_label": "ISO 27701", | ||||
| 1000 | "uuid": "a943f47f-6996-4490-b45d-9c427942c0a7" | ||||
| 1001 | }, | ||||
| 1002 | { | ||||
| 1003 | "category": "Conditions for collection and processing", | ||||
| 1004 | "code": "B.8.2.2", | ||||
| 1005 | "label": "Organization's purposes", | ||||
| 1006 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1007 | "referential_label": "ISO 27701", | ||||
| 1008 | "uuid": "a9d08b54-382a-4116-93a0-39d34495c711" | ||||
| 1009 | }, | ||||
| 1010 | { | ||||
| 1011 | "category": "Systems acquisition development and maintenance", | ||||
| 1012 | "code": "6.11.2.5", | ||||
| 1013 | "label": "Secure systems engineering principles", | ||||
| 1014 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1015 | "referential_label": "ISO 27701", | ||||
| 1016 | "uuid": "af4c64b8-fc6e-4bd7-8679-3cc0d3c31480" | ||||
| 1017 | }, | ||||
| 1018 | { | ||||
| 1019 | "category": "Obligations to PII principals", | ||||
| 1020 | "code": "A.7.3.9", | ||||
| 1021 | "label": "Handling requests", | ||||
| 1022 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1023 | "referential_label": "ISO 27701", | ||||
| 1024 | "uuid": "b00f4fa5-5643-4b69-8d58-377007ed3696" | ||||
| 1025 | }, | ||||
| 1026 | { | ||||
| 1027 | "category": "Conditions for collection and processing", | ||||
| 1028 | "code": "B.8.2.4", | ||||
| 1029 | "label": "Infringing instruction", | ||||
| 1030 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1031 | "referential_label": "ISO 27701", | ||||
| 1032 | "uuid": "b1bfc4bc-db05-4d94-9273-382562faefcd" | ||||
| 1033 | }, | ||||
| 1034 | { | ||||
| 1035 | "category": "Obligations to PII principals", | ||||
| 1036 | "code": "A.7.3.7", | ||||
| 1037 | "label": "PII controllers' obligations to inform third parties", | ||||
| 1038 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1039 | "referential_label": "ISO 27701", | ||||
| 1040 | "uuid": "b40b6f97-5f9b-4f0e-ae6f-317172cd942b" | ||||
| 1041 | }, | ||||
| 1042 | { | ||||
| 1043 | "category": "Operations security", | ||||
| 1044 | "code": "6.9.3.1", | ||||
| 1045 | "label": "Information backup", | ||||
| 1046 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1047 | "referential_label": "ISO 27701", | ||||
| 1048 | "uuid": "b44c628f-e837-44d0-8392-8f936f8e86e4" | ||||
| 1049 | }, | ||||
| 1050 | { | ||||
| 1051 | "category": "Obligations to PII principals", | ||||
| 1052 | "code": "A.7.3.3", | ||||
| 1053 | "label": "Providing information to PII principals", | ||||
| 1054 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1055 | "referential_label": "ISO 27701", | ||||
| 1056 | "uuid": "b455a728-91ac-4a9e-bb29-ecd4505fa37b" | ||||
| 1057 | }, | ||||
| 1058 | { | ||||
| 1059 | "category": "Conditions for collection and processing", | ||||
| 1060 | "code": "A.7.2.5", | ||||
| 1061 | "label": "Privacy impactassessment", | ||||
| 1062 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1063 | "referential_label": "ISO 27701", | ||||
| 1064 | "uuid": "b476a2b4-7eee-4e79-8910-d9e309d8c759" | ||||
| 1065 | }, | ||||
| 1066 | { | ||||
| 1067 | "category": "Physical and environment security", | ||||
| 1068 | "code": "6.8.1.6", | ||||
| 1069 | "label": "Delivery and loading areas", | ||||
| 1070 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1071 | "referential_label": "ISO 27701", | ||||
| 1072 | "uuid": "b570b846-c1fb-4a9d-8f79-5dac6e4e5d87" | ||||
| 1073 | }, | ||||
| 1074 | { | ||||
| 1075 | "category": "Operations security", | ||||
| 1076 | "code": "6.9.6.1", | ||||
| 1077 | "label": "Management of technical vulnerabilities", | ||||
| 1078 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1079 | "referential_label": "ISO 27701", | ||||
| 1080 | "uuid": "b5c16404-bcfc-4756-8e42-8ba590803215" | ||||
| 1081 | }, | ||||
| 1082 | { | ||||
| 1083 | "category": "Obligations to PII principals", | ||||
| 1084 | "code": "A.7.3.1", | ||||
| 1085 | "label": "Determining and fulfilling obligations to PII principals", | ||||
| 1086 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1087 | "referential_label": "ISO 27701", | ||||
| 1088 | "uuid": "bca25a95-8ac6-4b8f-857a-e7ceb72101dd" | ||||
| 1089 | }, | ||||
| 1090 | { | ||||
| 1091 | "category": "Performance Evaluation", | ||||
| 1092 | "code": "5.7.3", | ||||
| 1093 | "label": "Management review", | ||||
| 1094 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1095 | "referential_label": "ISO 27701", | ||||
| 1096 | "uuid": "bd47b036-1585-4f1f-a648-66f681971779" | ||||
| 1097 | }, | ||||
| 1098 | { | ||||
| 1099 | "category": "Access control", | ||||
| 1100 | "code": "6.6.2.5", | ||||
| 1101 | "label": "Review of user access rights", | ||||
| 1102 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1103 | "referential_label": "ISO 27701", | ||||
| 1104 | "uuid": "bef5cb25-c14c-473a-b987-1faad4c6be6e" | ||||
| 1105 | }, | ||||
| 1106 | { | ||||
| 1107 | "category": "Obligations to PII principals", | ||||
| 1108 | "code": "A.7.3.4", | ||||
| 1109 | "label": "Providing mechanism to modify or withdraw consent", | ||||
| 1110 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1111 | "referential_label": "ISO 27701", | ||||
| 1112 | "uuid": "c0b08efb-ff1b-4c47-8cb6-c78860818c90" | ||||
| 1113 | }, | ||||
| 1114 | { | ||||
| 1115 | "category": "Obligations to PII principals", | ||||
| 1116 | "code": "A.7.3.10", | ||||
| 1117 | "label": "Automated decision making", | ||||
| 1118 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1119 | "referential_label": "ISO 27701", | ||||
| 1120 | "uuid": "c1301d3d-096c-412b-9fc4-80bf6bd2ce4c" | ||||
| 1121 | }, | ||||
| 1122 | { | ||||
| 1123 | "category": "PII sharing transfer and disclosure", | ||||
| 1124 | "code": "A.7.5.1", | ||||
| 1125 | "label": "Identify basis for PII transfer between jurisdictions", | ||||
| 1126 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1127 | "referential_label": "ISO 27701", | ||||
| 1128 | "uuid": "c1975c78-d5c7-4294-b794-7bf70c443cdf" | ||||
| 1129 | }, | ||||
| 1130 | { | ||||
| 1131 | "category": "Supplier relationships", | ||||
| 1132 | "code": "6.12.2.1", | ||||
| 1133 | "label": "Monitoring and review of supplier services", | ||||
| 1134 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1135 | "referential_label": "ISO 27701", | ||||
| 1136 | "uuid": "c293ea96-ba7c-4c2c-b8f2-34b2fd13c6b7" | ||||
| 1137 | }, | ||||
| 1138 | { | ||||
| 1139 | "category": "Conditions for collection and processing", | ||||
| 1140 | "code": "A.7.2.2", | ||||
| 1141 | "label": "Identify lawful basis", | ||||
| 1142 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1143 | "referential_label": "ISO 27701", | ||||
| 1144 | "uuid": "c4709dc0-24a8-4e1d-962c-2fafb958de37" | ||||
| 1145 | }, | ||||
| 1146 | { | ||||
| 1147 | "category": "Actions to address risks and opportunities", | ||||
| 1148 | "code": "5.4.1.1", | ||||
| 1149 | "label": "Actions to address risks and opportunities - General", | ||||
| 1150 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1151 | "referential_label": "ISO 27701", | ||||
| 1152 | "uuid": "c4d6e81f-91e4-4c90-afa2-433afaad05f4" | ||||
| 1153 | }, | ||||
| 1154 | { | ||||
| 1155 | "category": "Organisation of information security", | ||||
| 1156 | "code": "6.3.2.1", | ||||
| 1157 | "label": "Mobile device policy", | ||||
| 1158 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1159 | "referential_label": "ISO 27701", | ||||
| 1160 | "uuid": "c690cf3c-e020-450d-865e-32fdc36a609f" | ||||
| 1161 | }, | ||||
| 1162 | { | ||||
| 1163 | "category": "Physical and environment security", | ||||
| 1164 | "code": "6.8.2.7", | ||||
| 1165 | "label": "Secure disposal or re-use of equipment", | ||||
| 1166 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1167 | "referential_label": "ISO 27701", | ||||
| 1168 | "uuid": "c6923895-042d-4e83-bd6e-9195e74e3188" | ||||
| 1169 | }, | ||||
| 1170 | { | ||||
| 1171 | "category": "Physical and environment security", | ||||
| 1172 | "code": "6.8.1.1", | ||||
| 1173 | "label": "Physical security perimeter", | ||||
| 1174 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1175 | "referential_label": "ISO 27701", | ||||
| 1176 | "uuid": "c7790c91-5a58-4d1f-9df1-942d4a3ef273" | ||||
| 1177 | }, | ||||
| 1178 | { | ||||
| 1179 | "category": "Operations security", | ||||
| 1180 | "code": "6.9.7.1", | ||||
| 1181 | "label": "Information systems audit controls", | ||||
| 1182 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1183 | "referential_label": "ISO 27701", | ||||
| 1184 | "uuid": "c8ec4174-841c-4de4-9685-342e1933351c" | ||||
| 1185 | }, | ||||
| 1186 | { | ||||
| 1187 | "category": "PII sharing transfer and disclosure", | ||||
| 1188 | "code": "A.7.5.3", | ||||
| 1189 | "label": "Records of transfer of PII", | ||||
| 1190 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1191 | "referential_label": "ISO 27701", | ||||
| 1192 | "uuid": "c8feff26-b7e6-4fc0-8067-978ab64f096e" | ||||
| 1193 | }, | ||||
| 1194 | { | ||||
| 1195 | "category": "Privacy by design and privacy by default", | ||||
| 1196 | "code": "A.7.4.9", | ||||
| 1197 | "label": "PII transmission controls", | ||||
| 1198 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1199 | "referential_label": "ISO 27701", | ||||
| 1200 | "uuid": "cc79433d-bd1b-40eb-9960-5fae6ee09216" | ||||
| 1201 | }, | ||||
| 1202 | { | ||||
| 1203 | "category": "PII sharing transfer and disclosure", | ||||
| 1204 | "code": "B.8.5.2", | ||||
| 1205 | "label": "Countries and international organizations to which PII can be transferred", | ||||
| 1206 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1207 | "referential_label": "ISO 27701", | ||||
| 1208 | "uuid": "cca8434a-1f0f-48ec-9358-2f3ee5a712da" | ||||
| 1209 | }, | ||||
| 1210 | { | ||||
| 1211 | "category": "Conditions for collection and processing", | ||||
| 1212 | "code": "A.7.2.1", | ||||
| 1213 | "label": "Identify and document purpose", | ||||
| 1214 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1215 | "referential_label": "ISO 27701", | ||||
| 1216 | "uuid": "cd1267a3-0a09-402c-ada9-85c9291aac26" | ||||
| 1217 | }, | ||||
| 1218 | { | ||||
| 1219 | "category": "Systems acquisition development and maintenance", | ||||
| 1220 | "code": "6.11.3.1", | ||||
| 1221 | "label": "Protection of test data", | ||||
| 1222 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1223 | "referential_label": "ISO 27701", | ||||
| 1224 | "uuid": "cdb15fe9-9808-4749-8747-c284018cccf0" | ||||
| 1225 | }, | ||||
| 1226 | { | ||||
| 1227 | "category": "Information security aspects of business continuity management", | ||||
| 1228 | "code": "6.14.1.1", | ||||
| 1229 | "label": "Planning information security continuity", | ||||
| 1230 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1231 | "referential_label": "ISO 27701", | ||||
| 1232 | "uuid": "cfec872a-4fb3-4364-91dc-475236cc2f93" | ||||
| 1233 | }, | ||||
| 1234 | { | ||||
| 1235 | "category": "Privacy by design and privacy by default", | ||||
| 1236 | "code": "B.8.4.1", | ||||
| 1237 | "label": "Temporary files", | ||||
| 1238 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1239 | "referential_label": "ISO 27701", | ||||
| 1240 | "uuid": "d16fc0f9-ab36-49b6-a4ad-4d8d0120f0a1" | ||||
| 1241 | }, | ||||
| 1242 | { | ||||
| 1243 | "category": "Operations security", | ||||
| 1244 | "code": "6.9.4.2", | ||||
| 1245 | "label": "Protection of log information", | ||||
| 1246 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1247 | "referential_label": "ISO 27701", | ||||
| 1248 | "uuid": "d21603d6-f97e-4b20-bdf6-7bf5248277cb" | ||||
| 1249 | }, | ||||
| 1250 | { | ||||
| 1251 | "category": "Conditions for collection and processing", | ||||
| 1252 | "code": "B.8.2.5", | ||||
| 1253 | "label": "Customer obligations", | ||||
| 1254 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1255 | "referential_label": "ISO 27701", | ||||
| 1256 | "uuid": "d2b79e78-5e9b-4a6d-94f7-855274b7831f" | ||||
| 1257 | }, | ||||
| 1258 | { | ||||
| 1259 | "category": "Asset Management", | ||||
| 1260 | "code": "6.5.2.2", | ||||
| 1261 | "label": "Labelling of information", | ||||
| 1262 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1263 | "referential_label": "ISO 27701", | ||||
| 1264 | "uuid": "d313624f-8213-4f20-b536-b859e8b8c429" | ||||
| 1265 | }, | ||||
| 1266 | { | ||||
| 1267 | "category": "Systems acquisition development and maintenance", | ||||
| 1268 | "code": "6.11.2.9", | ||||
| 1269 | "label": "System acceptance testing", | ||||
| 1270 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1271 | "referential_label": "ISO 27701", | ||||
| 1272 | "uuid": "d3f5b543-cd6b-4645-8395-e9d00cfdbeb6" | ||||
| 1273 | }, | ||||
| 1274 | { | ||||
| 1275 | "category": "Obligations to PII principals", | ||||
| 1276 | "code": "A.7.3.5", | ||||
| 1277 | "label": "Providing mechanism to object to PIIprocessing", | ||||
| 1278 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1279 | "referential_label": "ISO 27701", | ||||
| 1280 | "uuid": "d462468f-b212-4c90-aed2-18dc60db95ce" | ||||
| 1281 | }, | ||||
| 1282 | { | ||||
| 1283 | "category": "Conditions for collection and processing", | ||||
| 1284 | "code": "B.8.2.1", | ||||
| 1285 | "label": "Customer agreement", | ||||
| 1286 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1287 | "referential_label": "ISO 27701", | ||||
| 1288 | "uuid": "d5cde1bc-d630-4a7e-b7c0-04dbae6bff30" | ||||
| 1289 | }, | ||||
| 1290 | { | ||||
| 1291 | "category": "Communication security", | ||||
| 1292 | "code": "6.10.2.1", | ||||
| 1293 | "label": "Information transfer policies and procedures", | ||||
| 1294 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1295 | "referential_label": "ISO 27701", | ||||
| 1296 | "uuid": "d649f805-1142-4fcf-a119-ae76f392708a" | ||||
| 1297 | }, | ||||
| 1298 | { | ||||
| 1299 | "category": "PII sharing transfer and disclosure", | ||||
| 1300 | "code": "B.8.5.4", | ||||
| 1301 | "label": "Notification of PII disclosure requests", | ||||
| 1302 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1303 | "referential_label": "ISO 27701", | ||||
| 1304 | "uuid": "d9273c35-a712-46b9-9754-b96cb49d2332" | ||||
| 1305 | }, | ||||
| 1306 | { | ||||
| 1307 | "category": "Conditions for collection and processing", | ||||
| 1308 | "code": "B.8.2.6", | ||||
| 1309 | "label": "Records related to processing PII", | ||||
| 1310 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1311 | "referential_label": "ISO 27701", | ||||
| 1312 | "uuid": "d9a470ad-a071-4ace-9662-8dc18a96b361" | ||||
| 1313 | }, | ||||
| 1314 | { | ||||
| 1315 | "category": "Operations security", | ||||
| 1316 | "code": "6.9.4.4", | ||||
| 1317 | "label": "Clock synchronisation", | ||||
| 1318 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1319 | "referential_label": "ISO 27701", | ||||
| 1320 | "uuid": "d9e0e545-7b42-4899-8e56-7f9fc6fce85f" | ||||
| 1321 | }, | ||||
| 1322 | { | ||||
| 1323 | "category": "Physical and environment security", | ||||
| 1324 | "code": "6.8.2.8", | ||||
| 1325 | "label": "Unattended user equipment", | ||||
| 1326 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1327 | "referential_label": "ISO 27701", | ||||
| 1328 | "uuid": "d9e2a570-4155-4970-88d7-809179ac7f31" | ||||
| 1329 | }, | ||||
| 1330 | { | ||||
| 1331 | "category": "Privacy by design and privacy by default", | ||||
| 1332 | "code": "A.7.4.8", | ||||
| 1333 | "label": "Disposal", | ||||
| 1334 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1335 | "referential_label": "ISO 27701", | ||||
| 1336 | "uuid": "db2c9e1b-aac1-418c-911e-00eb01cdef6c" | ||||
| 1337 | }, | ||||
| 1338 | { | ||||
| 1339 | "category": "PII sharing transfer and disclosure", | ||||
| 1340 | "code": "B.8.5.7", | ||||
| 1341 | "label": "Engagement of a subcontractor to process PII", | ||||
| 1342 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1343 | "referential_label": "ISO 27701", | ||||
| 1344 | "uuid": "dccd6bfd-aff7-4b01-8004-4d7eb3348484" | ||||
| 1345 | }, | ||||
| 1346 | { | ||||
| 1347 | "category": "Physical and environment security", | ||||
| 1348 | "code": "6.8.2.1", | ||||
| 1349 | "label": "Equipment siting and protection", | ||||
| 1350 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1351 | "referential_label": "ISO 27701", | ||||
| 1352 | "uuid": "dcf6c663-23fc-450b-8d46-be3c48bc049a" | ||||
| 1353 | }, | ||||
| 1354 | { | ||||
| 1355 | "category": "Information security incident management", | ||||
| 1356 | "code": "6.13.1.5", | ||||
| 1357 | "label": "Response to information security incidents", | ||||
| 1358 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1359 | "referential_label": "ISO 27701", | ||||
| 1360 | "uuid": "dd2c4b83-0077-4f70-99b1-74127969c19b" | ||||
| 1361 | }, | ||||
| 1362 | { | ||||
| 1363 | "category": "Human resources security", | ||||
| 1364 | "code": "6.4.3.1", | ||||
| 1365 | "label": "Termination or change of employment responsibilities", | ||||
| 1366 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1367 | "referential_label": "ISO 27701", | ||||
| 1368 | "uuid": "dd48169a-e980-4e58-804b-fb283786415c" | ||||
| 1369 | }, | ||||
| 1370 | { | ||||
| 1371 | "category": "Communication security", | ||||
| 1372 | "code": "6.10.1.1", | ||||
| 1373 | "label": "Network controls", | ||||
| 1374 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1375 | "referential_label": "ISO 27701", | ||||
| 1376 | "uuid": "de3adccd-edfe-4379-9b4a-f8243baa6afc" | ||||
| 1377 | }, | ||||
| 1378 | { | ||||
| 1379 | "category": "PII sharing transfer and disclosure", | ||||
| 1380 | "code": "A.7.5.4", | ||||
| 1381 | "label": "Records of PII disclosure to third parties", | ||||
| 1382 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1383 | "referential_label": "ISO 27701", | ||||
| 1384 | "uuid": "df68917b-f26e-4511-92c1-3b77be11df0f" | ||||
| 1385 | }, | ||||
| 1386 | { | ||||
| 1387 | "category": "Privacy by design and privacy by default", | ||||
| 1388 | "code": "A.7.4.7", | ||||
| 1389 | "label": "Retention", | ||||
| 1390 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1391 | "referential_label": "ISO 27701", | ||||
| 1392 | "uuid": "e1ea896d-cf46-4a7a-a1ad-a4c3ea188866" | ||||
| 1393 | }, | ||||
| 1394 | { | ||||
| 1395 | "category": "Obligations to PII principals", | ||||
| 1396 | "code": "B.8.3.1", | ||||
| 1397 | "label": "Obligations to PII principals", | ||||
| 1398 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1399 | "referential_label": "ISO 27701", | ||||
| 1400 | "uuid": "e7247cf7-a80b-4f1d-a32b-9ddd79a84371" | ||||
| 1401 | }, | ||||
| 1402 | { | ||||
| 1403 | "category": "Physical and environment security", | ||||
| 1404 | "code": "6.8.2.3", | ||||
| 1405 | "label": "Cabling security", | ||||
| 1406 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1407 | "referential_label": "ISO 27701", | ||||
| 1408 | "uuid": "e7f6a752-9122-47cd-a52b-6c6ee7e182f5" | ||||
| 1409 | }, | ||||
| 1410 | { | ||||
| 1411 | "category": "Actions to address risks and opportunities", | ||||
| 1412 | "code": "5.4.1.3", | ||||
| 1413 | "label": "Information Security Risk Treatment", | ||||
| 1414 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1415 | "referential_label": "ISO 27701", | ||||
| 1416 | "uuid": "e9ba3458-e01f-43e0-9883-7b53a2c8b1a3" | ||||
| 1417 | }, | ||||
| 1418 | { | ||||
| 1419 | "category": "Access control", | ||||
| 1420 | "code": "6.6.2.6", | ||||
| 1421 | "label": "Removal or adjustment of access rights", | ||||
| 1422 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1423 | "referential_label": "ISO 27701", | ||||
| 1424 | "uuid": "ea2ec9a6-269a-4e38-a90c-381528893d06" | ||||
| 1425 | }, | ||||
| 1426 | { | ||||
| 1427 | "category": "Organisation of information security", | ||||
| 1428 | "code": "6.3.1.3", | ||||
| 1429 | "label": "Contact with authorities", | ||||
| 1430 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1431 | "referential_label": "ISO 27701", | ||||
| 1432 | "uuid": "ea53cbc7-bec8-472b-9468-6389ea53e786" | ||||
| 1433 | }, | ||||
| 1434 | { | ||||
| 1435 | "category": "Operation", | ||||
| 1436 | "code": "5.6.3", | ||||
| 1437 | "label": "Information security risk treatment", | ||||
| 1438 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1439 | "referential_label": "ISO 27701", | ||||
| 1440 | "uuid": "ec5da672-3770-4120-a041-b61b09b84757" | ||||
| 1441 | }, | ||||
| 1442 | { | ||||
| 1443 | "category": "Physical and environment security", | ||||
| 1444 | "code": "6.8.2.6", | ||||
| 1445 | "label": "Security of equipment and assets off-premises", | ||||
| 1446 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1447 | "referential_label": "ISO 27701", | ||||
| 1448 | "uuid": "edebd5a7-ebb3-4942-8b72-60293b1ec524" | ||||
| 1449 | }, | ||||
| 1450 | { | ||||
| 1451 | "category": "Operation", | ||||
| 1452 | "code": "5.6.1", | ||||
| 1453 | "label": "Operational planning and control", | ||||
| 1454 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1455 | "referential_label": "ISO 27701", | ||||
| 1456 | "uuid": "ee177f90-a062-4d24-aea7-a7e1098ad3e4" | ||||
| 1457 | }, | ||||
| 1458 | { | ||||
| 1459 | "category": "Physical and environment security", | ||||
| 1460 | "code": "6.8.2.2", | ||||
| 1461 | "label": "Supporting utilities", | ||||
| 1462 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1463 | "referential_label": "ISO 27701", | ||||
| 1464 | "uuid": "f08bfc02-4466-4378-ac24-73247e695667" | ||||
| 1465 | }, | ||||
| 1466 | { | ||||
| 1467 | "category": "Systems acquisition development and maintenance", | ||||
| 1468 | "code": "6.11.2.4", | ||||
| 1469 | "label": "Restrictions on changes to software packages", | ||||
| 1470 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1471 | "referential_label": "ISO 27701", | ||||
| 1472 | "uuid": "f1645c93-2336-4729-9c68-dc77341e7112" | ||||
| 1473 | }, | ||||
| 1474 | { | ||||
| 1475 | "category": "Compliance", | ||||
| 1476 | "code": "6.15.1.1", | ||||
| 1477 | "label": "Identification of applicable legislation and contractual requirements", | ||||
| 1478 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1479 | "referential_label": "ISO 27701", | ||||
| 1480 | "uuid": "f3db84e6-5546-48db-bd12-86b56490ace5" | ||||
| 1481 | }, | ||||
| 1482 | { | ||||
| 1483 | "category": "Access control", | ||||
| 1484 | "code": "6.6.1.2", | ||||
| 1485 | "label": "Access to networks and network services", | ||||
| 1486 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1487 | "referential_label": "ISO 27701", | ||||
| 1488 | "uuid": "f943a311-075b-4282-bf24-cf36b7aff54d" | ||||
| 1489 | }, | ||||
| 1490 | { | ||||
| 1491 | "category": "Physical and environment security", | ||||
| 1492 | "code": "6.8.2.5", | ||||
| 1493 | "label": "Removal of assets", | ||||
| 1494 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1495 | "referential_label": "ISO 27701", | ||||
| 1496 | "uuid": "f98a71be-5dd2-4124-82d5-1a533516c8a3" | ||||
| 1497 | }, | ||||
| 1498 | { | ||||
| 1499 | "category": "Communication security", | ||||
| 1500 | "code": "6.10.1.2", | ||||
| 1501 | "label": "Security of network services", | ||||
| 1502 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1503 | "referential_label": "ISO 27701", | ||||
| 1504 | "uuid": "fae6cccf-0765-4894-9914-5983325e39e1" | ||||
| 1505 | }, | ||||
| 1506 | { | ||||
| 1507 | "category": "Conditions for collection and processing", | ||||
| 1508 | "code": "A.7.2.7", | ||||
| 1509 | "label": "Joint PII controller", | ||||
| 1510 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1511 | "referential_label": "ISO 27701", | ||||
| 1512 | "uuid": "fcd65733-75b3-4c48-b066-783a2766fa71" | ||||
| 1513 | }, | ||||
| 1514 | { | ||||
| 1515 | "category": "Asset Management", | ||||
| 1516 | "code": "6.5.3.1", | ||||
| 1517 | "label": "Management of removable media", | ||||
| 1518 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||||
| 1519 | "referential_label": "ISO 27701", | ||||
| 1520 | "uuid": "fe333449-ff0e-46ff-845a-deace938868b" | ||||
| 1521 | } | ||||
| 1522 | ], | ||||
| 1523 | "version": 1, | ||||
| 1524 | "version_ext": "2019" | ||||
| 1525 | } |