Date: Jul 11, 2022, 11:46:47 AM
Date: Aug 3, 2022, 11:47:18 AM
Name: ISO/IEC 27701 [2019]
Name: ISO/IEC 27701 [2019]
Description: Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management
Description: Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management
| f | 1 | { | f | 1 | { |
| 2 | "authors": [ | 2 | "authors": [ | ||
| 3 | "Jeremy Dannenmuller" | 3 | "Jeremy Dannenmuller" | ||
| 4 | ], | 4 | ], | ||
| 5 | "label": "ISO/IEC 27701 [2019]", | 5 | "label": "ISO/IEC 27701 [2019]", | ||
| 6 | "language": "EN", | 6 | "language": "EN", | ||
| t | 7 | "refs": null, | t | 7 | "refs": "https://www.iso.org/standard/71670.html", |
| 8 | "uuid": "f65b378c-ab20-4651-825b-4da34944b519", | 8 | "uuid": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 9 | "values": [ | 9 | "values": [ | ||
| 10 | { | 10 | { | ||
| 11 | "category": "Information security aspects of business continuity management", | 11 | "category": "Information security aspects of business continuity management", | ||
| 12 | "code": "6.14.2.1", | 12 | "code": "6.14.2.1", | ||
| 13 | "label": "Availability of information processing facilities", | 13 | "label": "Availability of information processing facilities", | ||
| 14 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 14 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 15 | "referential_label": "ISO 27701", | 15 | "referential_label": "ISO 27701", | ||
| 16 | "uuid": "00cb20cc-21a0-417a-9782-ed6587f1d6f5" | 16 | "uuid": "00cb20cc-21a0-417a-9782-ed6587f1d6f5" | ||
| 17 | }, | 17 | }, | ||
| 18 | { | 18 | { | ||
| 19 | "category": "Information security policies", | 19 | "category": "Information security policies", | ||
| 20 | "code": "6.2.1.1", | 20 | "code": "6.2.1.1", | ||
| 21 | "label": "Policies for information security", | 21 | "label": "Policies for information security", | ||
| 22 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 22 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 23 | "referential_label": "ISO 27701", | 23 | "referential_label": "ISO 27701", | ||
| 24 | "uuid": "0225b44b-be7a-4cce-a4db-1d804e4d47c8" | 24 | "uuid": "0225b44b-be7a-4cce-a4db-1d804e4d47c8" | ||
| 25 | }, | 25 | }, | ||
| 26 | { | 26 | { | ||
| 27 | "category": "Improvement", | 27 | "category": "Improvement", | ||
| 28 | "code": "5.8.2", | 28 | "code": "5.8.2", | ||
| 29 | "label": "Continual improvement", | 29 | "label": "Continual improvement", | ||
| 30 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 30 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 31 | "referential_label": "ISO 27701", | 31 | "referential_label": "ISO 27701", | ||
| 32 | "uuid": "029a9fae-c6a4-4b3c-8487-2ed20996a951" | 32 | "uuid": "029a9fae-c6a4-4b3c-8487-2ed20996a951" | ||
| 33 | }, | 33 | }, | ||
| 34 | { | 34 | { | ||
| 35 | "category": "Communication security", | 35 | "category": "Communication security", | ||
| 36 | "code": "6.10.2.3", | 36 | "code": "6.10.2.3", | ||
| 37 | "label": "Electronic messaging", | 37 | "label": "Electronic messaging", | ||
| 38 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 38 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 39 | "referential_label": "ISO 27701", | 39 | "referential_label": "ISO 27701", | ||
| 40 | "uuid": "0320a79e-6c9f-45e3-90a0-c360e8f57b45" | 40 | "uuid": "0320a79e-6c9f-45e3-90a0-c360e8f57b45" | ||
| 41 | }, | 41 | }, | ||
| 42 | { | 42 | { | ||
| 43 | "category": "PII sharing transfer and disclosure", | 43 | "category": "PII sharing transfer and disclosure", | ||
| 44 | "code": "B.8.5.8", | 44 | "code": "B.8.5.8", | ||
| 45 | "label": "Change of subcontractor to process PII", | 45 | "label": "Change of subcontractor to process PII", | ||
| 46 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 46 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 47 | "referential_label": "ISO 27701", | 47 | "referential_label": "ISO 27701", | ||
| 48 | "uuid": "0637458d-cb4d-47aa-9553-d3e86757aaaa" | 48 | "uuid": "0637458d-cb4d-47aa-9553-d3e86757aaaa" | ||
| 49 | }, | 49 | }, | ||
| 50 | { | 50 | { | ||
| 51 | "category": "Physical and environment security", | 51 | "category": "Physical and environment security", | ||
| 52 | "code": "6.8.1.3", | 52 | "code": "6.8.1.3", | ||
| 53 | "label": "Securing offices rooms and facilities", | 53 | "label": "Securing offices rooms and facilities", | ||
| 54 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 54 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 55 | "referential_label": "ISO 27701", | 55 | "referential_label": "ISO 27701", | ||
| 56 | "uuid": "066dee47-1f12-4243-94bd-a89fbde7fd31" | 56 | "uuid": "066dee47-1f12-4243-94bd-a89fbde7fd31" | ||
| 57 | }, | 57 | }, | ||
| 58 | { | 58 | { | ||
| 59 | "category": "Conditions for collection and processing", | 59 | "category": "Conditions for collection and processing", | ||
| 60 | "code": "A.7.2.3", | 60 | "code": "A.7.2.3", | ||
| 61 | "label": "Determine when and how consent is to be obtained", | 61 | "label": "Determine when and how consent is to be obtained", | ||
| 62 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 62 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 63 | "referential_label": "ISO 27701", | 63 | "referential_label": "ISO 27701", | ||
| 64 | "uuid": "06c65ef3-fc74-4e9f-b923-bc4b8da06454" | 64 | "uuid": "06c65ef3-fc74-4e9f-b923-bc4b8da06454" | ||
| 65 | }, | 65 | }, | ||
| 66 | { | 66 | { | ||
| 67 | "category": "Asset Management", | 67 | "category": "Asset Management", | ||
| 68 | "code": "6.5.1.2", | 68 | "code": "6.5.1.2", | ||
| 69 | "label": "Ownership of Assets", | 69 | "label": "Ownership of Assets", | ||
| 70 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 70 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 71 | "referential_label": "ISO 27701", | 71 | "referential_label": "ISO 27701", | ||
| 72 | "uuid": "06eed3d5-8e62-42ff-a727-aee4d27a21a3" | 72 | "uuid": "06eed3d5-8e62-42ff-a727-aee4d27a21a3" | ||
| 73 | }, | 73 | }, | ||
| 74 | { | 74 | { | ||
| 75 | "category": "Access control", | 75 | "category": "Access control", | ||
| 76 | "code": "6.6.2.2", | 76 | "code": "6.6.2.2", | ||
| 77 | "label": "User access provisionning", | 77 | "label": "User access provisionning", | ||
| 78 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 78 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 79 | "referential_label": "ISO 27701", | 79 | "referential_label": "ISO 27701", | ||
| 80 | "uuid": "0769cff8-adbc-4d3a-921d-622fbce40473" | 80 | "uuid": "0769cff8-adbc-4d3a-921d-622fbce40473" | ||
| 81 | }, | 81 | }, | ||
| 82 | { | 82 | { | ||
| 83 | "category": "Organisation of information security", | 83 | "category": "Organisation of information security", | ||
| 84 | "code": "6.3.1.2", | 84 | "code": "6.3.1.2", | ||
| 85 | "label": "Segregation of duties", | 85 | "label": "Segregation of duties", | ||
| 86 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 86 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 87 | "referential_label": "ISO 27701", | 87 | "referential_label": "ISO 27701", | ||
| 88 | "uuid": "085873ce-e760-40cd-80a4-6f402785696f" | 88 | "uuid": "085873ce-e760-40cd-80a4-6f402785696f" | ||
| 89 | }, | 89 | }, | ||
| 90 | { | 90 | { | ||
| 91 | "category": "Obligations to PII principals", | 91 | "category": "Obligations to PII principals", | ||
| 92 | "code": "A.7.3.2", | 92 | "code": "A.7.3.2", | ||
| 93 | "label": "Determining information for PII principals", | 93 | "label": "Determining information for PII principals", | ||
| 94 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 94 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 95 | "referential_label": "ISO 27701", | 95 | "referential_label": "ISO 27701", | ||
| 96 | "uuid": "087dde64-823a-495c-92ec-8a282577821f" | 96 | "uuid": "087dde64-823a-495c-92ec-8a282577821f" | ||
| 97 | }, | 97 | }, | ||
| 98 | { | 98 | { | ||
| 99 | "category": "Context of the organization", | 99 | "category": "Context of the organization", | ||
| 100 | "code": "5.2.4", | 100 | "code": "5.2.4", | ||
| 101 | "label": "Information security management system", | 101 | "label": "Information security management system", | ||
| 102 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 102 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 103 | "referential_label": "ISO 27701", | 103 | "referential_label": "ISO 27701", | ||
| 104 | "uuid": "0af7c1ab-dad9-4aa2-aefb-4e5dbf4805c7" | 104 | "uuid": "0af7c1ab-dad9-4aa2-aefb-4e5dbf4805c7" | ||
| 105 | }, | 105 | }, | ||
| 106 | { | 106 | { | ||
| 107 | "category": "Access control", | 107 | "category": "Access control", | ||
| 108 | "code": "6.6.4.2", | 108 | "code": "6.6.4.2", | ||
| 109 | "label": "Secure log-on procedures", | 109 | "label": "Secure log-on procedures", | ||
| 110 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 110 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 111 | "referential_label": "ISO 27701", | 111 | "referential_label": "ISO 27701", | ||
| 112 | "uuid": "0d503be4-a66d-4f49-b960-a987f6aface6" | 112 | "uuid": "0d503be4-a66d-4f49-b960-a987f6aface6" | ||
| 113 | }, | 113 | }, | ||
| 114 | { | 114 | { | ||
| 115 | "category": "Organisation of information security", | 115 | "category": "Organisation of information security", | ||
| 116 | "code": "6.3.1.5", | 116 | "code": "6.3.1.5", | ||
| 117 | "label": "Information security in project management", | 117 | "label": "Information security in project management", | ||
| 118 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 118 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 119 | "referential_label": "ISO 27701", | 119 | "referential_label": "ISO 27701", | ||
| 120 | "uuid": "0e6f5f89-2755-4448-8183-da973df45b83" | 120 | "uuid": "0e6f5f89-2755-4448-8183-da973df45b83" | ||
| 121 | }, | 121 | }, | ||
| 122 | { | 122 | { | ||
| 123 | "category": "PII sharing transfer and disclosure", | 123 | "category": "PII sharing transfer and disclosure", | ||
| 124 | "code": "B.8.5.1", | 124 | "code": "B.8.5.1", | ||
| 125 | "label": "Basis for PII transfer between jurisdictions", | 125 | "label": "Basis for PII transfer between jurisdictions", | ||
| 126 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 126 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 127 | "referential_label": "ISO 27701", | 127 | "referential_label": "ISO 27701", | ||
| 128 | "uuid": "0f6b0b0e-403e-4695-9c32-8bdd4ad17718" | 128 | "uuid": "0f6b0b0e-403e-4695-9c32-8bdd4ad17718" | ||
| 129 | }, | 129 | }, | ||
| 130 | { | 130 | { | ||
| 131 | "category": "Asset Management", | 131 | "category": "Asset Management", | ||
| 132 | "code": "6.5.1.1", | 132 | "code": "6.5.1.1", | ||
| 133 | "label": "Inventory of Assets", | 133 | "label": "Inventory of Assets", | ||
| 134 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 134 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 135 | "referential_label": "ISO 27701", | 135 | "referential_label": "ISO 27701", | ||
| 136 | "uuid": "0fd4927b-596a-42f6-b155-052785edbfc5" | 136 | "uuid": "0fd4927b-596a-42f6-b155-052785edbfc5" | ||
| 137 | }, | 137 | }, | ||
| 138 | { | 138 | { | ||
| 139 | "category": "Operations security", | 139 | "category": "Operations security", | ||
| 140 | "code": "6.9.1.3", | 140 | "code": "6.9.1.3", | ||
| 141 | "label": "Capacity management", | 141 | "label": "Capacity management", | ||
| 142 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 142 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 143 | "referential_label": "ISO 27701", | 143 | "referential_label": "ISO 27701", | ||
| 144 | "uuid": "103a6955-e9f8-4b66-91ba-bf2cc0e0e8fe" | 144 | "uuid": "103a6955-e9f8-4b66-91ba-bf2cc0e0e8fe" | ||
| 145 | }, | 145 | }, | ||
| 146 | { | 146 | { | ||
| 147 | "category": "Compliance", | 147 | "category": "Compliance", | ||
| 148 | "code": "6.15.1.2", | 148 | "code": "6.15.1.2", | ||
| 149 | "label": "Intellectual property rights", | 149 | "label": "Intellectual property rights", | ||
| 150 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 150 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 151 | "referential_label": "ISO 27701", | 151 | "referential_label": "ISO 27701", | ||
| 152 | "uuid": "1285dd9e-108d-4ecf-bccf-8a3f4807963a" | 152 | "uuid": "1285dd9e-108d-4ecf-bccf-8a3f4807963a" | ||
| 153 | }, | 153 | }, | ||
| 154 | { | 154 | { | ||
| 155 | "category": "Privacy by design and privacy by default", | 155 | "category": "Privacy by design and privacy by default", | ||
| 156 | "code": "B.8.4.3", | 156 | "code": "B.8.4.3", | ||
| 157 | "label": "PII transmission controls", | 157 | "label": "PII transmission controls", | ||
| 158 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 158 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 159 | "referential_label": "ISO 27701", | 159 | "referential_label": "ISO 27701", | ||
| 160 | "uuid": "1416da16-528c-45f4-b1b9-6a305ae1c81f" | 160 | "uuid": "1416da16-528c-45f4-b1b9-6a305ae1c81f" | ||
| 161 | }, | 161 | }, | ||
| 162 | { | 162 | { | ||
| 163 | "category": "Systems acquisition development and maintenance", | 163 | "category": "Systems acquisition development and maintenance", | ||
| 164 | "code": "6.11.2.6", | 164 | "code": "6.11.2.6", | ||
| 165 | "label": "Secure Development Environment", | 165 | "label": "Secure Development Environment", | ||
| 166 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 166 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 167 | "referential_label": "ISO 27701", | 167 | "referential_label": "ISO 27701", | ||
| 168 | "uuid": "16b30180-3754-43da-8bdb-9528fc5e6cde" | 168 | "uuid": "16b30180-3754-43da-8bdb-9528fc5e6cde" | ||
| 169 | }, | 169 | }, | ||
| 170 | { | 170 | { | ||
| 171 | "category": "Asset Management", | 171 | "category": "Asset Management", | ||
| 172 | "code": "6.5.1.4", | 172 | "code": "6.5.1.4", | ||
| 173 | "label": "Return of Assets", | 173 | "label": "Return of Assets", | ||
| 174 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 174 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 175 | "referential_label": "ISO 27701", | 175 | "referential_label": "ISO 27701", | ||
| 176 | "uuid": "18c97f9e-20c9-48a4-b1db-b3ba08a6fd4a" | 176 | "uuid": "18c97f9e-20c9-48a4-b1db-b3ba08a6fd4a" | ||
| 177 | }, | 177 | }, | ||
| 178 | { | 178 | { | ||
| 179 | "category": "Systems acquisition development and maintenance", | 179 | "category": "Systems acquisition development and maintenance", | ||
| 180 | "code": "6.11.2.8", | 180 | "code": "6.11.2.8", | ||
| 181 | "label": "System security testing", | 181 | "label": "System security testing", | ||
| 182 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 182 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 183 | "referential_label": "ISO 27701", | 183 | "referential_label": "ISO 27701", | ||
| 184 | "uuid": "190024e1-afae-4346-b094-9f84f6d2e759" | 184 | "uuid": "190024e1-afae-4346-b094-9f84f6d2e759" | ||
| 185 | }, | 185 | }, | ||
| 186 | { | 186 | { | ||
| 187 | "category": "Human resources security", | 187 | "category": "Human resources security", | ||
| 188 | "code": "6.4.1.2", | 188 | "code": "6.4.1.2", | ||
| 189 | "label": "Terms and conditions of employment", | 189 | "label": "Terms and conditions of employment", | ||
| 190 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 190 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 191 | "referential_label": "ISO 27701", | 191 | "referential_label": "ISO 27701", | ||
| 192 | "uuid": "19e032bb-b8b3-40a1-b976-4ac29f8ef613" | 192 | "uuid": "19e032bb-b8b3-40a1-b976-4ac29f8ef613" | ||
| 193 | }, | 193 | }, | ||
| 194 | { | 194 | { | ||
| 195 | "category": "Privacy by design and privacy by default", | 195 | "category": "Privacy by design and privacy by default", | ||
| 196 | "code": "A.7.4.6", | 196 | "code": "A.7.4.6", | ||
| 197 | "label": "Temporary files", | 197 | "label": "Temporary files", | ||
| 198 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 198 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 199 | "referential_label": "ISO 27701", | 199 | "referential_label": "ISO 27701", | ||
| 200 | "uuid": "1ad68deb-f72a-4f4c-816b-fb755544777e" | 200 | "uuid": "1ad68deb-f72a-4f4c-816b-fb755544777e" | ||
| 201 | }, | 201 | }, | ||
| 202 | { | 202 | { | ||
| 203 | "category": "Compliance", | 203 | "category": "Compliance", | ||
| 204 | "code": "6.15.2.2", | 204 | "code": "6.15.2.2", | ||
| 205 | "label": "Compliance with security policies and standards", | 205 | "label": "Compliance with security policies and standards", | ||
| 206 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 206 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 207 | "referential_label": "ISO 27701", | 207 | "referential_label": "ISO 27701", | ||
| 208 | "uuid": "1bdbc783-3069-42f5-a4f7-745c0290be02" | 208 | "uuid": "1bdbc783-3069-42f5-a4f7-745c0290be02" | ||
| 209 | }, | 209 | }, | ||
| 210 | { | 210 | { | ||
| 211 | "category": "Systems acquisition development and maintenance", | 211 | "category": "Systems acquisition development and maintenance", | ||
| 212 | "code": "6.11.2.2", | 212 | "code": "6.11.2.2", | ||
| 213 | "label": "System change control procedures", | 213 | "label": "System change control procedures", | ||
| 214 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 214 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 215 | "referential_label": "ISO 27701", | 215 | "referential_label": "ISO 27701", | ||
| 216 | "uuid": "1d0c7281-35c6-403c-9c9b-40e9826e73e3" | 216 | "uuid": "1d0c7281-35c6-403c-9c9b-40e9826e73e3" | ||
| 217 | }, | 217 | }, | ||
| 218 | { | 218 | { | ||
| 219 | "category": "Compliance", | 219 | "category": "Compliance", | ||
| 220 | "code": "6.15.1.5", | 220 | "code": "6.15.1.5", | ||
| 221 | "label": "Regulation of cryptographic controls", | 221 | "label": "Regulation of cryptographic controls", | ||
| 222 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 222 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 223 | "referential_label": "ISO 27701", | 223 | "referential_label": "ISO 27701", | ||
| 224 | "uuid": "1d6c8b29-418c-4a68-89e8-55ce63bed691" | 224 | "uuid": "1d6c8b29-418c-4a68-89e8-55ce63bed691" | ||
| 225 | }, | 225 | }, | ||
| 226 | { | 226 | { | ||
| 227 | "category": "Access control", | 227 | "category": "Access control", | ||
| 228 | "code": "6.6.2.1", | 228 | "code": "6.6.2.1", | ||
| 229 | "label": "User registration and de-registration", | 229 | "label": "User registration and de-registration", | ||
| 230 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 230 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 231 | "referential_label": "ISO 27701", | 231 | "referential_label": "ISO 27701", | ||
| 232 | "uuid": "1ee8390e-ebeb-4253-ae87-49358ff8730f" | 232 | "uuid": "1ee8390e-ebeb-4253-ae87-49358ff8730f" | ||
| 233 | }, | 233 | }, | ||
| 234 | { | 234 | { | ||
| 235 | "category": "Conditions for collection and processing", | 235 | "category": "Conditions for collection and processing", | ||
| 236 | "code": "A.7.2.4", | 236 | "code": "A.7.2.4", | ||
| 237 | "label": "Obtain and record consent", | 237 | "label": "Obtain and record consent", | ||
| 238 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 238 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 239 | "referential_label": "ISO 27701", | 239 | "referential_label": "ISO 27701", | ||
| 240 | "uuid": "1f597457-a336-4e09-b660-2a680154b8b0" | 240 | "uuid": "1f597457-a336-4e09-b660-2a680154b8b0" | ||
| 241 | }, | 241 | }, | ||
| 242 | { | 242 | { | ||
| 243 | "category": "Support", | 243 | "category": "Support", | ||
| 244 | "code": "5.5.1", | 244 | "code": "5.5.1", | ||
| 245 | "label": "Resources", | 245 | "label": "Resources", | ||
| 246 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 246 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 247 | "referential_label": "ISO 27701", | 247 | "referential_label": "ISO 27701", | ||
| 248 | "uuid": "1fc549c9-c0dd-407a-9648-c3fe0869bc67" | 248 | "uuid": "1fc549c9-c0dd-407a-9648-c3fe0869bc67" | ||
| 249 | }, | 249 | }, | ||
| 250 | { | 250 | { | ||
| 251 | "category": "Access control", | 251 | "category": "Access control", | ||
| 252 | "code": "6.6.4.5", | 252 | "code": "6.6.4.5", | ||
| 253 | "label": "Access control to program source code", | 253 | "label": "Access control to program source code", | ||
| 254 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 254 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 255 | "referential_label": "ISO 27701", | 255 | "referential_label": "ISO 27701", | ||
| 256 | "uuid": "203fb144-2604-4162-b5c9-f40d22ba2fee" | 256 | "uuid": "203fb144-2604-4162-b5c9-f40d22ba2fee" | ||
| 257 | }, | 257 | }, | ||
| 258 | { | 258 | { | ||
| 259 | "category": "Information security incident management", | 259 | "category": "Information security incident management", | ||
| 260 | "code": "6.13.1.7", | 260 | "code": "6.13.1.7", | ||
| 261 | "label": "Collection of evidence", | 261 | "label": "Collection of evidence", | ||
| 262 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 262 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 263 | "referential_label": "ISO 27701", | 263 | "referential_label": "ISO 27701", | ||
| 264 | "uuid": "238e2cbd-9c07-4f08-b2f5-1f43df4a4c11" | 264 | "uuid": "238e2cbd-9c07-4f08-b2f5-1f43df4a4c11" | ||
| 265 | }, | 265 | }, | ||
| 266 | { | 266 | { | ||
| 267 | "category": "Improvement", | 267 | "category": "Improvement", | ||
| 268 | "code": "5.8.1", | 268 | "code": "5.8.1", | ||
| 269 | "label": "Nonconformity and corrective action", | 269 | "label": "Nonconformity and corrective action", | ||
| 270 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 270 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 271 | "referential_label": "ISO 27701", | 271 | "referential_label": "ISO 27701", | ||
| 272 | "uuid": "256ae75a-a97f-46c8-b022-e4525a52c177" | 272 | "uuid": "256ae75a-a97f-46c8-b022-e4525a52c177" | ||
| 273 | }, | 273 | }, | ||
| 274 | { | 274 | { | ||
| 275 | "category": "Access control", | 275 | "category": "Access control", | ||
| 276 | "code": "6.6.2.4", | 276 | "code": "6.6.2.4", | ||
| 277 | "label": "Management of secret authentication information of users", | 277 | "label": "Management of secret authentication information of users", | ||
| 278 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 278 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 279 | "referential_label": "ISO 27701", | 279 | "referential_label": "ISO 27701", | ||
| 280 | "uuid": "27b2e55d-2709-4a74-b75f-89ffa80b0096" | 280 | "uuid": "27b2e55d-2709-4a74-b75f-89ffa80b0096" | ||
| 281 | }, | 281 | }, | ||
| 282 | { | 282 | { | ||
| 283 | "category": "Actions to address risks and opportunities", | 283 | "category": "Actions to address risks and opportunities", | ||
| 284 | "code": "5.4.1.2", | 284 | "code": "5.4.1.2", | ||
| 285 | "label": "Information Security Risk Assessment", | 285 | "label": "Information Security Risk Assessment", | ||
| 286 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 286 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 287 | "referential_label": "ISO 27701", | 287 | "referential_label": "ISO 27701", | ||
| 288 | "uuid": "28849802-7b7e-46dd-b720-b2bc4db6a67b" | 288 | "uuid": "28849802-7b7e-46dd-b720-b2bc4db6a67b" | ||
| 289 | }, | 289 | }, | ||
| 290 | { | 290 | { | ||
| 291 | "category": "Organisation of information security", | 291 | "category": "Organisation of information security", | ||
| 292 | "code": "6.3.1.4", | 292 | "code": "6.3.1.4", | ||
| 293 | "label": "Contact with special interest groups", | 293 | "label": "Contact with special interest groups", | ||
| 294 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 294 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 295 | "referential_label": "ISO 27701", | 295 | "referential_label": "ISO 27701", | ||
| 296 | "uuid": "2a8bce28-154e-4d0d-b829-fee0cd93f861" | 296 | "uuid": "2a8bce28-154e-4d0d-b829-fee0cd93f861" | ||
| 297 | }, | 297 | }, | ||
| 298 | { | 298 | { | ||
| 299 | "category": "Information security aspects of business continuity management", | 299 | "category": "Information security aspects of business continuity management", | ||
| 300 | "code": "6.14.1.3", | 300 | "code": "6.14.1.3", | ||
| 301 | "label": "Verify review and evaluate information security continuity", | 301 | "label": "Verify review and evaluate information security continuity", | ||
| 302 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 302 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 303 | "referential_label": "ISO 27701", | 303 | "referential_label": "ISO 27701", | ||
| 304 | "uuid": "2a93cf52-ffa5-4da5-85b2-ad39d456cb0d" | 304 | "uuid": "2a93cf52-ffa5-4da5-85b2-ad39d456cb0d" | ||
| 305 | }, | 305 | }, | ||
| 306 | { | 306 | { | ||
| 307 | "category": "Information security policies", | 307 | "category": "Information security policies", | ||
| 308 | "code": "6.2.1.2", | 308 | "code": "6.2.1.2", | ||
| 309 | "label": "Review of the policies for information security", | 309 | "label": "Review of the policies for information security", | ||
| 310 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 310 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 311 | "referential_label": "ISO 27701", | 311 | "referential_label": "ISO 27701", | ||
| 312 | "uuid": "2abce681-3b58-4c4f-ae56-03eba536e201" | 312 | "uuid": "2abce681-3b58-4c4f-ae56-03eba536e201" | ||
| 313 | }, | 313 | }, | ||
| 314 | { | 314 | { | ||
| 315 | "category": "Physical and environment security", | 315 | "category": "Physical and environment security", | ||
| 316 | "code": "6.8.1.4", | 316 | "code": "6.8.1.4", | ||
| 317 | "label": "Protecting against external and environmental threats", | 317 | "label": "Protecting against external and environmental threats", | ||
| 318 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 318 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 319 | "referential_label": "ISO 27701", | 319 | "referential_label": "ISO 27701", | ||
| 320 | "uuid": "2c979e09-e057-4cb5-b6b7-800842783110" | 320 | "uuid": "2c979e09-e057-4cb5-b6b7-800842783110" | ||
| 321 | }, | 321 | }, | ||
| 322 | { | 322 | { | ||
| 323 | "category": "Compliance", | 323 | "category": "Compliance", | ||
| 324 | "code": "6.15.2.1", | 324 | "code": "6.15.2.1", | ||
| 325 | "label": "Independent review of information security", | 325 | "label": "Independent review of information security", | ||
| 326 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 326 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 327 | "referential_label": "ISO 27701", | 327 | "referential_label": "ISO 27701", | ||
| 328 | "uuid": "2f712e97-a7bc-40cb-9552-216fd30ef148" | 328 | "uuid": "2f712e97-a7bc-40cb-9552-216fd30ef148" | ||
| 329 | }, | 329 | }, | ||
| 330 | { | 330 | { | ||
| 331 | "category": "Privacy by design and privacy by default", | 331 | "category": "Privacy by design and privacy by default", | ||
| 332 | "code": "B.8.4.2", | 332 | "code": "B.8.4.2", | ||
| 333 | "label": "Return transfer or disposal of PII", | 333 | "label": "Return transfer or disposal of PII", | ||
| 334 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 334 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 335 | "referential_label": "ISO 27701", | 335 | "referential_label": "ISO 27701", | ||
| 336 | "uuid": "30525d18-fe33-4813-9519-7816bce5723f" | 336 | "uuid": "30525d18-fe33-4813-9519-7816bce5723f" | ||
| 337 | }, | 337 | }, | ||
| 338 | { | 338 | { | ||
| 339 | "category": "Information security incident management", | 339 | "category": "Information security incident management", | ||
| 340 | "code": "6.13.1.1", | 340 | "code": "6.13.1.1", | ||
| 341 | "label": "Responsibilities and procedures", | 341 | "label": "Responsibilities and procedures", | ||
| 342 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 342 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 343 | "referential_label": "ISO 27701", | 343 | "referential_label": "ISO 27701", | ||
| 344 | "uuid": "30817081-369d-410d-8db7-25f43a1abd43" | 344 | "uuid": "30817081-369d-410d-8db7-25f43a1abd43" | ||
| 345 | }, | 345 | }, | ||
| 346 | { | 346 | { | ||
| 347 | "category": "Systems acquisition development and maintenance", | 347 | "category": "Systems acquisition development and maintenance", | ||
| 348 | "code": "6.11.1.2", | 348 | "code": "6.11.1.2", | ||
| 349 | "label": "Securing application services on public networks", | 349 | "label": "Securing application services on public networks", | ||
| 350 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 350 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 351 | "referential_label": "ISO 27701", | 351 | "referential_label": "ISO 27701", | ||
| 352 | "uuid": "35ef0801-fa39-478f-94a4-cffaf3f2107c" | 352 | "uuid": "35ef0801-fa39-478f-94a4-cffaf3f2107c" | ||
| 353 | }, | 353 | }, | ||
| 354 | { | 354 | { | ||
| 355 | "category": "Context of the organization", | 355 | "category": "Context of the organization", | ||
| 356 | "code": "5.2.3", | 356 | "code": "5.2.3", | ||
| 357 | "label": "Determining the scope of the information security management system", | 357 | "label": "Determining the scope of the information security management system", | ||
| 358 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 358 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 359 | "referential_label": "ISO 27701", | 359 | "referential_label": "ISO 27701", | ||
| 360 | "uuid": "36ebd0b0-ab2d-4a7e-b98a-aa048fb6c84e" | 360 | "uuid": "36ebd0b0-ab2d-4a7e-b98a-aa048fb6c84e" | ||
| 361 | }, | 361 | }, | ||
| 362 | { | 362 | { | ||
| 363 | "category": "Communication security", | 363 | "category": "Communication security", | ||
| 364 | "code": "6.10.1.3", | 364 | "code": "6.10.1.3", | ||
| 365 | "label": "Segregation in networks", | 365 | "label": "Segregation in networks", | ||
| 366 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 366 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 367 | "referential_label": "ISO 27701", | 367 | "referential_label": "ISO 27701", | ||
| 368 | "uuid": "37d74fdf-8f6d-4197-a298-a30c646a5f53" | 368 | "uuid": "37d74fdf-8f6d-4197-a298-a30c646a5f53" | ||
| 369 | }, | 369 | }, | ||
| 370 | { | 370 | { | ||
| 371 | "category": "Operations security", | 371 | "category": "Operations security", | ||
| 372 | "code": "6.9.1.2", | 372 | "code": "6.9.1.2", | ||
| 373 | "label": "Change management", | 373 | "label": "Change management", | ||
| 374 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 374 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 375 | "referential_label": "ISO 27701", | 375 | "referential_label": "ISO 27701", | ||
| 376 | "uuid": "389d1443-d248-4f66-b980-bbdcb50e6c15" | 376 | "uuid": "389d1443-d248-4f66-b980-bbdcb50e6c15" | ||
| 377 | }, | 377 | }, | ||
| 378 | { | 378 | { | ||
| 379 | "category": "Human resources security", | 379 | "category": "Human resources security", | ||
| 380 | "code": "6.4.2.2", | 380 | "code": "6.4.2.2", | ||
| 381 | "label": "Information security awareness education and training", | 381 | "label": "Information security awareness education and training", | ||
| 382 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 382 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 383 | "referential_label": "ISO 27701", | 383 | "referential_label": "ISO 27701", | ||
| 384 | "uuid": "3a003a78-d047-4ac0-941c-7ad67491d421" | 384 | "uuid": "3a003a78-d047-4ac0-941c-7ad67491d421" | ||
| 385 | }, | 385 | }, | ||
| 386 | { | 386 | { | ||
| 387 | "category": "Conditions for collection and processing", | 387 | "category": "Conditions for collection and processing", | ||
| 388 | "code": "A.7.2.6", | 388 | "code": "A.7.2.6", | ||
| 389 | "label": "Contracts with PII processors", | 389 | "label": "Contracts with PII processors", | ||
| 390 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 390 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 391 | "referential_label": "ISO 27701", | 391 | "referential_label": "ISO 27701", | ||
| 392 | "uuid": "3bbc82c8-7c23-4e11-9c3d-c8a8c19dd08c" | 392 | "uuid": "3bbc82c8-7c23-4e11-9c3d-c8a8c19dd08c" | ||
| 393 | }, | 393 | }, | ||
| 394 | { | 394 | { | ||
| 395 | "category": "Privacy by design and privacy by default", | 395 | "category": "Privacy by design and privacy by default", | ||
| 396 | "code": "A.7.4.2", | 396 | "code": "A.7.4.2", | ||
| 397 | "label": "Limit processing", | 397 | "label": "Limit processing", | ||
| 398 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 398 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 399 | "referential_label": "ISO 27701", | 399 | "referential_label": "ISO 27701", | ||
| 400 | "uuid": "3dafed59-ef7c-43fc-814c-a17c832b319f" | 400 | "uuid": "3dafed59-ef7c-43fc-814c-a17c832b319f" | ||
| 401 | }, | 401 | }, | ||
| 402 | { | 402 | { | ||
| 403 | "category": "Physical and environment security", | 403 | "category": "Physical and environment security", | ||
| 404 | "code": "6.8.1.2", | 404 | "code": "6.8.1.2", | ||
| 405 | "label": "Physical entry controls", | 405 | "label": "Physical entry controls", | ||
| 406 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 406 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 407 | "referential_label": "ISO 27701", | 407 | "referential_label": "ISO 27701", | ||
| 408 | "uuid": "3f68a76b-6c1d-4fcb-952e-c2e9de3d9363" | 408 | "uuid": "3f68a76b-6c1d-4fcb-952e-c2e9de3d9363" | ||
| 409 | }, | 409 | }, | ||
| 410 | { | 410 | { | ||
| 411 | "category": "Support", | 411 | "category": "Support", | ||
| 412 | "code": "5.5.2", | 412 | "code": "5.5.2", | ||
| 413 | "label": "Competence", | 413 | "label": "Competence", | ||
| 414 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 414 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 415 | "referential_label": "ISO 27701", | 415 | "referential_label": "ISO 27701", | ||
| 416 | "uuid": "3fa8deba-8222-473b-b966-dff98dd64a3e" | 416 | "uuid": "3fa8deba-8222-473b-b966-dff98dd64a3e" | ||
| 417 | }, | 417 | }, | ||
| 418 | { | 418 | { | ||
| 419 | "category": "Human resources security", | 419 | "category": "Human resources security", | ||
| 420 | "code": "6.4.1.1", | 420 | "code": "6.4.1.1", | ||
| 421 | "label": "Screening", | 421 | "label": "Screening", | ||
| 422 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 422 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 423 | "referential_label": "ISO 27701", | 423 | "referential_label": "ISO 27701", | ||
| 424 | "uuid": "40d912e5-c0d5-44c6-90eb-bdd3a9f7d5c4" | 424 | "uuid": "40d912e5-c0d5-44c6-90eb-bdd3a9f7d5c4" | ||
| 425 | }, | 425 | }, | ||
| 426 | { | 426 | { | ||
| 427 | "category": "Obligations to PII principals", | 427 | "category": "Obligations to PII principals", | ||
| 428 | "code": "A.7.3.8", | 428 | "code": "A.7.3.8", | ||
| 429 | "label": "Providing copy of PII processed", | 429 | "label": "Providing copy of PII processed", | ||
| 430 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 430 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 431 | "referential_label": "ISO 27701", | 431 | "referential_label": "ISO 27701", | ||
| 432 | "uuid": "442e6409-082e-4613-b000-49d141240fc5" | 432 | "uuid": "442e6409-082e-4613-b000-49d141240fc5" | ||
| 433 | }, | 433 | }, | ||
| 434 | { | 434 | { | ||
| 435 | "category": "Systems acquisition development and maintenance", | 435 | "category": "Systems acquisition development and maintenance", | ||
| 436 | "code": "6.11.2.3", | 436 | "code": "6.11.2.3", | ||
| 437 | "label": "Technical review of applications after operating platform changes", | 437 | "label": "Technical review of applications after operating platform changes", | ||
| 438 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 438 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 439 | "referential_label": "ISO 27701", | 439 | "referential_label": "ISO 27701", | ||
| 440 | "uuid": "4607f451-23b6-40ed-89f2-71cb91a4d282" | 440 | "uuid": "4607f451-23b6-40ed-89f2-71cb91a4d282" | ||
| 441 | }, | 441 | }, | ||
| 442 | { | 442 | { | ||
| 443 | "category": "Support", | 443 | "category": "Support", | ||
| 444 | "code": "5.5.5.2", | 444 | "code": "5.5.5.2", | ||
| 445 | "label": "Creating and updating", | 445 | "label": "Creating and updating", | ||
| 446 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 446 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 447 | "referential_label": "ISO 27701", | 447 | "referential_label": "ISO 27701", | ||
| 448 | "uuid": "4630e54e-2bfb-462e-b88d-4392efe7f276" | 448 | "uuid": "4630e54e-2bfb-462e-b88d-4392efe7f276" | ||
| 449 | }, | 449 | }, | ||
| 450 | { | 450 | { | ||
| 451 | "category": "Support", | 451 | "category": "Support", | ||
| 452 | "code": "5.5.3", | 452 | "code": "5.5.3", | ||
| 453 | "label": "Awareness", | 453 | "label": "Awareness", | ||
| 454 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 454 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 455 | "referential_label": "ISO 27701", | 455 | "referential_label": "ISO 27701", | ||
| 456 | "uuid": "466033e1-6c60-4db2-bf61-ebcae6645a0b" | 456 | "uuid": "466033e1-6c60-4db2-bf61-ebcae6645a0b" | ||
| 457 | }, | 457 | }, | ||
| 458 | { | 458 | { | ||
| 459 | "category": "Operation", | 459 | "category": "Operation", | ||
| 460 | "code": "5.6.2", | 460 | "code": "5.6.2", | ||
| 461 | "label": "Information security risk assessment", | 461 | "label": "Information security risk assessment", | ||
| 462 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 462 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 463 | "referential_label": "ISO 27701", | 463 | "referential_label": "ISO 27701", | ||
| 464 | "uuid": "4c9f0ab8-778b-4c94-aea9-68921b5ad148" | 464 | "uuid": "4c9f0ab8-778b-4c94-aea9-68921b5ad148" | ||
| 465 | }, | 465 | }, | ||
| 466 | { | 466 | { | ||
| 467 | "category": "Communication security", | 467 | "category": "Communication security", | ||
| 468 | "code": "6.10.2.2", | 468 | "code": "6.10.2.2", | ||
| 469 | "label": "Agreements on information transfer", | 469 | "label": "Agreements on information transfer", | ||
| 470 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 470 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 471 | "referential_label": "ISO 27701", | 471 | "referential_label": "ISO 27701", | ||
| 472 | "uuid": "4cfd17b6-5841-4fa7-8d3b-227af4d3b652" | 472 | "uuid": "4cfd17b6-5841-4fa7-8d3b-227af4d3b652" | ||
| 473 | }, | 473 | }, | ||
| 474 | { | 474 | { | ||
| 475 | "category": "Context of the organization", | 475 | "category": "Context of the organization", | ||
| 476 | "code": "5.2.1", | 476 | "code": "5.2.1", | ||
| 477 | "label": "Understanding the organization and its context", | 477 | "label": "Understanding the organization and its context", | ||
| 478 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 478 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 479 | "referential_label": "ISO 27701", | 479 | "referential_label": "ISO 27701", | ||
| 480 | "uuid": "514811fc-ca1a-49be-89cc-57f0042a77aa" | 480 | "uuid": "514811fc-ca1a-49be-89cc-57f0042a77aa" | ||
| 481 | }, | 481 | }, | ||
| 482 | { | 482 | { | ||
| 483 | "category": "Cryptography", | 483 | "category": "Cryptography", | ||
| 484 | "code": "6.7.1.1", | 484 | "code": "6.7.1.1", | ||
| 485 | "label": "Policy on the use of cryptographic controls", | 485 | "label": "Policy on the use of cryptographic controls", | ||
| 486 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 486 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 487 | "referential_label": "ISO 27701", | 487 | "referential_label": "ISO 27701", | ||
| 488 | "uuid": "53e91bf7-76ed-4cb8-b308-21f1dbd52aa3" | 488 | "uuid": "53e91bf7-76ed-4cb8-b308-21f1dbd52aa3" | ||
| 489 | }, | 489 | }, | ||
| 490 | { | 490 | { | ||
| 491 | "category": "Information security incident management", | 491 | "category": "Information security incident management", | ||
| 492 | "code": "6.13.1.2", | 492 | "code": "6.13.1.2", | ||
| 493 | "label": "Reporting information security events", | 493 | "label": "Reporting information security events", | ||
| 494 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 494 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 495 | "referential_label": "ISO 27701", | 495 | "referential_label": "ISO 27701", | ||
| 496 | "uuid": "54d38b77-2e5c-4c4e-b47b-b936518e8094" | 496 | "uuid": "54d38b77-2e5c-4c4e-b47b-b936518e8094" | ||
| 497 | }, | 497 | }, | ||
| 498 | { | 498 | { | ||
| 499 | "category": "Access control", | 499 | "category": "Access control", | ||
| 500 | "code": "6.6.3.1", | 500 | "code": "6.6.3.1", | ||
| 501 | "label": "Use of secret authentication information", | 501 | "label": "Use of secret authentication information", | ||
| 502 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 502 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 503 | "referential_label": "ISO 27701", | 503 | "referential_label": "ISO 27701", | ||
| 504 | "uuid": "55f0123d-1c82-4352-8700-03a66e9d72fc" | 504 | "uuid": "55f0123d-1c82-4352-8700-03a66e9d72fc" | ||
| 505 | }, | 505 | }, | ||
| 506 | { | 506 | { | ||
| 507 | "category": "Privacy by design and privacy by default", | 507 | "category": "Privacy by design and privacy by default", | ||
| 508 | "code": "A.7.4.5", | 508 | "code": "A.7.4.5", | ||
| 509 | "label": "PII de-identification and deletion at the end of processing", | 509 | "label": "PII de-identification and deletion at the end of processing", | ||
| 510 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 510 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 511 | "referential_label": "ISO 27701", | 511 | "referential_label": "ISO 27701", | ||
| 512 | "uuid": "56844655-7f50-46ec-bfc1-6d40fa74b31b" | 512 | "uuid": "56844655-7f50-46ec-bfc1-6d40fa74b31b" | ||
| 513 | }, | 513 | }, | ||
| 514 | { | 514 | { | ||
| 515 | "category": "PII sharing transfer and disclosure", | 515 | "category": "PII sharing transfer and disclosure", | ||
| 516 | "code": "B.8.5.5", | 516 | "code": "B.8.5.5", | ||
| 517 | "label": "Legally binding PII disclosures", | 517 | "label": "Legally binding PII disclosures", | ||
| 518 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 518 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 519 | "referential_label": "ISO 27701", | 519 | "referential_label": "ISO 27701", | ||
| 520 | "uuid": "56dc629e-506a-4502-b42d-a49e72ed7ec9" | 520 | "uuid": "56dc629e-506a-4502-b42d-a49e72ed7ec9" | ||
| 521 | }, | 521 | }, | ||
| 522 | { | 522 | { | ||
| 523 | "category": "Physical and environment security", | 523 | "category": "Physical and environment security", | ||
| 524 | "code": "6.8.1.5", | 524 | "code": "6.8.1.5", | ||
| 525 | "label": "Working in secure areas", | 525 | "label": "Working in secure areas", | ||
| 526 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 526 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 527 | "referential_label": "ISO 27701", | 527 | "referential_label": "ISO 27701", | ||
| 528 | "uuid": "58c52280-09b2-4c91-ab59-eb995f5688fd" | 528 | "uuid": "58c52280-09b2-4c91-ab59-eb995f5688fd" | ||
| 529 | }, | 529 | }, | ||
| 530 | { | 530 | { | ||
| 531 | "category": "Access control", | 531 | "category": "Access control", | ||
| 532 | "code": "6.6.1.1", | 532 | "code": "6.6.1.1", | ||
| 533 | "label": "Access control policy", | 533 | "label": "Access control policy", | ||
| 534 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 534 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 535 | "referential_label": "ISO 27701", | 535 | "referential_label": "ISO 27701", | ||
| 536 | "uuid": "5cdeff98-2016-4d39-858e-3fc915185b52" | 536 | "uuid": "5cdeff98-2016-4d39-858e-3fc915185b52" | ||
| 537 | }, | 537 | }, | ||
| 538 | { | 538 | { | ||
| 539 | "category": "Organisation of information security", | 539 | "category": "Organisation of information security", | ||
| 540 | "code": "6.3.1.1", | 540 | "code": "6.3.1.1", | ||
| 541 | "label": "Information security roles and responsibilities", | 541 | "label": "Information security roles and responsibilities", | ||
| 542 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 542 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 543 | "referential_label": "ISO 27701", | 543 | "referential_label": "ISO 27701", | ||
| 544 | "uuid": "64cdbec6-e81c-4baf-92bf-1ce53cf3d8b2" | 544 | "uuid": "64cdbec6-e81c-4baf-92bf-1ce53cf3d8b2" | ||
| 545 | }, | 545 | }, | ||
| 546 | { | 546 | { | ||
| 547 | "category": "Support", | 547 | "category": "Support", | ||
| 548 | "code": "5.5.5.1", | 548 | "code": "5.5.5.1", | ||
| 549 | "label": "General", | 549 | "label": "General", | ||
| 550 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 550 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 551 | "referential_label": "ISO 27701", | 551 | "referential_label": "ISO 27701", | ||
| 552 | "uuid": "65f112a9-3b20-4f18-950b-085d0be3f114" | 552 | "uuid": "65f112a9-3b20-4f18-950b-085d0be3f114" | ||
| 553 | }, | 553 | }, | ||
| 554 | { | 554 | { | ||
| 555 | "category": "Operations security", | 555 | "category": "Operations security", | ||
| 556 | "code": "6.9.6.2", | 556 | "code": "6.9.6.2", | ||
| 557 | "label": "Restrictions on software installation", | 557 | "label": "Restrictions on software installation", | ||
| 558 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 558 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 559 | "referential_label": "ISO 27701", | 559 | "referential_label": "ISO 27701", | ||
| 560 | "uuid": "66d4273e-98cd-4d08-9acb-08ba787db13a" | 560 | "uuid": "66d4273e-98cd-4d08-9acb-08ba787db13a" | ||
| 561 | }, | 561 | }, | ||
| 562 | { | 562 | { | ||
| 563 | "category": "Support", | 563 | "category": "Support", | ||
| 564 | "code": "5.5.5.3", | 564 | "code": "5.5.5.3", | ||
| 565 | "label": "Control of documented information", | 565 | "label": "Control of documented information", | ||
| 566 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 566 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 567 | "referential_label": "ISO 27701", | 567 | "referential_label": "ISO 27701", | ||
| 568 | "uuid": "6780dda7-2c33-496b-81e3-9d868f47b61d" | 568 | "uuid": "6780dda7-2c33-496b-81e3-9d868f47b61d" | ||
| 569 | }, | 569 | }, | ||
| 570 | { | 570 | { | ||
| 571 | "category": "Physical and environment security", | 571 | "category": "Physical and environment security", | ||
| 572 | "code": "6.8.2.9", | 572 | "code": "6.8.2.9", | ||
| 573 | "label": "Clear desk and clear screen policy", | 573 | "label": "Clear desk and clear screen policy", | ||
| 574 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 574 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 575 | "referential_label": "ISO 27701", | 575 | "referential_label": "ISO 27701", | ||
| 576 | "uuid": "67d95c58-fdf0-439d-8ce6-277238136141" | 576 | "uuid": "67d95c58-fdf0-439d-8ce6-277238136141" | ||
| 577 | }, | 577 | }, | ||
| 578 | { | 578 | { | ||
| 579 | "category": "Operations security", | 579 | "category": "Operations security", | ||
| 580 | "code": "6.9.5.1", | 580 | "code": "6.9.5.1", | ||
| 581 | "label": "Installation of software on operational systems", | 581 | "label": "Installation of software on operational systems", | ||
| 582 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 582 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 583 | "referential_label": "ISO 27701", | 583 | "referential_label": "ISO 27701", | ||
| 584 | "uuid": "6a78d184-cc44-461e-af3d-3ebc8380b78f" | 584 | "uuid": "6a78d184-cc44-461e-af3d-3ebc8380b78f" | ||
| 585 | }, | 585 | }, | ||
| 586 | { | 586 | { | ||
| 587 | "category": "Systems acquisition development and maintenance", | 587 | "category": "Systems acquisition development and maintenance", | ||
| 588 | "code": "6.11.2.7", | 588 | "code": "6.11.2.7", | ||
| 589 | "label": "Outsourced development", | 589 | "label": "Outsourced development", | ||
| 590 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 590 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 591 | "referential_label": "ISO 27701", | 591 | "referential_label": "ISO 27701", | ||
| 592 | "uuid": "6ac5a193-c021-4df4-abd1-bb0aed4af36a" | 592 | "uuid": "6ac5a193-c021-4df4-abd1-bb0aed4af36a" | ||
| 593 | }, | 593 | }, | ||
| 594 | { | 594 | { | ||
| 595 | "category": "Information security incident management", | 595 | "category": "Information security incident management", | ||
| 596 | "code": "6.13.1.4", | 596 | "code": "6.13.1.4", | ||
| 597 | "label": "Assessment of and decision on information security events", | 597 | "label": "Assessment of and decision on information security events", | ||
| 598 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 598 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 599 | "referential_label": "ISO 27701", | 599 | "referential_label": "ISO 27701", | ||
| 600 | "uuid": "6c50d8a4-6793-479b-84af-f3cf94fe4102" | 600 | "uuid": "6c50d8a4-6793-479b-84af-f3cf94fe4102" | ||
| 601 | }, | 601 | }, | ||
| 602 | { | 602 | { | ||
| 603 | "category": "Information security incident management", | 603 | "category": "Information security incident management", | ||
| 604 | "code": "6.13.1.3", | 604 | "code": "6.13.1.3", | ||
| 605 | "label": "Reporting information security weaknesses", | 605 | "label": "Reporting information security weaknesses", | ||
| 606 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 606 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 607 | "referential_label": "ISO 27701", | 607 | "referential_label": "ISO 27701", | ||
| 608 | "uuid": "6dd7fb16-a5f8-4722-9197-bf198327ed8b" | 608 | "uuid": "6dd7fb16-a5f8-4722-9197-bf198327ed8b" | ||
| 609 | }, | 609 | }, | ||
| 610 | { | 610 | { | ||
| 611 | "category": "Human resources security", | 611 | "category": "Human resources security", | ||
| 612 | "code": "6.4.2.1", | 612 | "code": "6.4.2.1", | ||
| 613 | "label": "Management responsibilities", | 613 | "label": "Management responsibilities", | ||
| 614 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 614 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 615 | "referential_label": "ISO 27701", | 615 | "referential_label": "ISO 27701", | ||
| 616 | "uuid": "6ddcd365-eeca-473d-b9ad-03726ae858d8" | 616 | "uuid": "6ddcd365-eeca-473d-b9ad-03726ae858d8" | ||
| 617 | }, | 617 | }, | ||
| 618 | { | 618 | { | ||
| 619 | "category": "Privacy by design and privacy by default", | 619 | "category": "Privacy by design and privacy by default", | ||
| 620 | "code": "A.7.4.3", | 620 | "code": "A.7.4.3", | ||
| 621 | "label": "Accuracy and quality", | 621 | "label": "Accuracy and quality", | ||
| 622 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 622 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 623 | "referential_label": "ISO 27701", | 623 | "referential_label": "ISO 27701", | ||
| 624 | "uuid": "6ee51d2e-83fe-4198-8118-dc7db98515b1" | 624 | "uuid": "6ee51d2e-83fe-4198-8118-dc7db98515b1" | ||
| 625 | }, | 625 | }, | ||
| 626 | { | 626 | { | ||
| 627 | "category": "Operations security", | 627 | "category": "Operations security", | ||
| 628 | "code": "6.9.1.1", | 628 | "code": "6.9.1.1", | ||
| 629 | "label": "Documented operating procedures", | 629 | "label": "Documented operating procedures", | ||
| 630 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 630 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 631 | "referential_label": "ISO 27701", | 631 | "referential_label": "ISO 27701", | ||
| 632 | "uuid": "70a53056-137e-429a-9483-0a2e92a24fac" | 632 | "uuid": "70a53056-137e-429a-9483-0a2e92a24fac" | ||
| 633 | }, | 633 | }, | ||
| 634 | { | 634 | { | ||
| 635 | "category": "Asset Management", | 635 | "category": "Asset Management", | ||
| 636 | "code": "6.5.3.3", | 636 | "code": "6.5.3.3", | ||
| 637 | "label": "Physical media transfer", | 637 | "label": "Physical media transfer", | ||
| 638 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 638 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 639 | "referential_label": "ISO 27701", | 639 | "referential_label": "ISO 27701", | ||
| 640 | "uuid": "71761dbc-aea1-4d01-b09d-abe2e67c4f1a" | 640 | "uuid": "71761dbc-aea1-4d01-b09d-abe2e67c4f1a" | ||
| 641 | }, | 641 | }, | ||
| 642 | { | 642 | { | ||
| 643 | "category": "Access control", | 643 | "category": "Access control", | ||
| 644 | "code": "6.6.4.4", | 644 | "code": "6.6.4.4", | ||
| 645 | "label": "Use of privileged utility programs", | 645 | "label": "Use of privileged utility programs", | ||
| 646 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 646 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 647 | "referential_label": "ISO 27701", | 647 | "referential_label": "ISO 27701", | ||
| 648 | "uuid": "719158a7-c965-46e2-bed9-d273925a3fdd" | 648 | "uuid": "719158a7-c965-46e2-bed9-d273925a3fdd" | ||
| 649 | }, | 649 | }, | ||
| 650 | { | 650 | { | ||
| 651 | "category": "Operations security", | 651 | "category": "Operations security", | ||
| 652 | "code": "6.9.4.3", | 652 | "code": "6.9.4.3", | ||
| 653 | "label": "Administrator and operator logs", | 653 | "label": "Administrator and operator logs", | ||
| 654 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 654 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 655 | "referential_label": "ISO 27701", | 655 | "referential_label": "ISO 27701", | ||
| 656 | "uuid": "7405dca3-2282-47e2-ac19-1992ff0a0228" | 656 | "uuid": "7405dca3-2282-47e2-ac19-1992ff0a0228" | ||
| 657 | }, | 657 | }, | ||
| 658 | { | 658 | { | ||
| 659 | "category": "Operations security", | 659 | "category": "Operations security", | ||
| 660 | "code": "6.9.1.4", | 660 | "code": "6.9.1.4", | ||
| 661 | "label": "Separation of development testing and operational environments", | 661 | "label": "Separation of development testing and operational environments", | ||
| 662 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 662 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 663 | "referential_label": "ISO 27701", | 663 | "referential_label": "ISO 27701", | ||
| 664 | "uuid": "777d9c77-1093-4a4f-9c1f-ff9db9aa96c1" | 664 | "uuid": "777d9c77-1093-4a4f-9c1f-ff9db9aa96c1" | ||
| 665 | }, | 665 | }, | ||
| 666 | { | 666 | { | ||
| 667 | "category": "Physical and environment security", | 667 | "category": "Physical and environment security", | ||
| 668 | "code": "6.8.2.4", | 668 | "code": "6.8.2.4", | ||
| 669 | "label": "Equipment maintenance", | 669 | "label": "Equipment maintenance", | ||
| 670 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 670 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 671 | "referential_label": "ISO 27701", | 671 | "referential_label": "ISO 27701", | ||
| 672 | "uuid": "77d78b64-a53d-4a62-9b00-7bc4c6df5d99" | 672 | "uuid": "77d78b64-a53d-4a62-9b00-7bc4c6df5d99" | ||
| 673 | }, | 673 | }, | ||
| 674 | { | 674 | { | ||
| 675 | "category": "Performance Evaluation", | 675 | "category": "Performance Evaluation", | ||
| 676 | "code": "5.7.1", | 676 | "code": "5.7.1", | ||
| 677 | "label": "Monitoring measurement analysis and evaluation", | 677 | "label": "Monitoring measurement analysis and evaluation", | ||
| 678 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 678 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 679 | "referential_label": "ISO 27701", | 679 | "referential_label": "ISO 27701", | ||
| 680 | "uuid": "78bae82d-72d6-4b22-abc1-d49747a6dbad" | 680 | "uuid": "78bae82d-72d6-4b22-abc1-d49747a6dbad" | ||
| 681 | }, | 681 | }, | ||
| 682 | { | 682 | { | ||
| 683 | "category": "Systems acquisition development and maintenance", | 683 | "category": "Systems acquisition development and maintenance", | ||
| 684 | "code": "6.11.1.1", | 684 | "code": "6.11.1.1", | ||
| 685 | "label": "Information security requirements analysis and specification", | 685 | "label": "Information security requirements analysis and specification", | ||
| 686 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 686 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 687 | "referential_label": "ISO 27701", | 687 | "referential_label": "ISO 27701", | ||
| 688 | "uuid": "7b804877-23cc-4f04-9979-8b6f985d04b9" | 688 | "uuid": "7b804877-23cc-4f04-9979-8b6f985d04b9" | ||
| 689 | }, | 689 | }, | ||
| 690 | { | 690 | { | ||
| 691 | "category": "Performance Evaluation", | 691 | "category": "Performance Evaluation", | ||
| 692 | "code": "5.7.2", | 692 | "code": "5.7.2", | ||
| 693 | "label": "Internal audit", | 693 | "label": "Internal audit", | ||
| 694 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 694 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 695 | "referential_label": "ISO 27701", | 695 | "referential_label": "ISO 27701", | ||
| 696 | "uuid": "7b8aa5d2-9afa-4e76-a038-1bb4f169fc23" | 696 | "uuid": "7b8aa5d2-9afa-4e76-a038-1bb4f169fc23" | ||
| 697 | }, | 697 | }, | ||
| 698 | { | 698 | { | ||
| 699 | "category": "Privacy by design and privacy by default", | 699 | "category": "Privacy by design and privacy by default", | ||
| 700 | "code": "A.7.4.1", | 700 | "code": "A.7.4.1", | ||
| 701 | "label": "Limit collection", | 701 | "label": "Limit collection", | ||
| 702 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 702 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 703 | "referential_label": "ISO 27701", | 703 | "referential_label": "ISO 27701", | ||
| 704 | "uuid": "7bc37de2-8b17-4965-980c-94260e7c84c9" | 704 | "uuid": "7bc37de2-8b17-4965-980c-94260e7c84c9" | ||
| 705 | }, | 705 | }, | ||
| 706 | { | 706 | { | ||
| 707 | "category": "Communication security", | 707 | "category": "Communication security", | ||
| 708 | "code": "6.10.2.4", | 708 | "code": "6.10.2.4", | ||
| 709 | "label": "Confidentiality or non-disclosure agreements", | 709 | "label": "Confidentiality or non-disclosure agreements", | ||
| 710 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 710 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 711 | "referential_label": "ISO 27701", | 711 | "referential_label": "ISO 27701", | ||
| 712 | "uuid": "7fab270e-33dc-4df8-853b-770b47ed8b67" | 712 | "uuid": "7fab270e-33dc-4df8-853b-770b47ed8b67" | ||
| 713 | }, | 713 | }, | ||
| 714 | { | 714 | { | ||
| 715 | "category": "Information security incident management", | 715 | "category": "Information security incident management", | ||
| 716 | "code": "6.13.1.6", | 716 | "code": "6.13.1.6", | ||
| 717 | "label": "Learning from information security incidents", | 717 | "label": "Learning from information security incidents", | ||
| 718 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 718 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 719 | "referential_label": "ISO 27701", | 719 | "referential_label": "ISO 27701", | ||
| 720 | "uuid": "805044a1-7f8c-40b4-9a29-5a9724624a69" | 720 | "uuid": "805044a1-7f8c-40b4-9a29-5a9724624a69" | ||
| 721 | }, | 721 | }, | ||
| 722 | { | 722 | { | ||
| 723 | "category": "Asset Management", | 723 | "category": "Asset Management", | ||
| 724 | "code": "6.5.3.2", | 724 | "code": "6.5.3.2", | ||
| 725 | "label": "Disposal of media", | 725 | "label": "Disposal of media", | ||
| 726 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 726 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 727 | "referential_label": "ISO 27701", | 727 | "referential_label": "ISO 27701", | ||
| 728 | "uuid": "8247018f-5966-4fa1-86ed-74f89a17752d" | 728 | "uuid": "8247018f-5966-4fa1-86ed-74f89a17752d" | ||
| 729 | }, | 729 | }, | ||
| 730 | { | 730 | { | ||
| 731 | "category": "Access control", | 731 | "category": "Access control", | ||
| 732 | "code": "6.6.4.1", | 732 | "code": "6.6.4.1", | ||
| 733 | "label": "Information access restriction", | 733 | "label": "Information access restriction", | ||
| 734 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 734 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 735 | "referential_label": "ISO 27701", | 735 | "referential_label": "ISO 27701", | ||
| 736 | "uuid": "84f2f3dc-54c0-4b96-8d27-8f2ae47a2964" | 736 | "uuid": "84f2f3dc-54c0-4b96-8d27-8f2ae47a2964" | ||
| 737 | }, | 737 | }, | ||
| 738 | { | 738 | { | ||
| 739 | "category": "Compliance", | 739 | "category": "Compliance", | ||
| 740 | "code": "6.15.2.3", | 740 | "code": "6.15.2.3", | ||
| 741 | "label": "Technical compliance review", | 741 | "label": "Technical compliance review", | ||
| 742 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 742 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 743 | "referential_label": "ISO 27701", | 743 | "referential_label": "ISO 27701", | ||
| 744 | "uuid": "853373dc-8dc4-451e-b100-55d42aee4ffe" | 744 | "uuid": "853373dc-8dc4-451e-b100-55d42aee4ffe" | ||
| 745 | }, | 745 | }, | ||
| 746 | { | 746 | { | ||
| 747 | "category": "Asset Management", | 747 | "category": "Asset Management", | ||
| 748 | "code": "6.5.1.3", | 748 | "code": "6.5.1.3", | ||
| 749 | "label": "Acceptable Use of Assets", | 749 | "label": "Acceptable Use of Assets", | ||
| 750 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 750 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 751 | "referential_label": "ISO 27701", | 751 | "referential_label": "ISO 27701", | ||
| 752 | "uuid": "85b65a44-6cca-498f-ab76-1079d0bdfadc" | 752 | "uuid": "85b65a44-6cca-498f-ab76-1079d0bdfadc" | ||
| 753 | }, | 753 | }, | ||
| 754 | { | 754 | { | ||
| 755 | "category": "Conditions for collection and processing", | 755 | "category": "Conditions for collection and processing", | ||
| 756 | "code": "B.8.2.3", | 756 | "code": "B.8.2.3", | ||
| 757 | "label": "Marketing and advertising use", | 757 | "label": "Marketing and advertising use", | ||
| 758 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 758 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 759 | "referential_label": "ISO 27701", | 759 | "referential_label": "ISO 27701", | ||
| 760 | "uuid": "8862ca92-f431-48c6-b565-fd5fb9aa46d8" | 760 | "uuid": "8862ca92-f431-48c6-b565-fd5fb9aa46d8" | ||
| 761 | }, | 761 | }, | ||
| 762 | { | 762 | { | ||
| 763 | "category": "Organisation of information security", | 763 | "category": "Organisation of information security", | ||
| 764 | "code": "6.3.2.2", | 764 | "code": "6.3.2.2", | ||
| 765 | "label": "Teleworking", | 765 | "label": "Teleworking", | ||
| 766 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 766 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 767 | "referential_label": "ISO 27701", | 767 | "referential_label": "ISO 27701", | ||
| 768 | "uuid": "8bb579d1-e9c6-4883-92a9-185cb3987b66" | 768 | "uuid": "8bb579d1-e9c6-4883-92a9-185cb3987b66" | ||
| 769 | }, | 769 | }, | ||
| 770 | { | 770 | { | ||
| 771 | "category": "Leadership", | 771 | "category": "Leadership", | ||
| 772 | "code": "5.3.1", | 772 | "code": "5.3.1", | ||
| 773 | "label": "Leadership and commitment", | 773 | "label": "Leadership and commitment", | ||
| 774 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 774 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 775 | "referential_label": "ISO 27701", | 775 | "referential_label": "ISO 27701", | ||
| 776 | "uuid": "8d3a8ce7-3c35-4aed-8143-32f5d2279054" | 776 | "uuid": "8d3a8ce7-3c35-4aed-8143-32f5d2279054" | ||
| 777 | }, | 777 | }, | ||
| 778 | { | 778 | { | ||
| 779 | "category": "Leadership", | 779 | "category": "Leadership", | ||
| 780 | "code": "5.3.2", | 780 | "code": "5.3.2", | ||
| 781 | "label": "Policy", | 781 | "label": "Policy", | ||
| 782 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 782 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 783 | "referential_label": "ISO 27701", | 783 | "referential_label": "ISO 27701", | ||
| 784 | "uuid": "8d6462fd-5a10-4847-92d1-da2585439e5e" | 784 | "uuid": "8d6462fd-5a10-4847-92d1-da2585439e5e" | ||
| 785 | }, | 785 | }, | ||
| 786 | { | 786 | { | ||
| 787 | "category": "Privacy by design and privacy by default", | 787 | "category": "Privacy by design and privacy by default", | ||
| 788 | "code": "A.7.4.4", | 788 | "code": "A.7.4.4", | ||
| 789 | "label": "PII minimization objectives", | 789 | "label": "PII minimization objectives", | ||
| 790 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 790 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 791 | "referential_label": "ISO 27701", | 791 | "referential_label": "ISO 27701", | ||
| 792 | "uuid": "8e26c999-8f20-4cfc-8682-3d14c4d8315d" | 792 | "uuid": "8e26c999-8f20-4cfc-8682-3d14c4d8315d" | ||
| 793 | }, | 793 | }, | ||
| 794 | { | 794 | { | ||
| 795 | "category": "Conditions for collection and processing", | 795 | "category": "Conditions for collection and processing", | ||
| 796 | "code": "A.7.2.8", | 796 | "code": "A.7.2.8", | ||
| 797 | "label": "Records related to processing PII", | 797 | "label": "Records related to processing PII", | ||
| 798 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 798 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 799 | "referential_label": "ISO 27701", | 799 | "referential_label": "ISO 27701", | ||
| 800 | "uuid": "8e697e5d-c974-44eb-b973-d6c8ba916725" | 800 | "uuid": "8e697e5d-c974-44eb-b973-d6c8ba916725" | ||
| 801 | }, | 801 | }, | ||
| 802 | { | 802 | { | ||
| 803 | "category": "Asset Management", | 803 | "category": "Asset Management", | ||
| 804 | "code": "6.5.2.3", | 804 | "code": "6.5.2.3", | ||
| 805 | "label": "Handling of Assets", | 805 | "label": "Handling of Assets", | ||
| 806 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 806 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 807 | "referential_label": "ISO 27701", | 807 | "referential_label": "ISO 27701", | ||
| 808 | "uuid": "8f246d95-7e65-4fdf-a9bd-a567e537843e" | 808 | "uuid": "8f246d95-7e65-4fdf-a9bd-a567e537843e" | ||
| 809 | }, | 809 | }, | ||
| 810 | { | 810 | { | ||
| 811 | "category": "Context of the organization", | 811 | "category": "Context of the organization", | ||
| 812 | "code": "5.2.2", | 812 | "code": "5.2.2", | ||
| 813 | "label": "Understanding the needs and expectations of interested parties", | 813 | "label": "Understanding the needs and expectations of interested parties", | ||
| 814 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 814 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 815 | "referential_label": "ISO 27701", | 815 | "referential_label": "ISO 27701", | ||
| 816 | "uuid": "8f6ef571-4efe-4df1-bca5-92af7e966240" | 816 | "uuid": "8f6ef571-4efe-4df1-bca5-92af7e966240" | ||
| 817 | }, | 817 | }, | ||
| 818 | { | 818 | { | ||
| 819 | "category": "Systems acquisition development and maintenance", | 819 | "category": "Systems acquisition development and maintenance", | ||
| 820 | "code": "6.11.2.1", | 820 | "code": "6.11.2.1", | ||
| 821 | "label": "Secure development policy", | 821 | "label": "Secure development policy", | ||
| 822 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 822 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 823 | "referential_label": "ISO 27701", | 823 | "referential_label": "ISO 27701", | ||
| 824 | "uuid": "8fa447dd-b5e2-4be0-9784-4386ba03abf5" | 824 | "uuid": "8fa447dd-b5e2-4be0-9784-4386ba03abf5" | ||
| 825 | }, | 825 | }, | ||
| 826 | { | 826 | { | ||
| 827 | "category": "Asset Management", | 827 | "category": "Asset Management", | ||
| 828 | "code": "6.5.2.1", | 828 | "code": "6.5.2.1", | ||
| 829 | "label": "Classification of information", | 829 | "label": "Classification of information", | ||
| 830 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 830 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 831 | "referential_label": "ISO 27701", | 831 | "referential_label": "ISO 27701", | ||
| 832 | "uuid": "91bd3542-b178-4c2e-a62e-ba5d37360ca4" | 832 | "uuid": "91bd3542-b178-4c2e-a62e-ba5d37360ca4" | ||
| 833 | }, | 833 | }, | ||
| 834 | { | 834 | { | ||
| 835 | "category": "Systems acquisition development and maintenance", | 835 | "category": "Systems acquisition development and maintenance", | ||
| 836 | "code": "6.11.1.3", | 836 | "code": "6.11.1.3", | ||
| 837 | "label": "Protecting application services transactions", | 837 | "label": "Protecting application services transactions", | ||
| 838 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 838 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 839 | "referential_label": "ISO 27701", | 839 | "referential_label": "ISO 27701", | ||
| 840 | "uuid": "92cc1326-12da-4199-b805-9dfb5a6f5870" | 840 | "uuid": "92cc1326-12da-4199-b805-9dfb5a6f5870" | ||
| 841 | }, | 841 | }, | ||
| 842 | { | 842 | { | ||
| 843 | "category": "Supplier relationships", | 843 | "category": "Supplier relationships", | ||
| 844 | "code": "6.12.2.2", | 844 | "code": "6.12.2.2", | ||
| 845 | "label": "Managing changes to supplier services", | 845 | "label": "Managing changes to supplier services", | ||
| 846 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 846 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 847 | "referential_label": "ISO 27701", | 847 | "referential_label": "ISO 27701", | ||
| 848 | "uuid": "94aa96fa-a2fa-4507-bec5-05fe0db41b9f" | 848 | "uuid": "94aa96fa-a2fa-4507-bec5-05fe0db41b9f" | ||
| 849 | }, | 849 | }, | ||
| 850 | { | 850 | { | ||
| 851 | "category": "Information security objectives and planning to achieve them", | 851 | "category": "Information security objectives and planning to achieve them", | ||
| 852 | "code": "5.4.2", | 852 | "code": "5.4.2", | ||
| 853 | "label": "Information security objectives and planning to achieve them", | 853 | "label": "Information security objectives and planning to achieve them", | ||
| 854 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 854 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 855 | "referential_label": "ISO 27701", | 855 | "referential_label": "ISO 27701", | ||
| 856 | "uuid": "9a30e1ba-93d3-4e96-b8d9-663f2720e90a" | 856 | "uuid": "9a30e1ba-93d3-4e96-b8d9-663f2720e90a" | ||
| 857 | }, | 857 | }, | ||
| 858 | { | 858 | { | ||
| 859 | "category": "PII sharing transfer and disclosure", | 859 | "category": "PII sharing transfer and disclosure", | ||
| 860 | "code": "B.8.5.3", | 860 | "code": "B.8.5.3", | ||
| 861 | "label": "Records of PII disclosure to third parties", | 861 | "label": "Records of PII disclosure to third parties", | ||
| 862 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 862 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 863 | "referential_label": "ISO 27701", | 863 | "referential_label": "ISO 27701", | ||
| 864 | "uuid": "9b1c4774-db02-4e14-9b1b-c4fc81438413" | 864 | "uuid": "9b1c4774-db02-4e14-9b1b-c4fc81438413" | ||
| 865 | }, | 865 | }, | ||
| 866 | { | 866 | { | ||
| 867 | "category": "Access control", | 867 | "category": "Access control", | ||
| 868 | "code": "6.6.2.3", | 868 | "code": "6.6.2.3", | ||
| 869 | "label": "Management of privileged access rights", | 869 | "label": "Management of privileged access rights", | ||
| 870 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 870 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 871 | "referential_label": "ISO 27701", | 871 | "referential_label": "ISO 27701", | ||
| 872 | "uuid": "9bb3a441-d077-49a3-a20f-c91f431104e3" | 872 | "uuid": "9bb3a441-d077-49a3-a20f-c91f431104e3" | ||
| 873 | }, | 873 | }, | ||
| 874 | { | 874 | { | ||
| 875 | "category": "PII sharing transfer and disclosure", | 875 | "category": "PII sharing transfer and disclosure", | ||
| 876 | "code": "A.7.5.2", | 876 | "code": "A.7.5.2", | ||
| 877 | "label": "Countries and international organizations to which PII can be transferred", | 877 | "label": "Countries and international organizations to which PII can be transferred", | ||
| 878 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 878 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 879 | "referential_label": "ISO 27701", | 879 | "referential_label": "ISO 27701", | ||
| 880 | "uuid": "9cc453f9-ec65-4091-b72f-c4411023de64" | 880 | "uuid": "9cc453f9-ec65-4091-b72f-c4411023de64" | ||
| 881 | }, | 881 | }, | ||
| 882 | { | 882 | { | ||
| 883 | "category": "Supplier relationships", | 883 | "category": "Supplier relationships", | ||
| 884 | "code": "6.12.1.3", | 884 | "code": "6.12.1.3", | ||
| 885 | "label": "Information and communication technology supply chain", | 885 | "label": "Information and communication technology supply chain", | ||
| 886 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 886 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 887 | "referential_label": "ISO 27701", | 887 | "referential_label": "ISO 27701", | ||
| 888 | "uuid": "9d3cc972-695b-4700-b0ad-a53891329322" | 888 | "uuid": "9d3cc972-695b-4700-b0ad-a53891329322" | ||
| 889 | }, | 889 | }, | ||
| 890 | { | 890 | { | ||
| 891 | "category": "Cryptography", | 891 | "category": "Cryptography", | ||
| 892 | "code": "6.7.1.2", | 892 | "code": "6.7.1.2", | ||
| 893 | "label": "Key management", | 893 | "label": "Key management", | ||
| 894 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 894 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 895 | "referential_label": "ISO 27701", | 895 | "referential_label": "ISO 27701", | ||
| 896 | "uuid": "9eac1198-8099-4b6c-931c-f59fbc2ec30e" | 896 | "uuid": "9eac1198-8099-4b6c-931c-f59fbc2ec30e" | ||
| 897 | }, | 897 | }, | ||
| 898 | { | 898 | { | ||
| 899 | "category": "Human resources security", | 899 | "category": "Human resources security", | ||
| 900 | "code": "6.4.2.3", | 900 | "code": "6.4.2.3", | ||
| 901 | "label": "Disciplinary procedures", | 901 | "label": "Disciplinary procedures", | ||
| 902 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 902 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 903 | "referential_label": "ISO 27701", | 903 | "referential_label": "ISO 27701", | ||
| 904 | "uuid": "9f509e16-fd65-4121-8144-c2403c924dfb" | 904 | "uuid": "9f509e16-fd65-4121-8144-c2403c924dfb" | ||
| 905 | }, | 905 | }, | ||
| 906 | { | 906 | { | ||
| 907 | "category": "PII sharing transfer and disclosure", | 907 | "category": "PII sharing transfer and disclosure", | ||
| 908 | "code": "B.8.5.6", | 908 | "code": "B.8.5.6", | ||
| 909 | "label": "Disclosure of subcontractors used to process PII", | 909 | "label": "Disclosure of subcontractors used to process PII", | ||
| 910 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 910 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 911 | "referential_label": "ISO 27701", | 911 | "referential_label": "ISO 27701", | ||
| 912 | "uuid": "a0091b82-4864-49dc-a885-a27cd933d4aa" | 912 | "uuid": "a0091b82-4864-49dc-a885-a27cd933d4aa" | ||
| 913 | }, | 913 | }, | ||
| 914 | { | 914 | { | ||
| 915 | "category": "Operations security", | 915 | "category": "Operations security", | ||
| 916 | "code": "6.9.2.1", | 916 | "code": "6.9.2.1", | ||
| 917 | "label": "Controls against malware", | 917 | "label": "Controls against malware", | ||
| 918 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 918 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 919 | "referential_label": "ISO 27701", | 919 | "referential_label": "ISO 27701", | ||
| 920 | "uuid": "a0494662-1835-44f8-b600-df2d2bcdaf7f" | 920 | "uuid": "a0494662-1835-44f8-b600-df2d2bcdaf7f" | ||
| 921 | }, | 921 | }, | ||
| 922 | { | 922 | { | ||
| 923 | "category": "Obligations to PII principals", | 923 | "category": "Obligations to PII principals", | ||
| 924 | "code": "A.7.3.6", | 924 | "code": "A.7.3.6", | ||
| 925 | "label": "Access correction and/or erasure", | 925 | "label": "Access correction and/or erasure", | ||
| 926 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 926 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 927 | "referential_label": "ISO 27701", | 927 | "referential_label": "ISO 27701", | ||
| 928 | "uuid": "a1141b2f-868c-4c8c-bb32-911732b9adf9" | 928 | "uuid": "a1141b2f-868c-4c8c-bb32-911732b9adf9" | ||
| 929 | }, | 929 | }, | ||
| 930 | { | 930 | { | ||
| 931 | "category": "Leadership", | 931 | "category": "Leadership", | ||
| 932 | "code": "5.3.3", | 932 | "code": "5.3.3", | ||
| 933 | "label": "Organizational roles responsibilities and authorities", | 933 | "label": "Organizational roles responsibilities and authorities", | ||
| 934 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 934 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 935 | "referential_label": "ISO 27701", | 935 | "referential_label": "ISO 27701", | ||
| 936 | "uuid": "a3a2049e-f29c-4bae-9c23-d791feba7e0e" | 936 | "uuid": "a3a2049e-f29c-4bae-9c23-d791feba7e0e" | ||
| 937 | }, | 937 | }, | ||
| 938 | { | 938 | { | ||
| 939 | "category": "Support", | 939 | "category": "Support", | ||
| 940 | "code": "5.5.4", | 940 | "code": "5.5.4", | ||
| 941 | "label": "Communication", | 941 | "label": "Communication", | ||
| 942 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 942 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 943 | "referential_label": "ISO 27701", | 943 | "referential_label": "ISO 27701", | ||
| 944 | "uuid": "a3d0ca70-89d8-4e54-9ced-20159cf4e3bd" | 944 | "uuid": "a3d0ca70-89d8-4e54-9ced-20159cf4e3bd" | ||
| 945 | }, | 945 | }, | ||
| 946 | { | 946 | { | ||
| 947 | "category": "Compliance", | 947 | "category": "Compliance", | ||
| 948 | "code": "6.15.1.3", | 948 | "code": "6.15.1.3", | ||
| 949 | "label": "Protection of records", | 949 | "label": "Protection of records", | ||
| 950 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 950 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 951 | "referential_label": "ISO 27701", | 951 | "referential_label": "ISO 27701", | ||
| 952 | "uuid": "a66fa2a1-6237-4552-abd5-be6df3856d09" | 952 | "uuid": "a66fa2a1-6237-4552-abd5-be6df3856d09" | ||
| 953 | }, | 953 | }, | ||
| 954 | { | 954 | { | ||
| 955 | "category": "Access control", | 955 | "category": "Access control", | ||
| 956 | "code": "6.6.4.3", | 956 | "code": "6.6.4.3", | ||
| 957 | "label": "Password management system", | 957 | "label": "Password management system", | ||
| 958 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 958 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 959 | "referential_label": "ISO 27701", | 959 | "referential_label": "ISO 27701", | ||
| 960 | "uuid": "a681fb35-04d6-4adc-bde8-b044a26c970d" | 960 | "uuid": "a681fb35-04d6-4adc-bde8-b044a26c970d" | ||
| 961 | }, | 961 | }, | ||
| 962 | { | 962 | { | ||
| 963 | "category": "Compliance", | 963 | "category": "Compliance", | ||
| 964 | "code": "6.15.1.4", | 964 | "code": "6.15.1.4", | ||
| 965 | "label": "Privacy and protection of personally identifiable information", | 965 | "label": "Privacy and protection of personally identifiable information", | ||
| 966 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 966 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 967 | "referential_label": "ISO 27701", | 967 | "referential_label": "ISO 27701", | ||
| 968 | "uuid": "a77afead-e763-41a6-a803-af6b3d0a2cb2" | 968 | "uuid": "a77afead-e763-41a6-a803-af6b3d0a2cb2" | ||
| 969 | }, | 969 | }, | ||
| 970 | { | 970 | { | ||
| 971 | "category": "Supplier relationships", | 971 | "category": "Supplier relationships", | ||
| 972 | "code": "6.12.1.2", | 972 | "code": "6.12.1.2", | ||
| 973 | "label": "Addressing security within supplier agreements", | 973 | "label": "Addressing security within supplier agreements", | ||
| 974 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 974 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 975 | "referential_label": "ISO 27701", | 975 | "referential_label": "ISO 27701", | ||
| 976 | "uuid": "a793e4bc-6bd9-49a4-8c4b-4933dc7d2238" | 976 | "uuid": "a793e4bc-6bd9-49a4-8c4b-4933dc7d2238" | ||
| 977 | }, | 977 | }, | ||
| 978 | { | 978 | { | ||
| 979 | "category": "Information security aspects of business continuity management", | 979 | "category": "Information security aspects of business continuity management", | ||
| 980 | "code": "6.14.1.2", | 980 | "code": "6.14.1.2", | ||
| 981 | "label": "Implementing information security continuity", | 981 | "label": "Implementing information security continuity", | ||
| 982 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 982 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 983 | "referential_label": "ISO 27701", | 983 | "referential_label": "ISO 27701", | ||
| 984 | "uuid": "a86710e7-c5bf-4fa7-a311-8757ab2b801b" | 984 | "uuid": "a86710e7-c5bf-4fa7-a311-8757ab2b801b" | ||
| 985 | }, | 985 | }, | ||
| 986 | { | 986 | { | ||
| 987 | "category": "Operations security", | 987 | "category": "Operations security", | ||
| 988 | "code": "6.9.4.1", | 988 | "code": "6.9.4.1", | ||
| 989 | "label": "Event logging", | 989 | "label": "Event logging", | ||
| 990 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 990 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 991 | "referential_label": "ISO 27701", | 991 | "referential_label": "ISO 27701", | ||
| 992 | "uuid": "a87901f1-5d34-46af-afc7-0375e59721f6" | 992 | "uuid": "a87901f1-5d34-46af-afc7-0375e59721f6" | ||
| 993 | }, | 993 | }, | ||
| 994 | { | 994 | { | ||
| 995 | "category": "Supplier relationships", | 995 | "category": "Supplier relationships", | ||
| 996 | "code": "6.12.1.1", | 996 | "code": "6.12.1.1", | ||
| 997 | "label": "Information security policy for supplier relationships", | 997 | "label": "Information security policy for supplier relationships", | ||
| 998 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 998 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 999 | "referential_label": "ISO 27701", | 999 | "referential_label": "ISO 27701", | ||
| 1000 | "uuid": "a943f47f-6996-4490-b45d-9c427942c0a7" | 1000 | "uuid": "a943f47f-6996-4490-b45d-9c427942c0a7" | ||
| 1001 | }, | 1001 | }, | ||
| 1002 | { | 1002 | { | ||
| 1003 | "category": "Conditions for collection and processing", | 1003 | "category": "Conditions for collection and processing", | ||
| 1004 | "code": "B.8.2.2", | 1004 | "code": "B.8.2.2", | ||
| 1005 | "label": "Organization's purposes", | 1005 | "label": "Organization's purposes", | ||
| 1006 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1006 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1007 | "referential_label": "ISO 27701", | 1007 | "referential_label": "ISO 27701", | ||
| 1008 | "uuid": "a9d08b54-382a-4116-93a0-39d34495c711" | 1008 | "uuid": "a9d08b54-382a-4116-93a0-39d34495c711" | ||
| 1009 | }, | 1009 | }, | ||
| 1010 | { | 1010 | { | ||
| 1011 | "category": "Systems acquisition development and maintenance", | 1011 | "category": "Systems acquisition development and maintenance", | ||
| 1012 | "code": "6.11.2.5", | 1012 | "code": "6.11.2.5", | ||
| 1013 | "label": "Secure systems engineering principles", | 1013 | "label": "Secure systems engineering principles", | ||
| 1014 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1014 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1015 | "referential_label": "ISO 27701", | 1015 | "referential_label": "ISO 27701", | ||
| 1016 | "uuid": "af4c64b8-fc6e-4bd7-8679-3cc0d3c31480" | 1016 | "uuid": "af4c64b8-fc6e-4bd7-8679-3cc0d3c31480" | ||
| 1017 | }, | 1017 | }, | ||
| 1018 | { | 1018 | { | ||
| 1019 | "category": "Obligations to PII principals", | 1019 | "category": "Obligations to PII principals", | ||
| 1020 | "code": "A.7.3.9", | 1020 | "code": "A.7.3.9", | ||
| 1021 | "label": "Handling requests", | 1021 | "label": "Handling requests", | ||
| 1022 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1022 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1023 | "referential_label": "ISO 27701", | 1023 | "referential_label": "ISO 27701", | ||
| 1024 | "uuid": "b00f4fa5-5643-4b69-8d58-377007ed3696" | 1024 | "uuid": "b00f4fa5-5643-4b69-8d58-377007ed3696" | ||
| 1025 | }, | 1025 | }, | ||
| 1026 | { | 1026 | { | ||
| 1027 | "category": "Conditions for collection and processing", | 1027 | "category": "Conditions for collection and processing", | ||
| 1028 | "code": "B.8.2.4", | 1028 | "code": "B.8.2.4", | ||
| 1029 | "label": "Infringing instruction", | 1029 | "label": "Infringing instruction", | ||
| 1030 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1030 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1031 | "referential_label": "ISO 27701", | 1031 | "referential_label": "ISO 27701", | ||
| 1032 | "uuid": "b1bfc4bc-db05-4d94-9273-382562faefcd" | 1032 | "uuid": "b1bfc4bc-db05-4d94-9273-382562faefcd" | ||
| 1033 | }, | 1033 | }, | ||
| 1034 | { | 1034 | { | ||
| 1035 | "category": "Obligations to PII principals", | 1035 | "category": "Obligations to PII principals", | ||
| 1036 | "code": "A.7.3.7", | 1036 | "code": "A.7.3.7", | ||
| 1037 | "label": "PII controllers' obligations to inform third parties", | 1037 | "label": "PII controllers' obligations to inform third parties", | ||
| 1038 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1038 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1039 | "referential_label": "ISO 27701", | 1039 | "referential_label": "ISO 27701", | ||
| 1040 | "uuid": "b40b6f97-5f9b-4f0e-ae6f-317172cd942b" | 1040 | "uuid": "b40b6f97-5f9b-4f0e-ae6f-317172cd942b" | ||
| 1041 | }, | 1041 | }, | ||
| 1042 | { | 1042 | { | ||
| 1043 | "category": "Operations security", | 1043 | "category": "Operations security", | ||
| 1044 | "code": "6.9.3.1", | 1044 | "code": "6.9.3.1", | ||
| 1045 | "label": "Information backup", | 1045 | "label": "Information backup", | ||
| 1046 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1046 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1047 | "referential_label": "ISO 27701", | 1047 | "referential_label": "ISO 27701", | ||
| 1048 | "uuid": "b44c628f-e837-44d0-8392-8f936f8e86e4" | 1048 | "uuid": "b44c628f-e837-44d0-8392-8f936f8e86e4" | ||
| 1049 | }, | 1049 | }, | ||
| 1050 | { | 1050 | { | ||
| 1051 | "category": "Obligations to PII principals", | 1051 | "category": "Obligations to PII principals", | ||
| 1052 | "code": "A.7.3.3", | 1052 | "code": "A.7.3.3", | ||
| 1053 | "label": "Providing information to PII principals", | 1053 | "label": "Providing information to PII principals", | ||
| 1054 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1054 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1055 | "referential_label": "ISO 27701", | 1055 | "referential_label": "ISO 27701", | ||
| 1056 | "uuid": "b455a728-91ac-4a9e-bb29-ecd4505fa37b" | 1056 | "uuid": "b455a728-91ac-4a9e-bb29-ecd4505fa37b" | ||
| 1057 | }, | 1057 | }, | ||
| 1058 | { | 1058 | { | ||
| 1059 | "category": "Conditions for collection and processing", | 1059 | "category": "Conditions for collection and processing", | ||
| 1060 | "code": "A.7.2.5", | 1060 | "code": "A.7.2.5", | ||
| 1061 | "label": "Privacy impactassessment", | 1061 | "label": "Privacy impactassessment", | ||
| 1062 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1062 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1063 | "referential_label": "ISO 27701", | 1063 | "referential_label": "ISO 27701", | ||
| 1064 | "uuid": "b476a2b4-7eee-4e79-8910-d9e309d8c759" | 1064 | "uuid": "b476a2b4-7eee-4e79-8910-d9e309d8c759" | ||
| 1065 | }, | 1065 | }, | ||
| 1066 | { | 1066 | { | ||
| 1067 | "category": "Physical and environment security", | 1067 | "category": "Physical and environment security", | ||
| 1068 | "code": "6.8.1.6", | 1068 | "code": "6.8.1.6", | ||
| 1069 | "label": "Delivery and loading areas", | 1069 | "label": "Delivery and loading areas", | ||
| 1070 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1070 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1071 | "referential_label": "ISO 27701", | 1071 | "referential_label": "ISO 27701", | ||
| 1072 | "uuid": "b570b846-c1fb-4a9d-8f79-5dac6e4e5d87" | 1072 | "uuid": "b570b846-c1fb-4a9d-8f79-5dac6e4e5d87" | ||
| 1073 | }, | 1073 | }, | ||
| 1074 | { | 1074 | { | ||
| 1075 | "category": "Operations security", | 1075 | "category": "Operations security", | ||
| 1076 | "code": "6.9.6.1", | 1076 | "code": "6.9.6.1", | ||
| 1077 | "label": "Management of technical vulnerabilities", | 1077 | "label": "Management of technical vulnerabilities", | ||
| 1078 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1078 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1079 | "referential_label": "ISO 27701", | 1079 | "referential_label": "ISO 27701", | ||
| 1080 | "uuid": "b5c16404-bcfc-4756-8e42-8ba590803215" | 1080 | "uuid": "b5c16404-bcfc-4756-8e42-8ba590803215" | ||
| 1081 | }, | 1081 | }, | ||
| 1082 | { | 1082 | { | ||
| 1083 | "category": "Obligations to PII principals", | 1083 | "category": "Obligations to PII principals", | ||
| 1084 | "code": "A.7.3.1", | 1084 | "code": "A.7.3.1", | ||
| 1085 | "label": "Determining and fulfilling obligations to PII principals", | 1085 | "label": "Determining and fulfilling obligations to PII principals", | ||
| 1086 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1086 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1087 | "referential_label": "ISO 27701", | 1087 | "referential_label": "ISO 27701", | ||
| 1088 | "uuid": "bca25a95-8ac6-4b8f-857a-e7ceb72101dd" | 1088 | "uuid": "bca25a95-8ac6-4b8f-857a-e7ceb72101dd" | ||
| 1089 | }, | 1089 | }, | ||
| 1090 | { | 1090 | { | ||
| 1091 | "category": "Performance Evaluation", | 1091 | "category": "Performance Evaluation", | ||
| 1092 | "code": "5.7.3", | 1092 | "code": "5.7.3", | ||
| 1093 | "label": "Management review", | 1093 | "label": "Management review", | ||
| 1094 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1094 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1095 | "referential_label": "ISO 27701", | 1095 | "referential_label": "ISO 27701", | ||
| 1096 | "uuid": "bd47b036-1585-4f1f-a648-66f681971779" | 1096 | "uuid": "bd47b036-1585-4f1f-a648-66f681971779" | ||
| 1097 | }, | 1097 | }, | ||
| 1098 | { | 1098 | { | ||
| 1099 | "category": "Access control", | 1099 | "category": "Access control", | ||
| 1100 | "code": "6.6.2.5", | 1100 | "code": "6.6.2.5", | ||
| 1101 | "label": "Review of user access rights", | 1101 | "label": "Review of user access rights", | ||
| 1102 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1102 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1103 | "referential_label": "ISO 27701", | 1103 | "referential_label": "ISO 27701", | ||
| 1104 | "uuid": "bef5cb25-c14c-473a-b987-1faad4c6be6e" | 1104 | "uuid": "bef5cb25-c14c-473a-b987-1faad4c6be6e" | ||
| 1105 | }, | 1105 | }, | ||
| 1106 | { | 1106 | { | ||
| 1107 | "category": "Obligations to PII principals", | 1107 | "category": "Obligations to PII principals", | ||
| 1108 | "code": "A.7.3.4", | 1108 | "code": "A.7.3.4", | ||
| 1109 | "label": "Providing mechanism to modify or withdraw consent", | 1109 | "label": "Providing mechanism to modify or withdraw consent", | ||
| 1110 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1110 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1111 | "referential_label": "ISO 27701", | 1111 | "referential_label": "ISO 27701", | ||
| 1112 | "uuid": "c0b08efb-ff1b-4c47-8cb6-c78860818c90" | 1112 | "uuid": "c0b08efb-ff1b-4c47-8cb6-c78860818c90" | ||
| 1113 | }, | 1113 | }, | ||
| 1114 | { | 1114 | { | ||
| 1115 | "category": "Obligations to PII principals", | 1115 | "category": "Obligations to PII principals", | ||
| 1116 | "code": "A.7.3.10", | 1116 | "code": "A.7.3.10", | ||
| 1117 | "label": "Automated decision making", | 1117 | "label": "Automated decision making", | ||
| 1118 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1118 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1119 | "referential_label": "ISO 27701", | 1119 | "referential_label": "ISO 27701", | ||
| 1120 | "uuid": "c1301d3d-096c-412b-9fc4-80bf6bd2ce4c" | 1120 | "uuid": "c1301d3d-096c-412b-9fc4-80bf6bd2ce4c" | ||
| 1121 | }, | 1121 | }, | ||
| 1122 | { | 1122 | { | ||
| 1123 | "category": "PII sharing transfer and disclosure", | 1123 | "category": "PII sharing transfer and disclosure", | ||
| 1124 | "code": "A.7.5.1", | 1124 | "code": "A.7.5.1", | ||
| 1125 | "label": "Identify basis for PII transfer between jurisdictions", | 1125 | "label": "Identify basis for PII transfer between jurisdictions", | ||
| 1126 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1126 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1127 | "referential_label": "ISO 27701", | 1127 | "referential_label": "ISO 27701", | ||
| 1128 | "uuid": "c1975c78-d5c7-4294-b794-7bf70c443cdf" | 1128 | "uuid": "c1975c78-d5c7-4294-b794-7bf70c443cdf" | ||
| 1129 | }, | 1129 | }, | ||
| 1130 | { | 1130 | { | ||
| 1131 | "category": "Supplier relationships", | 1131 | "category": "Supplier relationships", | ||
| 1132 | "code": "6.12.2.1", | 1132 | "code": "6.12.2.1", | ||
| 1133 | "label": "Monitoring and review of supplier services", | 1133 | "label": "Monitoring and review of supplier services", | ||
| 1134 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1134 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1135 | "referential_label": "ISO 27701", | 1135 | "referential_label": "ISO 27701", | ||
| 1136 | "uuid": "c293ea96-ba7c-4c2c-b8f2-34b2fd13c6b7" | 1136 | "uuid": "c293ea96-ba7c-4c2c-b8f2-34b2fd13c6b7" | ||
| 1137 | }, | 1137 | }, | ||
| 1138 | { | 1138 | { | ||
| 1139 | "category": "Conditions for collection and processing", | 1139 | "category": "Conditions for collection and processing", | ||
| 1140 | "code": "A.7.2.2", | 1140 | "code": "A.7.2.2", | ||
| 1141 | "label": "Identify lawful basis", | 1141 | "label": "Identify lawful basis", | ||
| 1142 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1142 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1143 | "referential_label": "ISO 27701", | 1143 | "referential_label": "ISO 27701", | ||
| 1144 | "uuid": "c4709dc0-24a8-4e1d-962c-2fafb958de37" | 1144 | "uuid": "c4709dc0-24a8-4e1d-962c-2fafb958de37" | ||
| 1145 | }, | 1145 | }, | ||
| 1146 | { | 1146 | { | ||
| 1147 | "category": "Actions to address risks and opportunities", | 1147 | "category": "Actions to address risks and opportunities", | ||
| 1148 | "code": "5.4.1.1", | 1148 | "code": "5.4.1.1", | ||
| 1149 | "label": "Actions to address risks and opportunities - General", | 1149 | "label": "Actions to address risks and opportunities - General", | ||
| 1150 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1150 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1151 | "referential_label": "ISO 27701", | 1151 | "referential_label": "ISO 27701", | ||
| 1152 | "uuid": "c4d6e81f-91e4-4c90-afa2-433afaad05f4" | 1152 | "uuid": "c4d6e81f-91e4-4c90-afa2-433afaad05f4" | ||
| 1153 | }, | 1153 | }, | ||
| 1154 | { | 1154 | { | ||
| 1155 | "category": "Organisation of information security", | 1155 | "category": "Organisation of information security", | ||
| 1156 | "code": "6.3.2.1", | 1156 | "code": "6.3.2.1", | ||
| 1157 | "label": "Mobile device policy", | 1157 | "label": "Mobile device policy", | ||
| 1158 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1158 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1159 | "referential_label": "ISO 27701", | 1159 | "referential_label": "ISO 27701", | ||
| 1160 | "uuid": "c690cf3c-e020-450d-865e-32fdc36a609f" | 1160 | "uuid": "c690cf3c-e020-450d-865e-32fdc36a609f" | ||
| 1161 | }, | 1161 | }, | ||
| 1162 | { | 1162 | { | ||
| 1163 | "category": "Physical and environment security", | 1163 | "category": "Physical and environment security", | ||
| 1164 | "code": "6.8.2.7", | 1164 | "code": "6.8.2.7", | ||
| 1165 | "label": "Secure disposal or re-use of equipment", | 1165 | "label": "Secure disposal or re-use of equipment", | ||
| 1166 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1166 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1167 | "referential_label": "ISO 27701", | 1167 | "referential_label": "ISO 27701", | ||
| 1168 | "uuid": "c6923895-042d-4e83-bd6e-9195e74e3188" | 1168 | "uuid": "c6923895-042d-4e83-bd6e-9195e74e3188" | ||
| 1169 | }, | 1169 | }, | ||
| 1170 | { | 1170 | { | ||
| 1171 | "category": "Physical and environment security", | 1171 | "category": "Physical and environment security", | ||
| 1172 | "code": "6.8.1.1", | 1172 | "code": "6.8.1.1", | ||
| 1173 | "label": "Physical security perimeter", | 1173 | "label": "Physical security perimeter", | ||
| 1174 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1174 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1175 | "referential_label": "ISO 27701", | 1175 | "referential_label": "ISO 27701", | ||
| 1176 | "uuid": "c7790c91-5a58-4d1f-9df1-942d4a3ef273" | 1176 | "uuid": "c7790c91-5a58-4d1f-9df1-942d4a3ef273" | ||
| 1177 | }, | 1177 | }, | ||
| 1178 | { | 1178 | { | ||
| 1179 | "category": "Operations security", | 1179 | "category": "Operations security", | ||
| 1180 | "code": "6.9.7.1", | 1180 | "code": "6.9.7.1", | ||
| 1181 | "label": "Information systems audit controls", | 1181 | "label": "Information systems audit controls", | ||
| 1182 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1182 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1183 | "referential_label": "ISO 27701", | 1183 | "referential_label": "ISO 27701", | ||
| 1184 | "uuid": "c8ec4174-841c-4de4-9685-342e1933351c" | 1184 | "uuid": "c8ec4174-841c-4de4-9685-342e1933351c" | ||
| 1185 | }, | 1185 | }, | ||
| 1186 | { | 1186 | { | ||
| 1187 | "category": "PII sharing transfer and disclosure", | 1187 | "category": "PII sharing transfer and disclosure", | ||
| 1188 | "code": "A.7.5.3", | 1188 | "code": "A.7.5.3", | ||
| 1189 | "label": "Records of transfer of PII", | 1189 | "label": "Records of transfer of PII", | ||
| 1190 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1190 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1191 | "referential_label": "ISO 27701", | 1191 | "referential_label": "ISO 27701", | ||
| 1192 | "uuid": "c8feff26-b7e6-4fc0-8067-978ab64f096e" | 1192 | "uuid": "c8feff26-b7e6-4fc0-8067-978ab64f096e" | ||
| 1193 | }, | 1193 | }, | ||
| 1194 | { | 1194 | { | ||
| 1195 | "category": "Privacy by design and privacy by default", | 1195 | "category": "Privacy by design and privacy by default", | ||
| 1196 | "code": "A.7.4.9", | 1196 | "code": "A.7.4.9", | ||
| 1197 | "label": "PII transmission controls", | 1197 | "label": "PII transmission controls", | ||
| 1198 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1198 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1199 | "referential_label": "ISO 27701", | 1199 | "referential_label": "ISO 27701", | ||
| 1200 | "uuid": "cc79433d-bd1b-40eb-9960-5fae6ee09216" | 1200 | "uuid": "cc79433d-bd1b-40eb-9960-5fae6ee09216" | ||
| 1201 | }, | 1201 | }, | ||
| 1202 | { | 1202 | { | ||
| 1203 | "category": "PII sharing transfer and disclosure", | 1203 | "category": "PII sharing transfer and disclosure", | ||
| 1204 | "code": "B.8.5.2", | 1204 | "code": "B.8.5.2", | ||
| 1205 | "label": "Countries and international organizations to which PII can be transferred", | 1205 | "label": "Countries and international organizations to which PII can be transferred", | ||
| 1206 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1206 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1207 | "referential_label": "ISO 27701", | 1207 | "referential_label": "ISO 27701", | ||
| 1208 | "uuid": "cca8434a-1f0f-48ec-9358-2f3ee5a712da" | 1208 | "uuid": "cca8434a-1f0f-48ec-9358-2f3ee5a712da" | ||
| 1209 | }, | 1209 | }, | ||
| 1210 | { | 1210 | { | ||
| 1211 | "category": "Conditions for collection and processing", | 1211 | "category": "Conditions for collection and processing", | ||
| 1212 | "code": "A.7.2.1", | 1212 | "code": "A.7.2.1", | ||
| 1213 | "label": "Identify and document purpose", | 1213 | "label": "Identify and document purpose", | ||
| 1214 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1214 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1215 | "referential_label": "ISO 27701", | 1215 | "referential_label": "ISO 27701", | ||
| 1216 | "uuid": "cd1267a3-0a09-402c-ada9-85c9291aac26" | 1216 | "uuid": "cd1267a3-0a09-402c-ada9-85c9291aac26" | ||
| 1217 | }, | 1217 | }, | ||
| 1218 | { | 1218 | { | ||
| 1219 | "category": "Systems acquisition development and maintenance", | 1219 | "category": "Systems acquisition development and maintenance", | ||
| 1220 | "code": "6.11.3.1", | 1220 | "code": "6.11.3.1", | ||
| 1221 | "label": "Protection of test data", | 1221 | "label": "Protection of test data", | ||
| 1222 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1222 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1223 | "referential_label": "ISO 27701", | 1223 | "referential_label": "ISO 27701", | ||
| 1224 | "uuid": "cdb15fe9-9808-4749-8747-c284018cccf0" | 1224 | "uuid": "cdb15fe9-9808-4749-8747-c284018cccf0" | ||
| 1225 | }, | 1225 | }, | ||
| 1226 | { | 1226 | { | ||
| 1227 | "category": "Information security aspects of business continuity management", | 1227 | "category": "Information security aspects of business continuity management", | ||
| 1228 | "code": "6.14.1.1", | 1228 | "code": "6.14.1.1", | ||
| 1229 | "label": "Planning information security continuity", | 1229 | "label": "Planning information security continuity", | ||
| 1230 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1230 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1231 | "referential_label": "ISO 27701", | 1231 | "referential_label": "ISO 27701", | ||
| 1232 | "uuid": "cfec872a-4fb3-4364-91dc-475236cc2f93" | 1232 | "uuid": "cfec872a-4fb3-4364-91dc-475236cc2f93" | ||
| 1233 | }, | 1233 | }, | ||
| 1234 | { | 1234 | { | ||
| 1235 | "category": "Privacy by design and privacy by default", | 1235 | "category": "Privacy by design and privacy by default", | ||
| 1236 | "code": "B.8.4.1", | 1236 | "code": "B.8.4.1", | ||
| 1237 | "label": "Temporary files", | 1237 | "label": "Temporary files", | ||
| 1238 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1238 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1239 | "referential_label": "ISO 27701", | 1239 | "referential_label": "ISO 27701", | ||
| 1240 | "uuid": "d16fc0f9-ab36-49b6-a4ad-4d8d0120f0a1" | 1240 | "uuid": "d16fc0f9-ab36-49b6-a4ad-4d8d0120f0a1" | ||
| 1241 | }, | 1241 | }, | ||
| 1242 | { | 1242 | { | ||
| 1243 | "category": "Operations security", | 1243 | "category": "Operations security", | ||
| 1244 | "code": "6.9.4.2", | 1244 | "code": "6.9.4.2", | ||
| 1245 | "label": "Protection of log information", | 1245 | "label": "Protection of log information", | ||
| 1246 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1246 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1247 | "referential_label": "ISO 27701", | 1247 | "referential_label": "ISO 27701", | ||
| 1248 | "uuid": "d21603d6-f97e-4b20-bdf6-7bf5248277cb" | 1248 | "uuid": "d21603d6-f97e-4b20-bdf6-7bf5248277cb" | ||
| 1249 | }, | 1249 | }, | ||
| 1250 | { | 1250 | { | ||
| 1251 | "category": "Conditions for collection and processing", | 1251 | "category": "Conditions for collection and processing", | ||
| 1252 | "code": "B.8.2.5", | 1252 | "code": "B.8.2.5", | ||
| 1253 | "label": "Customer obligations", | 1253 | "label": "Customer obligations", | ||
| 1254 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1254 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1255 | "referential_label": "ISO 27701", | 1255 | "referential_label": "ISO 27701", | ||
| 1256 | "uuid": "d2b79e78-5e9b-4a6d-94f7-855274b7831f" | 1256 | "uuid": "d2b79e78-5e9b-4a6d-94f7-855274b7831f" | ||
| 1257 | }, | 1257 | }, | ||
| 1258 | { | 1258 | { | ||
| 1259 | "category": "Asset Management", | 1259 | "category": "Asset Management", | ||
| 1260 | "code": "6.5.2.2", | 1260 | "code": "6.5.2.2", | ||
| 1261 | "label": "Labelling of information", | 1261 | "label": "Labelling of information", | ||
| 1262 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1262 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1263 | "referential_label": "ISO 27701", | 1263 | "referential_label": "ISO 27701", | ||
| 1264 | "uuid": "d313624f-8213-4f20-b536-b859e8b8c429" | 1264 | "uuid": "d313624f-8213-4f20-b536-b859e8b8c429" | ||
| 1265 | }, | 1265 | }, | ||
| 1266 | { | 1266 | { | ||
| 1267 | "category": "Systems acquisition development and maintenance", | 1267 | "category": "Systems acquisition development and maintenance", | ||
| 1268 | "code": "6.11.2.9", | 1268 | "code": "6.11.2.9", | ||
| 1269 | "label": "System acceptance testing", | 1269 | "label": "System acceptance testing", | ||
| 1270 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1270 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1271 | "referential_label": "ISO 27701", | 1271 | "referential_label": "ISO 27701", | ||
| 1272 | "uuid": "d3f5b543-cd6b-4645-8395-e9d00cfdbeb6" | 1272 | "uuid": "d3f5b543-cd6b-4645-8395-e9d00cfdbeb6" | ||
| 1273 | }, | 1273 | }, | ||
| 1274 | { | 1274 | { | ||
| 1275 | "category": "Obligations to PII principals", | 1275 | "category": "Obligations to PII principals", | ||
| 1276 | "code": "A.7.3.5", | 1276 | "code": "A.7.3.5", | ||
| 1277 | "label": "Providing mechanism to object to PIIprocessing", | 1277 | "label": "Providing mechanism to object to PIIprocessing", | ||
| 1278 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1278 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1279 | "referential_label": "ISO 27701", | 1279 | "referential_label": "ISO 27701", | ||
| 1280 | "uuid": "d462468f-b212-4c90-aed2-18dc60db95ce" | 1280 | "uuid": "d462468f-b212-4c90-aed2-18dc60db95ce" | ||
| 1281 | }, | 1281 | }, | ||
| 1282 | { | 1282 | { | ||
| 1283 | "category": "Conditions for collection and processing", | 1283 | "category": "Conditions for collection and processing", | ||
| 1284 | "code": "B.8.2.1", | 1284 | "code": "B.8.2.1", | ||
| 1285 | "label": "Customer agreement", | 1285 | "label": "Customer agreement", | ||
| 1286 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1286 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1287 | "referential_label": "ISO 27701", | 1287 | "referential_label": "ISO 27701", | ||
| 1288 | "uuid": "d5cde1bc-d630-4a7e-b7c0-04dbae6bff30" | 1288 | "uuid": "d5cde1bc-d630-4a7e-b7c0-04dbae6bff30" | ||
| 1289 | }, | 1289 | }, | ||
| 1290 | { | 1290 | { | ||
| 1291 | "category": "Communication security", | 1291 | "category": "Communication security", | ||
| 1292 | "code": "6.10.2.1", | 1292 | "code": "6.10.2.1", | ||
| 1293 | "label": "Information transfer policies and procedures", | 1293 | "label": "Information transfer policies and procedures", | ||
| 1294 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1294 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1295 | "referential_label": "ISO 27701", | 1295 | "referential_label": "ISO 27701", | ||
| 1296 | "uuid": "d649f805-1142-4fcf-a119-ae76f392708a" | 1296 | "uuid": "d649f805-1142-4fcf-a119-ae76f392708a" | ||
| 1297 | }, | 1297 | }, | ||
| 1298 | { | 1298 | { | ||
| 1299 | "category": "PII sharing transfer and disclosure", | 1299 | "category": "PII sharing transfer and disclosure", | ||
| 1300 | "code": "B.8.5.4", | 1300 | "code": "B.8.5.4", | ||
| 1301 | "label": "Notification of PII disclosure requests", | 1301 | "label": "Notification of PII disclosure requests", | ||
| 1302 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1302 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1303 | "referential_label": "ISO 27701", | 1303 | "referential_label": "ISO 27701", | ||
| 1304 | "uuid": "d9273c35-a712-46b9-9754-b96cb49d2332" | 1304 | "uuid": "d9273c35-a712-46b9-9754-b96cb49d2332" | ||
| 1305 | }, | 1305 | }, | ||
| 1306 | { | 1306 | { | ||
| 1307 | "category": "Conditions for collection and processing", | 1307 | "category": "Conditions for collection and processing", | ||
| 1308 | "code": "B.8.2.6", | 1308 | "code": "B.8.2.6", | ||
| 1309 | "label": "Records related to processing PII", | 1309 | "label": "Records related to processing PII", | ||
| 1310 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1310 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1311 | "referential_label": "ISO 27701", | 1311 | "referential_label": "ISO 27701", | ||
| 1312 | "uuid": "d9a470ad-a071-4ace-9662-8dc18a96b361" | 1312 | "uuid": "d9a470ad-a071-4ace-9662-8dc18a96b361" | ||
| 1313 | }, | 1313 | }, | ||
| 1314 | { | 1314 | { | ||
| 1315 | "category": "Operations security", | 1315 | "category": "Operations security", | ||
| 1316 | "code": "6.9.4.4", | 1316 | "code": "6.9.4.4", | ||
| 1317 | "label": "Clock synchronisation", | 1317 | "label": "Clock synchronisation", | ||
| 1318 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1318 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1319 | "referential_label": "ISO 27701", | 1319 | "referential_label": "ISO 27701", | ||
| 1320 | "uuid": "d9e0e545-7b42-4899-8e56-7f9fc6fce85f" | 1320 | "uuid": "d9e0e545-7b42-4899-8e56-7f9fc6fce85f" | ||
| 1321 | }, | 1321 | }, | ||
| 1322 | { | 1322 | { | ||
| 1323 | "category": "Physical and environment security", | 1323 | "category": "Physical and environment security", | ||
| 1324 | "code": "6.8.2.8", | 1324 | "code": "6.8.2.8", | ||
| 1325 | "label": "Unattended user equipment", | 1325 | "label": "Unattended user equipment", | ||
| 1326 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1326 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1327 | "referential_label": "ISO 27701", | 1327 | "referential_label": "ISO 27701", | ||
| 1328 | "uuid": "d9e2a570-4155-4970-88d7-809179ac7f31" | 1328 | "uuid": "d9e2a570-4155-4970-88d7-809179ac7f31" | ||
| 1329 | }, | 1329 | }, | ||
| 1330 | { | 1330 | { | ||
| 1331 | "category": "Privacy by design and privacy by default", | 1331 | "category": "Privacy by design and privacy by default", | ||
| 1332 | "code": "A.7.4.8", | 1332 | "code": "A.7.4.8", | ||
| 1333 | "label": "Disposal", | 1333 | "label": "Disposal", | ||
| 1334 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1334 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1335 | "referential_label": "ISO 27701", | 1335 | "referential_label": "ISO 27701", | ||
| 1336 | "uuid": "db2c9e1b-aac1-418c-911e-00eb01cdef6c" | 1336 | "uuid": "db2c9e1b-aac1-418c-911e-00eb01cdef6c" | ||
| 1337 | }, | 1337 | }, | ||
| 1338 | { | 1338 | { | ||
| 1339 | "category": "PII sharing transfer and disclosure", | 1339 | "category": "PII sharing transfer and disclosure", | ||
| 1340 | "code": "B.8.5.7", | 1340 | "code": "B.8.5.7", | ||
| 1341 | "label": "Engagement of a subcontractor to process PII", | 1341 | "label": "Engagement of a subcontractor to process PII", | ||
| 1342 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1342 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1343 | "referential_label": "ISO 27701", | 1343 | "referential_label": "ISO 27701", | ||
| 1344 | "uuid": "dccd6bfd-aff7-4b01-8004-4d7eb3348484" | 1344 | "uuid": "dccd6bfd-aff7-4b01-8004-4d7eb3348484" | ||
| 1345 | }, | 1345 | }, | ||
| 1346 | { | 1346 | { | ||
| 1347 | "category": "Physical and environment security", | 1347 | "category": "Physical and environment security", | ||
| 1348 | "code": "6.8.2.1", | 1348 | "code": "6.8.2.1", | ||
| 1349 | "label": "Equipment siting and protection", | 1349 | "label": "Equipment siting and protection", | ||
| 1350 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1350 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1351 | "referential_label": "ISO 27701", | 1351 | "referential_label": "ISO 27701", | ||
| 1352 | "uuid": "dcf6c663-23fc-450b-8d46-be3c48bc049a" | 1352 | "uuid": "dcf6c663-23fc-450b-8d46-be3c48bc049a" | ||
| 1353 | }, | 1353 | }, | ||
| 1354 | { | 1354 | { | ||
| 1355 | "category": "Information security incident management", | 1355 | "category": "Information security incident management", | ||
| 1356 | "code": "6.13.1.5", | 1356 | "code": "6.13.1.5", | ||
| 1357 | "label": "Response to information security incidents", | 1357 | "label": "Response to information security incidents", | ||
| 1358 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1358 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1359 | "referential_label": "ISO 27701", | 1359 | "referential_label": "ISO 27701", | ||
| 1360 | "uuid": "dd2c4b83-0077-4f70-99b1-74127969c19b" | 1360 | "uuid": "dd2c4b83-0077-4f70-99b1-74127969c19b" | ||
| 1361 | }, | 1361 | }, | ||
| 1362 | { | 1362 | { | ||
| 1363 | "category": "Human resources security", | 1363 | "category": "Human resources security", | ||
| 1364 | "code": "6.4.3.1", | 1364 | "code": "6.4.3.1", | ||
| 1365 | "label": "Termination or change of employment responsibilities", | 1365 | "label": "Termination or change of employment responsibilities", | ||
| 1366 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1366 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1367 | "referential_label": "ISO 27701", | 1367 | "referential_label": "ISO 27701", | ||
| 1368 | "uuid": "dd48169a-e980-4e58-804b-fb283786415c" | 1368 | "uuid": "dd48169a-e980-4e58-804b-fb283786415c" | ||
| 1369 | }, | 1369 | }, | ||
| 1370 | { | 1370 | { | ||
| 1371 | "category": "Communication security", | 1371 | "category": "Communication security", | ||
| 1372 | "code": "6.10.1.1", | 1372 | "code": "6.10.1.1", | ||
| 1373 | "label": "Network controls", | 1373 | "label": "Network controls", | ||
| 1374 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1374 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1375 | "referential_label": "ISO 27701", | 1375 | "referential_label": "ISO 27701", | ||
| 1376 | "uuid": "de3adccd-edfe-4379-9b4a-f8243baa6afc" | 1376 | "uuid": "de3adccd-edfe-4379-9b4a-f8243baa6afc" | ||
| 1377 | }, | 1377 | }, | ||
| 1378 | { | 1378 | { | ||
| 1379 | "category": "PII sharing transfer and disclosure", | 1379 | "category": "PII sharing transfer and disclosure", | ||
| 1380 | "code": "A.7.5.4", | 1380 | "code": "A.7.5.4", | ||
| 1381 | "label": "Records of PII disclosure to third parties", | 1381 | "label": "Records of PII disclosure to third parties", | ||
| 1382 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1382 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1383 | "referential_label": "ISO 27701", | 1383 | "referential_label": "ISO 27701", | ||
| 1384 | "uuid": "df68917b-f26e-4511-92c1-3b77be11df0f" | 1384 | "uuid": "df68917b-f26e-4511-92c1-3b77be11df0f" | ||
| 1385 | }, | 1385 | }, | ||
| 1386 | { | 1386 | { | ||
| 1387 | "category": "Privacy by design and privacy by default", | 1387 | "category": "Privacy by design and privacy by default", | ||
| 1388 | "code": "A.7.4.7", | 1388 | "code": "A.7.4.7", | ||
| 1389 | "label": "Retention", | 1389 | "label": "Retention", | ||
| 1390 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1390 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1391 | "referential_label": "ISO 27701", | 1391 | "referential_label": "ISO 27701", | ||
| 1392 | "uuid": "e1ea896d-cf46-4a7a-a1ad-a4c3ea188866" | 1392 | "uuid": "e1ea896d-cf46-4a7a-a1ad-a4c3ea188866" | ||
| 1393 | }, | 1393 | }, | ||
| 1394 | { | 1394 | { | ||
| 1395 | "category": "Obligations to PII principals", | 1395 | "category": "Obligations to PII principals", | ||
| 1396 | "code": "B.8.3.1", | 1396 | "code": "B.8.3.1", | ||
| 1397 | "label": "Obligations to PII principals", | 1397 | "label": "Obligations to PII principals", | ||
| 1398 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1398 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1399 | "referential_label": "ISO 27701", | 1399 | "referential_label": "ISO 27701", | ||
| 1400 | "uuid": "e7247cf7-a80b-4f1d-a32b-9ddd79a84371" | 1400 | "uuid": "e7247cf7-a80b-4f1d-a32b-9ddd79a84371" | ||
| 1401 | }, | 1401 | }, | ||
| 1402 | { | 1402 | { | ||
| 1403 | "category": "Physical and environment security", | 1403 | "category": "Physical and environment security", | ||
| 1404 | "code": "6.8.2.3", | 1404 | "code": "6.8.2.3", | ||
| 1405 | "label": "Cabling security", | 1405 | "label": "Cabling security", | ||
| 1406 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1406 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1407 | "referential_label": "ISO 27701", | 1407 | "referential_label": "ISO 27701", | ||
| 1408 | "uuid": "e7f6a752-9122-47cd-a52b-6c6ee7e182f5" | 1408 | "uuid": "e7f6a752-9122-47cd-a52b-6c6ee7e182f5" | ||
| 1409 | }, | 1409 | }, | ||
| 1410 | { | 1410 | { | ||
| 1411 | "category": "Actions to address risks and opportunities", | 1411 | "category": "Actions to address risks and opportunities", | ||
| 1412 | "code": "5.4.1.3", | 1412 | "code": "5.4.1.3", | ||
| 1413 | "label": "Information Security Risk Treatment", | 1413 | "label": "Information Security Risk Treatment", | ||
| 1414 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1414 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1415 | "referential_label": "ISO 27701", | 1415 | "referential_label": "ISO 27701", | ||
| 1416 | "uuid": "e9ba3458-e01f-43e0-9883-7b53a2c8b1a3" | 1416 | "uuid": "e9ba3458-e01f-43e0-9883-7b53a2c8b1a3" | ||
| 1417 | }, | 1417 | }, | ||
| 1418 | { | 1418 | { | ||
| 1419 | "category": "Access control", | 1419 | "category": "Access control", | ||
| 1420 | "code": "6.6.2.6", | 1420 | "code": "6.6.2.6", | ||
| 1421 | "label": "Removal or adjustment of access rights", | 1421 | "label": "Removal or adjustment of access rights", | ||
| 1422 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1422 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1423 | "referential_label": "ISO 27701", | 1423 | "referential_label": "ISO 27701", | ||
| 1424 | "uuid": "ea2ec9a6-269a-4e38-a90c-381528893d06" | 1424 | "uuid": "ea2ec9a6-269a-4e38-a90c-381528893d06" | ||
| 1425 | }, | 1425 | }, | ||
| 1426 | { | 1426 | { | ||
| 1427 | "category": "Organisation of information security", | 1427 | "category": "Organisation of information security", | ||
| 1428 | "code": "6.3.1.3", | 1428 | "code": "6.3.1.3", | ||
| 1429 | "label": "Contact with authorities", | 1429 | "label": "Contact with authorities", | ||
| 1430 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1430 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1431 | "referential_label": "ISO 27701", | 1431 | "referential_label": "ISO 27701", | ||
| 1432 | "uuid": "ea53cbc7-bec8-472b-9468-6389ea53e786" | 1432 | "uuid": "ea53cbc7-bec8-472b-9468-6389ea53e786" | ||
| 1433 | }, | 1433 | }, | ||
| 1434 | { | 1434 | { | ||
| 1435 | "category": "Operation", | 1435 | "category": "Operation", | ||
| 1436 | "code": "5.6.3", | 1436 | "code": "5.6.3", | ||
| 1437 | "label": "Information security risk treatment", | 1437 | "label": "Information security risk treatment", | ||
| 1438 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1438 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1439 | "referential_label": "ISO 27701", | 1439 | "referential_label": "ISO 27701", | ||
| 1440 | "uuid": "ec5da672-3770-4120-a041-b61b09b84757" | 1440 | "uuid": "ec5da672-3770-4120-a041-b61b09b84757" | ||
| 1441 | }, | 1441 | }, | ||
| 1442 | { | 1442 | { | ||
| 1443 | "category": "Physical and environment security", | 1443 | "category": "Physical and environment security", | ||
| 1444 | "code": "6.8.2.6", | 1444 | "code": "6.8.2.6", | ||
| 1445 | "label": "Security of equipment and assets off-premises", | 1445 | "label": "Security of equipment and assets off-premises", | ||
| 1446 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1446 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1447 | "referential_label": "ISO 27701", | 1447 | "referential_label": "ISO 27701", | ||
| 1448 | "uuid": "edebd5a7-ebb3-4942-8b72-60293b1ec524" | 1448 | "uuid": "edebd5a7-ebb3-4942-8b72-60293b1ec524" | ||
| 1449 | }, | 1449 | }, | ||
| 1450 | { | 1450 | { | ||
| 1451 | "category": "Operation", | 1451 | "category": "Operation", | ||
| 1452 | "code": "5.6.1", | 1452 | "code": "5.6.1", | ||
| 1453 | "label": "Operational planning and control", | 1453 | "label": "Operational planning and control", | ||
| 1454 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1454 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1455 | "referential_label": "ISO 27701", | 1455 | "referential_label": "ISO 27701", | ||
| 1456 | "uuid": "ee177f90-a062-4d24-aea7-a7e1098ad3e4" | 1456 | "uuid": "ee177f90-a062-4d24-aea7-a7e1098ad3e4" | ||
| 1457 | }, | 1457 | }, | ||
| 1458 | { | 1458 | { | ||
| 1459 | "category": "Physical and environment security", | 1459 | "category": "Physical and environment security", | ||
| 1460 | "code": "6.8.2.2", | 1460 | "code": "6.8.2.2", | ||
| 1461 | "label": "Supporting utilities", | 1461 | "label": "Supporting utilities", | ||
| 1462 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1462 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1463 | "referential_label": "ISO 27701", | 1463 | "referential_label": "ISO 27701", | ||
| 1464 | "uuid": "f08bfc02-4466-4378-ac24-73247e695667" | 1464 | "uuid": "f08bfc02-4466-4378-ac24-73247e695667" | ||
| 1465 | }, | 1465 | }, | ||
| 1466 | { | 1466 | { | ||
| 1467 | "category": "Systems acquisition development and maintenance", | 1467 | "category": "Systems acquisition development and maintenance", | ||
| 1468 | "code": "6.11.2.4", | 1468 | "code": "6.11.2.4", | ||
| 1469 | "label": "Restrictions on changes to software packages", | 1469 | "label": "Restrictions on changes to software packages", | ||
| 1470 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1470 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1471 | "referential_label": "ISO 27701", | 1471 | "referential_label": "ISO 27701", | ||
| 1472 | "uuid": "f1645c93-2336-4729-9c68-dc77341e7112" | 1472 | "uuid": "f1645c93-2336-4729-9c68-dc77341e7112" | ||
| 1473 | }, | 1473 | }, | ||
| 1474 | { | 1474 | { | ||
| 1475 | "category": "Compliance", | 1475 | "category": "Compliance", | ||
| 1476 | "code": "6.15.1.1", | 1476 | "code": "6.15.1.1", | ||
| 1477 | "label": "Identification of applicable legislation and contractual requirements", | 1477 | "label": "Identification of applicable legislation and contractual requirements", | ||
| 1478 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1478 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1479 | "referential_label": "ISO 27701", | 1479 | "referential_label": "ISO 27701", | ||
| 1480 | "uuid": "f3db84e6-5546-48db-bd12-86b56490ace5" | 1480 | "uuid": "f3db84e6-5546-48db-bd12-86b56490ace5" | ||
| 1481 | }, | 1481 | }, | ||
| 1482 | { | 1482 | { | ||
| 1483 | "category": "Access control", | 1483 | "category": "Access control", | ||
| 1484 | "code": "6.6.1.2", | 1484 | "code": "6.6.1.2", | ||
| 1485 | "label": "Access to networks and network services", | 1485 | "label": "Access to networks and network services", | ||
| 1486 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1486 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1487 | "referential_label": "ISO 27701", | 1487 | "referential_label": "ISO 27701", | ||
| 1488 | "uuid": "f943a311-075b-4282-bf24-cf36b7aff54d" | 1488 | "uuid": "f943a311-075b-4282-bf24-cf36b7aff54d" | ||
| 1489 | }, | 1489 | }, | ||
| 1490 | { | 1490 | { | ||
| 1491 | "category": "Physical and environment security", | 1491 | "category": "Physical and environment security", | ||
| 1492 | "code": "6.8.2.5", | 1492 | "code": "6.8.2.5", | ||
| 1493 | "label": "Removal of assets", | 1493 | "label": "Removal of assets", | ||
| 1494 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1494 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1495 | "referential_label": "ISO 27701", | 1495 | "referential_label": "ISO 27701", | ||
| 1496 | "uuid": "f98a71be-5dd2-4124-82d5-1a533516c8a3" | 1496 | "uuid": "f98a71be-5dd2-4124-82d5-1a533516c8a3" | ||
| 1497 | }, | 1497 | }, | ||
| 1498 | { | 1498 | { | ||
| 1499 | "category": "Communication security", | 1499 | "category": "Communication security", | ||
| 1500 | "code": "6.10.1.2", | 1500 | "code": "6.10.1.2", | ||
| 1501 | "label": "Security of network services", | 1501 | "label": "Security of network services", | ||
| 1502 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1502 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1503 | "referential_label": "ISO 27701", | 1503 | "referential_label": "ISO 27701", | ||
| 1504 | "uuid": "fae6cccf-0765-4894-9914-5983325e39e1" | 1504 | "uuid": "fae6cccf-0765-4894-9914-5983325e39e1" | ||
| 1505 | }, | 1505 | }, | ||
| 1506 | { | 1506 | { | ||
| 1507 | "category": "Conditions for collection and processing", | 1507 | "category": "Conditions for collection and processing", | ||
| 1508 | "code": "A.7.2.7", | 1508 | "code": "A.7.2.7", | ||
| 1509 | "label": "Joint PII controller", | 1509 | "label": "Joint PII controller", | ||
| 1510 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1510 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1511 | "referential_label": "ISO 27701", | 1511 | "referential_label": "ISO 27701", | ||
| 1512 | "uuid": "fcd65733-75b3-4c48-b066-783a2766fa71" | 1512 | "uuid": "fcd65733-75b3-4c48-b066-783a2766fa71" | ||
| 1513 | }, | 1513 | }, | ||
| 1514 | { | 1514 | { | ||
| 1515 | "category": "Asset Management", | 1515 | "category": "Asset Management", | ||
| 1516 | "code": "6.5.3.1", | 1516 | "code": "6.5.3.1", | ||
| 1517 | "label": "Management of removable media", | 1517 | "label": "Management of removable media", | ||
| 1518 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | 1518 | "referential": "f65b378c-ab20-4651-825b-4da34944b519", | ||
| 1519 | "referential_label": "ISO 27701", | 1519 | "referential_label": "ISO 27701", | ||
| 1520 | "uuid": "fe333449-ff0e-46ff-845a-deace938868b" | 1520 | "uuid": "fe333449-ff0e-46ff-845a-deace938868b" | ||
| 1521 | } | 1521 | } | ||
| 1522 | ], | 1522 | ], | ||
| 1523 | "version": 1, | 1523 | "version": 1, | ||
| 1524 | "version_ext": "2019" | 1524 | "version_ext": "2019" | ||
| 1525 | } | 1525 | } |