Updated
Aug 3, 2022, 11:47:18 AM
Name
ISO/IEC 27701 [2019]
Description
Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management
{
"authors": [
"Jeremy Dannenmuller"
],
"label": "ISO/IEC 27701 [2019]",
"language": "EN",
"refs": "https://www.iso.org/standard/71670.html",
"uuid": "f65b378c-ab20-4651-825b-4da34944b519",
"values": [
{
"category": "Information security aspects of business continuity management",
"code": "6.14.2.1",
"label": "Availability of information processing facilities",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "00cb20cc-21a0-417a-9782-ed6587f1d6f5"
},
{
"category": "Information security policies",
"code": "6.2.1.1",
"label": "Policies for information security",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "0225b44b-be7a-4cce-a4db-1d804e4d47c8"
},
{
"category": "Improvement",
"code": "5.8.2",
"label": "Continual improvement",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "029a9fae-c6a4-4b3c-8487-2ed20996a951"
},
{
"category": "Communication security",
"code": "6.10.2.3",
"label": "Electronic messaging",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "0320a79e-6c9f-45e3-90a0-c360e8f57b45"
},
{
"category": "PII sharing transfer and disclosure",
"code": "B.8.5.8",
"label": "Change of subcontractor to process PII",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "0637458d-cb4d-47aa-9553-d3e86757aaaa"
},
{
"category": "Physical and environment security",
"code": "6.8.1.3",
"label": "Securing offices rooms and facilities",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "066dee47-1f12-4243-94bd-a89fbde7fd31"
},
{
"category": "Conditions for collection and processing",
"code": "A.7.2.3",
"label": "Determine when and how consent is to be obtained",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "06c65ef3-fc74-4e9f-b923-bc4b8da06454"
},
{
"category": "Asset Management",
"code": "6.5.1.2",
"label": "Ownership of Assets",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "06eed3d5-8e62-42ff-a727-aee4d27a21a3"
},
{
"category": "Access control",
"code": "6.6.2.2",
"label": "User access provisionning",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "0769cff8-adbc-4d3a-921d-622fbce40473"
},
{
"category": "Organisation of information security",
"code": "6.3.1.2",
"label": "Segregation of duties",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "085873ce-e760-40cd-80a4-6f402785696f"
},
{
"category": "Obligations to PII principals",
"code": "A.7.3.2",
"label": "Determining information for PII principals",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "087dde64-823a-495c-92ec-8a282577821f"
},
{
"category": "Context of the organization",
"code": "5.2.4",
"label": "Information security management system",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "0af7c1ab-dad9-4aa2-aefb-4e5dbf4805c7"
},
{
"category": "Access control",
"code": "6.6.4.2",
"label": "Secure log-on procedures",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "0d503be4-a66d-4f49-b960-a987f6aface6"
},
{
"category": "Organisation of information security",
"code": "6.3.1.5",
"label": "Information security in project management",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "0e6f5f89-2755-4448-8183-da973df45b83"
},
{
"category": "PII sharing transfer and disclosure",
"code": "B.8.5.1",
"label": "Basis for PII transfer between jurisdictions",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "0f6b0b0e-403e-4695-9c32-8bdd4ad17718"
},
{
"category": "Asset Management",
"code": "6.5.1.1",
"label": "Inventory of Assets",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "0fd4927b-596a-42f6-b155-052785edbfc5"
},
{
"category": "Operations security",
"code": "6.9.1.3",
"label": "Capacity management",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "103a6955-e9f8-4b66-91ba-bf2cc0e0e8fe"
},
{
"category": "Compliance",
"code": "6.15.1.2",
"label": "Intellectual property rights",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "1285dd9e-108d-4ecf-bccf-8a3f4807963a"
},
{
"category": "Privacy by design and privacy by default",
"code": "B.8.4.3",
"label": "PII transmission controls",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "1416da16-528c-45f4-b1b9-6a305ae1c81f"
},
{
"category": "Systems acquisition development and maintenance",
"code": "6.11.2.6",
"label": "Secure Development Environment",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "16b30180-3754-43da-8bdb-9528fc5e6cde"
},
{
"category": "Asset Management",
"code": "6.5.1.4",
"label": "Return of Assets",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "18c97f9e-20c9-48a4-b1db-b3ba08a6fd4a"
},
{
"category": "Systems acquisition development and maintenance",
"code": "6.11.2.8",
"label": "System security testing",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "190024e1-afae-4346-b094-9f84f6d2e759"
},
{
"category": "Human resources security",
"code": "6.4.1.2",
"label": "Terms and conditions of employment",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "19e032bb-b8b3-40a1-b976-4ac29f8ef613"
},
{
"category": "Privacy by design and privacy by default",
"code": "A.7.4.6",
"label": "Temporary files",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "1ad68deb-f72a-4f4c-816b-fb755544777e"
},
{
"category": "Compliance",
"code": "6.15.2.2",
"label": "Compliance with security policies and standards",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "1bdbc783-3069-42f5-a4f7-745c0290be02"
},
{
"category": "Systems acquisition development and maintenance",
"code": "6.11.2.2",
"label": "System change control procedures",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "1d0c7281-35c6-403c-9c9b-40e9826e73e3"
},
{
"category": "Compliance",
"code": "6.15.1.5",
"label": "Regulation of cryptographic controls",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "1d6c8b29-418c-4a68-89e8-55ce63bed691"
},
{
"category": "Access control",
"code": "6.6.2.1",
"label": "User registration and de-registration",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "1ee8390e-ebeb-4253-ae87-49358ff8730f"
},
{
"category": "Conditions for collection and processing",
"code": "A.7.2.4",
"label": "Obtain and record consent",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "1f597457-a336-4e09-b660-2a680154b8b0"
},
{
"category": "Support",
"code": "5.5.1",
"label": "Resources",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "1fc549c9-c0dd-407a-9648-c3fe0869bc67"
},
{
"category": "Access control",
"code": "6.6.4.5",
"label": "Access control to program source code",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "203fb144-2604-4162-b5c9-f40d22ba2fee"
},
{
"category": "Information security incident management",
"code": "6.13.1.7",
"label": "Collection of evidence",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "238e2cbd-9c07-4f08-b2f5-1f43df4a4c11"
},
{
"category": "Improvement",
"code": "5.8.1",
"label": "Nonconformity and corrective action",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "256ae75a-a97f-46c8-b022-e4525a52c177"
},
{
"category": "Access control",
"code": "6.6.2.4",
"label": "Management of secret authentication information of users",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "27b2e55d-2709-4a74-b75f-89ffa80b0096"
},
{
"category": "Actions to address risks and opportunities",
"code": "5.4.1.2",
"label": "Information Security Risk Assessment",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "28849802-7b7e-46dd-b720-b2bc4db6a67b"
},
{
"category": "Organisation of information security",
"code": "6.3.1.4",
"label": "Contact with special interest groups",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "2a8bce28-154e-4d0d-b829-fee0cd93f861"
},
{
"category": "Information security aspects of business continuity management",
"code": "6.14.1.3",
"label": "Verify review and evaluate information security continuity",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "2a93cf52-ffa5-4da5-85b2-ad39d456cb0d"
},
{
"category": "Information security policies",
"code": "6.2.1.2",
"label": "Review of the policies for information security",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "2abce681-3b58-4c4f-ae56-03eba536e201"
},
{
"category": "Physical and environment security",
"code": "6.8.1.4",
"label": "Protecting against external and environmental threats",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "2c979e09-e057-4cb5-b6b7-800842783110"
},
{
"category": "Compliance",
"code": "6.15.2.1",
"label": "Independent review of information security",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "2f712e97-a7bc-40cb-9552-216fd30ef148"
},
{
"category": "Privacy by design and privacy by default",
"code": "B.8.4.2",
"label": "Return transfer or disposal of PII",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "30525d18-fe33-4813-9519-7816bce5723f"
},
{
"category": "Information security incident management",
"code": "6.13.1.1",
"label": "Responsibilities and procedures",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "30817081-369d-410d-8db7-25f43a1abd43"
},
{
"category": "Systems acquisition development and maintenance",
"code": "6.11.1.2",
"label": "Securing application services on public networks",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "35ef0801-fa39-478f-94a4-cffaf3f2107c"
},
{
"category": "Context of the organization",
"code": "5.2.3",
"label": "Determining the scope of the information security management system",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "36ebd0b0-ab2d-4a7e-b98a-aa048fb6c84e"
},
{
"category": "Communication security",
"code": "6.10.1.3",
"label": "Segregation in networks",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "37d74fdf-8f6d-4197-a298-a30c646a5f53"
},
{
"category": "Operations security",
"code": "6.9.1.2",
"label": "Change management",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "389d1443-d248-4f66-b980-bbdcb50e6c15"
},
{
"category": "Human resources security",
"code": "6.4.2.2",
"label": "Information security awareness education and training",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "3a003a78-d047-4ac0-941c-7ad67491d421"
},
{
"category": "Conditions for collection and processing",
"code": "A.7.2.6",
"label": "Contracts with PII processors",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "3bbc82c8-7c23-4e11-9c3d-c8a8c19dd08c"
},
{
"category": "Privacy by design and privacy by default",
"code": "A.7.4.2",
"label": "Limit processing",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "3dafed59-ef7c-43fc-814c-a17c832b319f"
},
{
"category": "Physical and environment security",
"code": "6.8.1.2",
"label": "Physical entry controls",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "3f68a76b-6c1d-4fcb-952e-c2e9de3d9363"
},
{
"category": "Support",
"code": "5.5.2",
"label": "Competence",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "3fa8deba-8222-473b-b966-dff98dd64a3e"
},
{
"category": "Human resources security",
"code": "6.4.1.1",
"label": "Screening",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "40d912e5-c0d5-44c6-90eb-bdd3a9f7d5c4"
},
{
"category": "Obligations to PII principals",
"code": "A.7.3.8",
"label": "Providing copy of PII processed",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "442e6409-082e-4613-b000-49d141240fc5"
},
{
"category": "Systems acquisition development and maintenance",
"code": "6.11.2.3",
"label": "Technical review of applications after operating platform changes",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "4607f451-23b6-40ed-89f2-71cb91a4d282"
},
{
"category": "Support",
"code": "5.5.5.2",
"label": "Creating and updating",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "4630e54e-2bfb-462e-b88d-4392efe7f276"
},
{
"category": "Support",
"code": "5.5.3",
"label": "Awareness",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "466033e1-6c60-4db2-bf61-ebcae6645a0b"
},
{
"category": "Operation",
"code": "5.6.2",
"label": "Information security risk assessment",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "4c9f0ab8-778b-4c94-aea9-68921b5ad148"
},
{
"category": "Communication security",
"code": "6.10.2.2",
"label": "Agreements on information transfer",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "4cfd17b6-5841-4fa7-8d3b-227af4d3b652"
},
{
"category": "Context of the organization",
"code": "5.2.1",
"label": "Understanding the organization and its context",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "514811fc-ca1a-49be-89cc-57f0042a77aa"
},
{
"category": "Cryptography",
"code": "6.7.1.1",
"label": "Policy on the use of cryptographic controls",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "53e91bf7-76ed-4cb8-b308-21f1dbd52aa3"
},
{
"category": "Information security incident management",
"code": "6.13.1.2",
"label": "Reporting information security events",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "54d38b77-2e5c-4c4e-b47b-b936518e8094"
},
{
"category": "Access control",
"code": "6.6.3.1",
"label": "Use of secret authentication information",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "55f0123d-1c82-4352-8700-03a66e9d72fc"
},
{
"category": "Privacy by design and privacy by default",
"code": "A.7.4.5",
"label": "PII de-identification and deletion at the end of processing",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "56844655-7f50-46ec-bfc1-6d40fa74b31b"
},
{
"category": "PII sharing transfer and disclosure",
"code": "B.8.5.5",
"label": "Legally binding PII disclosures",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "56dc629e-506a-4502-b42d-a49e72ed7ec9"
},
{
"category": "Physical and environment security",
"code": "6.8.1.5",
"label": "Working in secure areas",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "58c52280-09b2-4c91-ab59-eb995f5688fd"
},
{
"category": "Access control",
"code": "6.6.1.1",
"label": "Access control policy",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "5cdeff98-2016-4d39-858e-3fc915185b52"
},
{
"category": "Organisation of information security",
"code": "6.3.1.1",
"label": "Information security roles and responsibilities",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "64cdbec6-e81c-4baf-92bf-1ce53cf3d8b2"
},
{
"category": "Support",
"code": "5.5.5.1",
"label": "General",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "65f112a9-3b20-4f18-950b-085d0be3f114"
},
{
"category": "Operations security",
"code": "6.9.6.2",
"label": "Restrictions on software installation",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "66d4273e-98cd-4d08-9acb-08ba787db13a"
},
{
"category": "Support",
"code": "5.5.5.3",
"label": "Control of documented information",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "6780dda7-2c33-496b-81e3-9d868f47b61d"
},
{
"category": "Physical and environment security",
"code": "6.8.2.9",
"label": "Clear desk and clear screen policy",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "67d95c58-fdf0-439d-8ce6-277238136141"
},
{
"category": "Operations security",
"code": "6.9.5.1",
"label": "Installation of software on operational systems",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "6a78d184-cc44-461e-af3d-3ebc8380b78f"
},
{
"category": "Systems acquisition development and maintenance",
"code": "6.11.2.7",
"label": "Outsourced development",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "6ac5a193-c021-4df4-abd1-bb0aed4af36a"
},
{
"category": "Information security incident management",
"code": "6.13.1.4",
"label": "Assessment of and decision on information security events",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "6c50d8a4-6793-479b-84af-f3cf94fe4102"
},
{
"category": "Information security incident management",
"code": "6.13.1.3",
"label": "Reporting information security weaknesses",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "6dd7fb16-a5f8-4722-9197-bf198327ed8b"
},
{
"category": "Human resources security",
"code": "6.4.2.1",
"label": "Management responsibilities",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "6ddcd365-eeca-473d-b9ad-03726ae858d8"
},
{
"category": "Privacy by design and privacy by default",
"code": "A.7.4.3",
"label": "Accuracy and quality",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "6ee51d2e-83fe-4198-8118-dc7db98515b1"
},
{
"category": "Operations security",
"code": "6.9.1.1",
"label": "Documented operating procedures",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "70a53056-137e-429a-9483-0a2e92a24fac"
},
{
"category": "Asset Management",
"code": "6.5.3.3",
"label": "Physical media transfer",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "71761dbc-aea1-4d01-b09d-abe2e67c4f1a"
},
{
"category": "Access control",
"code": "6.6.4.4",
"label": "Use of privileged utility programs",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "719158a7-c965-46e2-bed9-d273925a3fdd"
},
{
"category": "Operations security",
"code": "6.9.4.3",
"label": "Administrator and operator logs",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "7405dca3-2282-47e2-ac19-1992ff0a0228"
},
{
"category": "Operations security",
"code": "6.9.1.4",
"label": "Separation of development testing and operational environments",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "777d9c77-1093-4a4f-9c1f-ff9db9aa96c1"
},
{
"category": "Physical and environment security",
"code": "6.8.2.4",
"label": "Equipment maintenance",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "77d78b64-a53d-4a62-9b00-7bc4c6df5d99"
},
{
"category": "Performance Evaluation",
"code": "5.7.1",
"label": "Monitoring measurement analysis and evaluation",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "78bae82d-72d6-4b22-abc1-d49747a6dbad"
},
{
"category": "Systems acquisition development and maintenance",
"code": "6.11.1.1",
"label": "Information security requirements analysis and specification",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "7b804877-23cc-4f04-9979-8b6f985d04b9"
},
{
"category": "Performance Evaluation",
"code": "5.7.2",
"label": "Internal audit",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "7b8aa5d2-9afa-4e76-a038-1bb4f169fc23"
},
{
"category": "Privacy by design and privacy by default",
"code": "A.7.4.1",
"label": "Limit collection",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "7bc37de2-8b17-4965-980c-94260e7c84c9"
},
{
"category": "Communication security",
"code": "6.10.2.4",
"label": "Confidentiality or non-disclosure agreements",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "7fab270e-33dc-4df8-853b-770b47ed8b67"
},
{
"category": "Information security incident management",
"code": "6.13.1.6",
"label": "Learning from information security incidents",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "805044a1-7f8c-40b4-9a29-5a9724624a69"
},
{
"category": "Asset Management",
"code": "6.5.3.2",
"label": "Disposal of media",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "8247018f-5966-4fa1-86ed-74f89a17752d"
},
{
"category": "Access control",
"code": "6.6.4.1",
"label": "Information access restriction",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "84f2f3dc-54c0-4b96-8d27-8f2ae47a2964"
},
{
"category": "Compliance",
"code": "6.15.2.3",
"label": "Technical compliance review",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "853373dc-8dc4-451e-b100-55d42aee4ffe"
},
{
"category": "Asset Management",
"code": "6.5.1.3",
"label": "Acceptable Use of Assets",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "85b65a44-6cca-498f-ab76-1079d0bdfadc"
},
{
"category": "Conditions for collection and processing",
"code": "B.8.2.3",
"label": "Marketing and advertising use",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "8862ca92-f431-48c6-b565-fd5fb9aa46d8"
},
{
"category": "Organisation of information security",
"code": "6.3.2.2",
"label": "Teleworking",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "8bb579d1-e9c6-4883-92a9-185cb3987b66"
},
{
"category": "Leadership",
"code": "5.3.1",
"label": "Leadership and commitment",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "8d3a8ce7-3c35-4aed-8143-32f5d2279054"
},
{
"category": "Leadership",
"code": "5.3.2",
"label": "Policy",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "8d6462fd-5a10-4847-92d1-da2585439e5e"
},
{
"category": "Privacy by design and privacy by default",
"code": "A.7.4.4",
"label": "PII minimization objectives",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "8e26c999-8f20-4cfc-8682-3d14c4d8315d"
},
{
"category": "Conditions for collection and processing",
"code": "A.7.2.8",
"label": "Records related to processing PII",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "8e697e5d-c974-44eb-b973-d6c8ba916725"
},
{
"category": "Asset Management",
"code": "6.5.2.3",
"label": "Handling of Assets",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "8f246d95-7e65-4fdf-a9bd-a567e537843e"
},
{
"category": "Context of the organization",
"code": "5.2.2",
"label": "Understanding the needs and expectations of interested parties",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "8f6ef571-4efe-4df1-bca5-92af7e966240"
},
{
"category": "Systems acquisition development and maintenance",
"code": "6.11.2.1",
"label": "Secure development policy",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "8fa447dd-b5e2-4be0-9784-4386ba03abf5"
},
{
"category": "Asset Management",
"code": "6.5.2.1",
"label": "Classification of information",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "91bd3542-b178-4c2e-a62e-ba5d37360ca4"
},
{
"category": "Systems acquisition development and maintenance",
"code": "6.11.1.3",
"label": "Protecting application services transactions",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "92cc1326-12da-4199-b805-9dfb5a6f5870"
},
{
"category": "Supplier relationships",
"code": "6.12.2.2",
"label": "Managing changes to supplier services",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "94aa96fa-a2fa-4507-bec5-05fe0db41b9f"
},
{
"category": "Information security objectives and planning to achieve them",
"code": "5.4.2",
"label": "Information security objectives and planning to achieve them",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "9a30e1ba-93d3-4e96-b8d9-663f2720e90a"
},
{
"category": "PII sharing transfer and disclosure",
"code": "B.8.5.3",
"label": "Records of PII disclosure to third parties",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "9b1c4774-db02-4e14-9b1b-c4fc81438413"
},
{
"category": "Access control",
"code": "6.6.2.3",
"label": "Management of privileged access rights",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "9bb3a441-d077-49a3-a20f-c91f431104e3"
},
{
"category": "PII sharing transfer and disclosure",
"code": "A.7.5.2",
"label": "Countries and international organizations to which PII can be transferred",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "9cc453f9-ec65-4091-b72f-c4411023de64"
},
{
"category": "Supplier relationships",
"code": "6.12.1.3",
"label": "Information and communication technology supply chain",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "9d3cc972-695b-4700-b0ad-a53891329322"
},
{
"category": "Cryptography",
"code": "6.7.1.2",
"label": "Key management",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "9eac1198-8099-4b6c-931c-f59fbc2ec30e"
},
{
"category": "Human resources security",
"code": "6.4.2.3",
"label": "Disciplinary procedures",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "9f509e16-fd65-4121-8144-c2403c924dfb"
},
{
"category": "PII sharing transfer and disclosure",
"code": "B.8.5.6",
"label": "Disclosure of subcontractors used to process PII",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "a0091b82-4864-49dc-a885-a27cd933d4aa"
},
{
"category": "Operations security",
"code": "6.9.2.1",
"label": "Controls against malware",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "a0494662-1835-44f8-b600-df2d2bcdaf7f"
},
{
"category": "Obligations to PII principals",
"code": "A.7.3.6",
"label": "Access correction and/or erasure",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "a1141b2f-868c-4c8c-bb32-911732b9adf9"
},
{
"category": "Leadership",
"code": "5.3.3",
"label": "Organizational roles responsibilities and authorities",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "a3a2049e-f29c-4bae-9c23-d791feba7e0e"
},
{
"category": "Support",
"code": "5.5.4",
"label": "Communication",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "a3d0ca70-89d8-4e54-9ced-20159cf4e3bd"
},
{
"category": "Compliance",
"code": "6.15.1.3",
"label": "Protection of records",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "a66fa2a1-6237-4552-abd5-be6df3856d09"
},
{
"category": "Access control",
"code": "6.6.4.3",
"label": "Password management system",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "a681fb35-04d6-4adc-bde8-b044a26c970d"
},
{
"category": "Compliance",
"code": "6.15.1.4",
"label": "Privacy and protection of personally identifiable information",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "a77afead-e763-41a6-a803-af6b3d0a2cb2"
},
{
"category": "Supplier relationships",
"code": "6.12.1.2",
"label": "Addressing security within supplier agreements",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "a793e4bc-6bd9-49a4-8c4b-4933dc7d2238"
},
{
"category": "Information security aspects of business continuity management",
"code": "6.14.1.2",
"label": "Implementing information security continuity",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "a86710e7-c5bf-4fa7-a311-8757ab2b801b"
},
{
"category": "Operations security",
"code": "6.9.4.1",
"label": "Event logging",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "a87901f1-5d34-46af-afc7-0375e59721f6"
},
{
"category": "Supplier relationships",
"code": "6.12.1.1",
"label": "Information security policy for supplier relationships",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "a943f47f-6996-4490-b45d-9c427942c0a7"
},
{
"category": "Conditions for collection and processing",
"code": "B.8.2.2",
"label": "Organization's purposes",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "a9d08b54-382a-4116-93a0-39d34495c711"
},
{
"category": "Systems acquisition development and maintenance",
"code": "6.11.2.5",
"label": "Secure systems engineering principles",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "af4c64b8-fc6e-4bd7-8679-3cc0d3c31480"
},
{
"category": "Obligations to PII principals",
"code": "A.7.3.9",
"label": "Handling requests",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "b00f4fa5-5643-4b69-8d58-377007ed3696"
},
{
"category": "Conditions for collection and processing",
"code": "B.8.2.4",
"label": "Infringing instruction",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "b1bfc4bc-db05-4d94-9273-382562faefcd"
},
{
"category": "Obligations to PII principals",
"code": "A.7.3.7",
"label": "PII controllers' obligations to inform third parties",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "b40b6f97-5f9b-4f0e-ae6f-317172cd942b"
},
{
"category": "Operations security",
"code": "6.9.3.1",
"label": "Information backup",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "b44c628f-e837-44d0-8392-8f936f8e86e4"
},
{
"category": "Obligations to PII principals",
"code": "A.7.3.3",
"label": "Providing information to PII principals",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "b455a728-91ac-4a9e-bb29-ecd4505fa37b"
},
{
"category": "Conditions for collection and processing",
"code": "A.7.2.5",
"label": "Privacy impactassessment",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "b476a2b4-7eee-4e79-8910-d9e309d8c759"
},
{
"category": "Physical and environment security",
"code": "6.8.1.6",
"label": "Delivery and loading areas",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "b570b846-c1fb-4a9d-8f79-5dac6e4e5d87"
},
{
"category": "Operations security",
"code": "6.9.6.1",
"label": "Management of technical vulnerabilities",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "b5c16404-bcfc-4756-8e42-8ba590803215"
},
{
"category": "Obligations to PII principals",
"code": "A.7.3.1",
"label": "Determining and fulfilling obligations to PII principals",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "bca25a95-8ac6-4b8f-857a-e7ceb72101dd"
},
{
"category": "Performance Evaluation",
"code": "5.7.3",
"label": "Management review",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "bd47b036-1585-4f1f-a648-66f681971779"
},
{
"category": "Access control",
"code": "6.6.2.5",
"label": "Review of user access rights",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "bef5cb25-c14c-473a-b987-1faad4c6be6e"
},
{
"category": "Obligations to PII principals",
"code": "A.7.3.4",
"label": "Providing mechanism to modify or withdraw consent",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "c0b08efb-ff1b-4c47-8cb6-c78860818c90"
},
{
"category": "Obligations to PII principals",
"code": "A.7.3.10",
"label": "Automated decision making",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "c1301d3d-096c-412b-9fc4-80bf6bd2ce4c"
},
{
"category": "PII sharing transfer and disclosure",
"code": "A.7.5.1",
"label": "Identify basis for PII transfer between jurisdictions",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "c1975c78-d5c7-4294-b794-7bf70c443cdf"
},
{
"category": "Supplier relationships",
"code": "6.12.2.1",
"label": "Monitoring and review of supplier services",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "c293ea96-ba7c-4c2c-b8f2-34b2fd13c6b7"
},
{
"category": "Conditions for collection and processing",
"code": "A.7.2.2",
"label": "Identify lawful basis",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "c4709dc0-24a8-4e1d-962c-2fafb958de37"
},
{
"category": "Actions to address risks and opportunities",
"code": "5.4.1.1",
"label": "Actions to address risks and opportunities - General",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "c4d6e81f-91e4-4c90-afa2-433afaad05f4"
},
{
"category": "Organisation of information security",
"code": "6.3.2.1",
"label": "Mobile device policy",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "c690cf3c-e020-450d-865e-32fdc36a609f"
},
{
"category": "Physical and environment security",
"code": "6.8.2.7",
"label": "Secure disposal or re-use of equipment",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "c6923895-042d-4e83-bd6e-9195e74e3188"
},
{
"category": "Physical and environment security",
"code": "6.8.1.1",
"label": "Physical security perimeter",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "c7790c91-5a58-4d1f-9df1-942d4a3ef273"
},
{
"category": "Operations security",
"code": "6.9.7.1",
"label": "Information systems audit controls",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "c8ec4174-841c-4de4-9685-342e1933351c"
},
{
"category": "PII sharing transfer and disclosure",
"code": "A.7.5.3",
"label": "Records of transfer of PII",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "c8feff26-b7e6-4fc0-8067-978ab64f096e"
},
{
"category": "Privacy by design and privacy by default",
"code": "A.7.4.9",
"label": "PII transmission controls",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "cc79433d-bd1b-40eb-9960-5fae6ee09216"
},
{
"category": "PII sharing transfer and disclosure",
"code": "B.8.5.2",
"label": "Countries and international organizations to which PII can be transferred",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "cca8434a-1f0f-48ec-9358-2f3ee5a712da"
},
{
"category": "Conditions for collection and processing",
"code": "A.7.2.1",
"label": "Identify and document purpose",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "cd1267a3-0a09-402c-ada9-85c9291aac26"
},
{
"category": "Systems acquisition development and maintenance",
"code": "6.11.3.1",
"label": "Protection of test data",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "cdb15fe9-9808-4749-8747-c284018cccf0"
},
{
"category": "Information security aspects of business continuity management",
"code": "6.14.1.1",
"label": "Planning information security continuity",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "cfec872a-4fb3-4364-91dc-475236cc2f93"
},
{
"category": "Privacy by design and privacy by default",
"code": "B.8.4.1",
"label": "Temporary files",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "d16fc0f9-ab36-49b6-a4ad-4d8d0120f0a1"
},
{
"category": "Operations security",
"code": "6.9.4.2",
"label": "Protection of log information",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "d21603d6-f97e-4b20-bdf6-7bf5248277cb"
},
{
"category": "Conditions for collection and processing",
"code": "B.8.2.5",
"label": "Customer obligations",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "d2b79e78-5e9b-4a6d-94f7-855274b7831f"
},
{
"category": "Asset Management",
"code": "6.5.2.2",
"label": "Labelling of information",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "d313624f-8213-4f20-b536-b859e8b8c429"
},
{
"category": "Systems acquisition development and maintenance",
"code": "6.11.2.9",
"label": "System acceptance testing",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "d3f5b543-cd6b-4645-8395-e9d00cfdbeb6"
},
{
"category": "Obligations to PII principals",
"code": "A.7.3.5",
"label": "Providing mechanism to object to PIIprocessing",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "d462468f-b212-4c90-aed2-18dc60db95ce"
},
{
"category": "Conditions for collection and processing",
"code": "B.8.2.1",
"label": "Customer agreement",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "d5cde1bc-d630-4a7e-b7c0-04dbae6bff30"
},
{
"category": "Communication security",
"code": "6.10.2.1",
"label": "Information transfer policies and procedures",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "d649f805-1142-4fcf-a119-ae76f392708a"
},
{
"category": "PII sharing transfer and disclosure",
"code": "B.8.5.4",
"label": "Notification of PII disclosure requests",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "d9273c35-a712-46b9-9754-b96cb49d2332"
},
{
"category": "Conditions for collection and processing",
"code": "B.8.2.6",
"label": "Records related to processing PII",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "d9a470ad-a071-4ace-9662-8dc18a96b361"
},
{
"category": "Operations security",
"code": "6.9.4.4",
"label": "Clock synchronisation",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "d9e0e545-7b42-4899-8e56-7f9fc6fce85f"
},
{
"category": "Physical and environment security",
"code": "6.8.2.8",
"label": "Unattended user equipment",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "d9e2a570-4155-4970-88d7-809179ac7f31"
},
{
"category": "Privacy by design and privacy by default",
"code": "A.7.4.8",
"label": "Disposal",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "db2c9e1b-aac1-418c-911e-00eb01cdef6c"
},
{
"category": "PII sharing transfer and disclosure",
"code": "B.8.5.7",
"label": "Engagement of a subcontractor to process PII",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "dccd6bfd-aff7-4b01-8004-4d7eb3348484"
},
{
"category": "Physical and environment security",
"code": "6.8.2.1",
"label": "Equipment siting and protection",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "dcf6c663-23fc-450b-8d46-be3c48bc049a"
},
{
"category": "Information security incident management",
"code": "6.13.1.5",
"label": "Response to information security incidents",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "dd2c4b83-0077-4f70-99b1-74127969c19b"
},
{
"category": "Human resources security",
"code": "6.4.3.1",
"label": "Termination or change of employment responsibilities",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "dd48169a-e980-4e58-804b-fb283786415c"
},
{
"category": "Communication security",
"code": "6.10.1.1",
"label": "Network controls",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "de3adccd-edfe-4379-9b4a-f8243baa6afc"
},
{
"category": "PII sharing transfer and disclosure",
"code": "A.7.5.4",
"label": "Records of PII disclosure to third parties",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "df68917b-f26e-4511-92c1-3b77be11df0f"
},
{
"category": "Privacy by design and privacy by default",
"code": "A.7.4.7",
"label": "Retention",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "e1ea896d-cf46-4a7a-a1ad-a4c3ea188866"
},
{
"category": "Obligations to PII principals",
"code": "B.8.3.1",
"label": "Obligations to PII principals",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "e7247cf7-a80b-4f1d-a32b-9ddd79a84371"
},
{
"category": "Physical and environment security",
"code": "6.8.2.3",
"label": "Cabling security",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "e7f6a752-9122-47cd-a52b-6c6ee7e182f5"
},
{
"category": "Actions to address risks and opportunities",
"code": "5.4.1.3",
"label": "Information Security Risk Treatment",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "e9ba3458-e01f-43e0-9883-7b53a2c8b1a3"
},
{
"category": "Access control",
"code": "6.6.2.6",
"label": "Removal or adjustment of access rights",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "ea2ec9a6-269a-4e38-a90c-381528893d06"
},
{
"category": "Organisation of information security",
"code": "6.3.1.3",
"label": "Contact with authorities",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "ea53cbc7-bec8-472b-9468-6389ea53e786"
},
{
"category": "Operation",
"code": "5.6.3",
"label": "Information security risk treatment",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "ec5da672-3770-4120-a041-b61b09b84757"
},
{
"category": "Physical and environment security",
"code": "6.8.2.6",
"label": "Security of equipment and assets off-premises",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "edebd5a7-ebb3-4942-8b72-60293b1ec524"
},
{
"category": "Operation",
"code": "5.6.1",
"label": "Operational planning and control",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "ee177f90-a062-4d24-aea7-a7e1098ad3e4"
},
{
"category": "Physical and environment security",
"code": "6.8.2.2",
"label": "Supporting utilities",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "f08bfc02-4466-4378-ac24-73247e695667"
},
{
"category": "Systems acquisition development and maintenance",
"code": "6.11.2.4",
"label": "Restrictions on changes to software packages",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "f1645c93-2336-4729-9c68-dc77341e7112"
},
{
"category": "Compliance",
"code": "6.15.1.1",
"label": "Identification of applicable legislation and contractual requirements",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "f3db84e6-5546-48db-bd12-86b56490ace5"
},
{
"category": "Access control",
"code": "6.6.1.2",
"label": "Access to networks and network services",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "f943a311-075b-4282-bf24-cf36b7aff54d"
},
{
"category": "Physical and environment security",
"code": "6.8.2.5",
"label": "Removal of assets",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "f98a71be-5dd2-4124-82d5-1a533516c8a3"
},
{
"category": "Communication security",
"code": "6.10.1.2",
"label": "Security of network services",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "fae6cccf-0765-4894-9914-5983325e39e1"
},
{
"category": "Conditions for collection and processing",
"code": "A.7.2.7",
"label": "Joint PII controller",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "fcd65733-75b3-4c48-b066-783a2766fa71"
},
{
"category": "Asset Management",
"code": "6.5.3.1",
"label": "Management of removable media",
"referential": "f65b378c-ab20-4651-825b-4da34944b519",
"referential_label": "ISO 27701",
"uuid": "fe333449-ff0e-46ff-845a-deace938868b"
}
],
"version": 1,
"version_ext": "2019"
}