With GlobalSuite® you can implement the requirements to administer, manage data and protect the privacy of personally identifiable information (PII) without the need to develop a new management system. The platform is designed to allow the addition of industry-specific requirements by complementing the requirements and controls established by the ISO 27001 standard and the ISO 27002 Best Practice Guide
Discover our PII software
Guidance of services and processes through asset inventory. Configuration of dimensions and valuation levels.
Catalogue of configurable controls and summary of them, management settings, risk reassessment, parameterizable questionnaires.
Parameterization of probability and impact, risk assessment, cost analysis, asset threats and configurable.
Definition of acceptable risk, acceptable risk levels, risk listing, risk map, simultaneous or dependent risks.
It allows to manage the proposal of indicators, Differential Analysis, Declaration of Applicability, capacity management, management of changes and acquisitions, etc.
Continuity, Capacity and Training Plans
It allows you to track a history of each plan and assign metrics for tracking.
Integration with Power BI
It exploits GlobalSUITE data to the maximum® by making an executive dashboard in a Business Intelligence tool such as PowerBI.
It allows the control of all the documentation, in different formats, to support the management of the continuity of the company.
The comprehensive dashboard enables the management and strategic control of the organization through different metrics and indicators.
Do you know how you need to extend the requirements of ISO 27001 and ISO 27002 to take cloud privacy protection into account?
ISO 27701 refers to the data protection legislation in force in the country where it is implemented, which is an ideal basis for all those organizations that want to provide a trust in their customers, supported by a process of continuous improvement and transparency of their processes and procedures, as it is estimated that this standard can cover future certifications associated with the General Data Protection Regulation (GDPR) as it is a certifiable standard associated with ISO 27001.
In a more detailed way ISO 27701 extends the requirements of ISO 27001 and ISO 27002 to take into account the protection of privacy, potentially affected by the processing and processing of personal information, in the following sections:
- Clause 5: The requirements set out in this section are traceable with paragraphs 4 to 10 of ISO 27001, extending the requirements on information protection specifically for paragraph 4 on the organizational context and paragraph 6 planning for risk management, not providing additional needs in the rest of the paragraphs.
- Clause 6: This section extends the requirements set out in the ISO 27002 Good Practice Guide and the controls set out in Annex A to ISO 27001, reviewing the 114 controls and extending the requirements on the protection of information in controls domains 5 through 18, with the exception of domain 17 (Information Security in Business Continuity) where no additional measures are established to existing ones.
- Clause 7: Determines additional controls and implementation guidance for Personally Identifiable Information (PII) owners. These controls must not be implemented in their entirety, but their applicability or exclusion must be duly justified.
- Clause 8: Similar to the requirements of clause 7, this section establishes additional controls and an implementation recommendation for those responsible for processing personal information of contracted third parties, also taking into account whether they, in turn, outsource services.
The standard is intended to be used by all types of organizations, regardless of their size, complexity or the country in which they operate.
Our role in carrying out the Consulting of your organization for the implementation, management and maintenance of all the requirements required by ISO 27701 in its sector of action.