ISO 27001 SECURITY MANAGEMENT SYSTEM
The information officer has wide-ranging responsibilities which can be made easier to fulfil with the aid of tools.
Documentation of Organisational Roles and Responsibilities
Participating in the development of policies and procedures requires the information officer to maintain regular liaison with relevant departments in respect of any changes to processing activities.
A record of legal obligations is maintained against which to validate the legal basis for processing personal information, retain records and ensure that the processing of personal information is lawful.
Inventory of Processing of personal information
The task of maintaining records of processing operations under the responsibility of the controller or the processor is one of the tools enabling the information officer to perform his or her tasks of informing and advising the responsible party or the operator, and monitoring compliance with the Act.
Details of outsourced processing operations under the responsibility of the operator enables the information officer to perform his or her tasks of informing and advising the responsible party or the operator, and monitoring compliance with the Act.
Privacy Impact Assessments
A structured approach that can help information officers identify the most effective way to comply with their data protection obligations of the Protection of Personal Information Act and meet individuals’ expectations of privacy.
Knowledge Base of Vulnerabilities
An up-to-date reference source of data protection vulnerabilities to support a risk-based approach to protecting individual rights and freedoms, and recognising and notifying the Information Regulator and affected individuals.
Privacy Risk Register
A record of the type and current status of risks.
Follow-up of Corrective Actions within the organisation
Translate what you’ve learned into actual actions that can serve as evidence of your compliance.
Workflow and Automated Notification
Automated process triggers to alert personal that action is necessary.
Traceability of the Procedures
Evidence maintained to demonstrate compliance whenever requested.
Information Request and Complaints handling
Record, track, handle and resolve data subject and Information Regulator information requests and complaints.
Prepare to respond efficiently and effectively to privacy breaches.
Monitor and report on the status of data processing activities.
Staff Awareness and Training
Support organisational culture change through ongoing awareness programmes and training.
Checklist maintained to regularly verify that the rights and freedoms of individuals are being protected.