127 indexed
COMPLIANCECompliance controls
127 controls across 14 compliance frameworks, grouped by framework. For cross-framework Jaccard overlap see /explore/crosswalk. Authored by Adam Lundqvist.
8 in ISO27701 · 127 total
| ID | Title | Summary |
|---|---|---|
| ISO27701-A.7.2.1 | Identify and document the purpose ISO27701pentest:medium | The organisation should identify and document the specific purposes for which the PII will be processed. The legal basis for the processing should be documente… |
| ISO27701-A.7.2.2 | Identify lawful basis ISO27701pentest:medium | The organisation should determine, document and comply with the relevant lawful basis for the processing of PII for the identified purposes. For each processin… |
| ISO27701-A.7.3.1 | Determining and fulfilling obligations to PII principals ISO27701pentest:medium | The organisation should determine and document its legal, regulatory and contractual obligations to PII principals related to the processing of their PII and p… |
| ISO27701-A.7.3.6 | Access, correction and/or erasure ISO27701pentest:high | The organisation should implement policies, procedures and mechanisms to meet their obligations to PII principals to access, correct and/or erase their PII. Th… |
| ISO27701-A.7.4.1 | Limit collection ISO27701pentest:high | The organisation should limit the collection of PII to the minimum necessary for the identified purposes. Data minimisation must be enforced at the application… |
| ISO27701-A.7.4.5 | PII de-identification and deletion at the end of processing ISO27701pentest:high | The organisation should either delete PII or render it in a form which does not permit identification or re-identification of PII principals, as soon as the or… |
| ISO27701-A.7.5.1 | Identify basis for PII transfer between jurisdictions ISO27701pentest:medium | The organisation should identify and document the relevant basis for transfers of PII between jurisdictions. Where applicable transfer mechanisms (adequacy dec… |
| ISO27701-A.8.2.1 | Customer agreement (processor) ISO27701pentest:low | The organisation should ensure, where relevant, that a contract or other documented agreement with the customer addresses the protection of PII. The agreement … |