Cryptography (encryption), along with role-based access, is the foremost method of securing PII and privacy-related information from unauthorised use.
Cryptographic controls are a prerequisite for almost all PII-related activities, where private information is transferred between systems, applications, users and third parties.
ISO 27701 6.7 contains two sub-clauses, both of which rely on the same guidance notes from ISO 27002 8.2.4, that provides a cryptographic framework for organisations to operate within:
ISO 27002 6.7.1.1 contains guidance that falls under UK GDPR legislation. The relevant articles have been provided for your convenience.
Please note that GDPR citations are for indicative purposes only. Organisations should scrutinise the legislation and make their own judgement on what parts of the law applies to them.
Organisations should use encryption to protect the confidentiality, authenticity and integrity of PII and privacy-related information, and to adhere to their various contractual, legal or regulatory obligations.
Encryption is a far-reaching concept – there is no ‘one size fits all’ approach. Organisations should assess their needs and choose a cryptographic solution that meets their unique commercial and operational objectives.
Organisations should consider:/p>
Key management procedures should be spread out over 7 main functions:
Organisational key management systems should:
Book a tailored hands-on session
based on your needs and goals
Book your demo
See above section on Key Management (ISO 27701 6.7.1.1).
ISO 27701 Clause Identifier | ISO 27701 Clause Name | ISO 27002 Control | Associated GDPR Articles |
---|---|---|---|
6.7.1.1 | Policy on the Use of Cryptographic Controls | 8.24 – Use of Cryptography for ISO 27002 | Article (32) |
6.7.1.2 | Key Management | 8.24 – Use of Cryptography for ISO 27002 | None |
How do we help?
ISO 27701 shows you how to build a Privacy Information Management System that complies with most privacy regulations, including the EU’s GDPR, BS 10012 and South Africa’s POPIA.
Our simplified, secure, sustainable software helps you easily follow the approach outlined by the internationally recognised standard.
All the features you need:
Find out how much time and money you’ll save on your journey to a combined ISO 27002 and 27701 certification using ISMS.online by booking a demo.
We can’t think of any company whose service can hold a candle to ISMS.online.