Professional Documents
Culture Documents
ISO27k ISMS A5.34 Skeleton Policy On Privacy 2023
ISO27k ISMS A5.34 Skeleton Policy On Privacy 2023
----------
ISO/IEC 27002:2022 clause 5.34 indicates that "The organization should establish
and communicate a topic-specific policy on privacy and protection of PII
[Personally Identifiable Information] to all relevant interested parties."
Policy statements
-----------------
4. You can manage your consent to the processing of your personal data by:
- Updating your account preferences through our website or mobile app
- Clicking the unsubscribe link in any of our marketing and promotional
communications sent directly to you
- Otherwise contacting our Data Protection Officer [provide contact details]
5. We protect your personal data against unauthorized access, use or disclosure by:
- Encrypting it during communications and storage
- Restricting access to authorized individuals using logical, physical and
procedural access controls
- Guiding workers on their privacy obligations through internal policies
coupled with an awareness and training program, with management oversight
Notes
-----
This is a �skeleton� policy providing just the bare bones, the basic foundations on
which to construct a custom policy for your organisation. It is written in the
first person, the style typically used by privacy policies published on corporate
websites. As hinted at by the standard's mention of communicating the policy to
all relevant interested parties, it would normally be supplemented by classical
internal/corporate security policies and procedures expanding on the obligations,
requirements and practicalities for workers handling personal information (not just
digital computer data, remember).
IMPORTANT DISCLAIMER; given the compliance and risk implications, the policy MUST
be customised/adapted, extended and approved by competent specialist advisors
familiar with the particular laws, regulations and risks applicable to your
organisation. This generic and incomplete skeleton policy is simply provided to
get you started: it is NOT advice.