<p class="MsoBodyText" style="margin: 4.55pt 58.45pt .0001pt 19.85pt;">This <span style="color: black; mso-color-alt: windowtext; background: yellow;">document specifies</span> controls, purpose, and guidance for implementing controls, to meet the requirements identified by a risk and impact assessment related to the protection of personally identifiable information (PII).</p>
<p class="MsoBodyText" style="margin-right: 65.8pt;">In particular, this <span style="color: black; mso-color-alt: windowtext; background: yellow;">document</span> specifies <span style="color: black; mso-color-alt: windowtext; background: yellow;">requirements and</span> guidance based on ISO/IEC 27002, taking into consideration the controls for processing PII that can be applicable within the context of an organization's information security risk environment(s).</p>
<p class="MsoBodyText" style="margin-right: 72.85pt;">This <span style="color: black; mso-color-alt: windowtext; background: yellow;">document</span> is applicable to all types and sizes of organizations acting as PII controllers (as defined in ISO/IEC 29100), including public and private companies, government entities and not-for-profit organizations that process PII, in particular, organizations that do not establish or operate a privacy information management system.</p>
Registration number (WIID)
88151
Scope
<p class="MsoBodyText" style="margin: 4.55pt 58.45pt .0001pt 19.85pt;">This <span style="color: black; mso-color-alt: windowtext; background: yellow;">document specifies</span> controls, purpose, and guidance for implementing controls, to meet the requirements identified by a risk and impact assessment related to the protection of personally identifiable information (PII).</p>
<p class="MsoBodyText" style="margin-right: 65.8pt;">In particular, this <span style="color: black; mso-color-alt: windowtext; background: yellow;">document</span> specifies <span style="color: black; mso-color-alt: windowtext; background: yellow;">requirements and</span> guidance based on ISO/IEC 27002, taking into consideration the controls for processing PII that can be applicable within the context of an organization's information security risk environment(s).</p>
<p class="MsoBodyText" style="margin-right: 72.85pt;">This <span style="color: black; mso-color-alt: windowtext; background: yellow;">document</span> is applicable to all types and sizes of organizations acting as PII controllers (as defined in ISO/IEC 29100), including public and private companies, government entities and not-for-profit organizations that process PII, in particular, organizations that do not establish or operate a privacy information management system.</p>
