SO 27701 和 ISO 42001：如何集成隐私和 AI 管理系统.pdf

1、ISO 27701&ISO 42001:How to Integrate Privacy and AI Management SystemsDr.Sebastian KraskaExternal DPOIITR Datenschutz GmbHAnna RockeDirector Data Privacy,Ethics&ComplianceCelonis SECristina SireraGlobal Data Protection Director,CIPP/EColt Technology ServicesSrinivas PoosarlaSenior VP and Group Chief

2、InfosysWELCOME AND INTRODUCTIONSISO 27001,ISO 27701,ISO 42001ISO27001Standard to establish an Information Security Management System(ISMS)to protect confidentiality,integrity and availability of(any)data.ISO 27701Extension of ISO 27001 for Controllers and Processors to protect Personal Identifiable

3、Information(PII)in compliance with regulations such as GDPR through a Privacy Information Management System(PIMS).ISO 42001Standard focused on creating trustworthy,ethical,and responsible Artificial Intelligence Management System(AIMS)to ensure transparency,accountabilityand fairness in AI practices

4、.Designed to be(partially)combined:harmonized High-Level Structure ISO 27701 Certification-Prerequisites“Money talks”oResources,budget and management commitment.“Recording is rewarding”oRecords of privacy policies,procedures,risk assessments,and incidents.“Best team wins”oIntegration of privacy cons

5、iderations into existing processes and systems.“There is no privacy without security”oEnsure your organization is already ISO 27001 certified.ISO 27701 Certification-Checklist(1/2)1.Become a norm nerd!Familiarize yourself with ISO 27701 and its requirements.Provide training for your team on ISO 2770

6、1 requirements and privacy governance.2.Mind the gap!Assess your current privacy management practices against ISO 27701 requirements.Identify gaps/areas that need improvement or additional measures.3.Be able to tick the boxes!Establish a Privacy Information Management System(PIMS)tailored to your or