ISO 27701, Clause 6.3.1.3 – Contact With Authorities

ISO 27701 Controls and Clauses Explained

Book a demo

interior,of,contemporary,multi floor,business,center,with,large,windows,and

The International Organization for Standardization (ISO) advocates for a holistic approach to privacy protection and PIMS-related activities that includes organisations making professional connections with ‘special interest groups’ (i.e. an individual or organisation involved with information security, and understanding how to react to incidents by involving the relevant external authorities.

Whoever the organisation decides to communicate with – and however they choose to do it – all efforts need to be focused on both improving current privacy protection standards, and bolstering resilience against the future loss, theft or misuse of PII.

What’s Covered in ISO 27701 Clause 6.3.1.3

ISO 27701 Clauses 6.3.1.3 and 6.3.1.4, whilst not constituting their own subsection of clause 6.3, are linked together in numerous ways, and should be considered together for practical purposes.

Both clauses are linked to guidance contained within ISO 27002, but instead of making reference to information security, deal solely with PII, privacy protection and the setup and maintenance of a PIMS (neither clause contains any GDPR-specific guidance).

  • ISO 27701 Clause 6.3.1.3 – Contact with authorities (References ISO 27002 Control 5.5)

  • ISO 27701 Clause 6.3.1.4 – Contact with special interest groups (References ISO 27002 Control 5.6)
Jump to Topic
Achieve ISO 27701 Success

See our platform in action with a tailored hands-on session based on your needs and goals.

Book your demo
img

ISO 27701 Clause 6.3.1.3 – Contact With Authorities

References ISO 27002 Control 5.5

Organisations acting as a PII data controller who experience an intrusion should have a categorical set of instructions to rely on, which outlines how to communicate with external authorities to:

  • Take action against the source.

  • Set internal expectations.

  • Improve resolution time.

External authorities may include:

  • The emergency services.

  • Utility providers.

  • Internet/telephony providers.

All communication methods should be planned out and documented as part of a privacy protection policy that informs law enforcement agencies, regulatory bodies and any other industry or sector-specific agencies who have a right to know about privacy protection-related matters.

Contact with authorities is closely linked to:

  • Organisational incident management (see ISO 27002 controls 5.24 to 5.28).

  • BUDR and business continuity (see ISO 27002 controls 5.29 to 5.30).

Relevant Controls

  • ISO 27002 5.24

  • ISO 27002 5.28

ISO 27701 Clause 6.3.1.4 – Contact With Special Interest Groups

References ISO 27002 Control 5.6

Alongside external authorities, organisations should maintain an ongoing professional relationship with industry and sector-specific ‘special interest groups’, to demonstrate compliance, improve their PII protection standards and develop a more efficient Privacy Information Management System.

Organisations should seek out membership of special interest groups in order to:

  1. Remain informed about current industry best practices, and gather specialised advice.

  2. Put themselves in the best possible position to receive early warnings of real and projected attack vectors.

  3. Participate in industry-wide forums and seminars that disseminate the latest technologies, security techniques, protection standards and operating procedures.

  4. Forge links with individuals and companies who will be able to assist in the event of an incident (see ISO 27002 5.24 to 5.28).

Supporting Controls From ISO 27002 and GDPR

ISO 27701 Clause IdentifierISO 27701 Clause NameISO 27002 ControlAssociated GDPR Articles
6.3.1.3Contact With Authorities5.5 – Contact with Authorities for ISO 27002None
6.3.1.4Contact With Special Interest Groups5.6 – Contact with Special Interest Groups for ISO 27002None

How ISMS.online Helps

By adding a PIMS to your ISMS on the ISMS.online platform, your security posture remains all-in-one-place and you’ll avoid duplication where the standards overlap.

With your PIMS instantly accessible to interested parties, it’s never been easier to monitor, report and audit against both ISO 27001 and ISO 27701 at the click of a button.

Find out how much time and money you’ll save on your journey to a combined ISO 27001 and 27701 certification using ISMS.online.

Find out more by booking a demo.

See ISMS.online
in action

Book a tailored hands-on session
based on your needs and goals
Book your demo

We’re cost-effective and quick

Discover how easy ISO 27701 is with ISMS.online
Get your quote

ISMS.online now supports ISO 42001 - the world's first AI Management System. Click to find out more