SlideShare a Scribd company logo

Personally Identifiable Information Protection

PECB
PECB

“If we’re going to be connected, then we need to be protected. As Americans, we shouldn’t have to forfeit our basic privacy when we go online to do our business. Each of us as individuals have a sphere of privacy around us that should not be breached, whether by our government, but also by commercial interests.” These words were spoken two weeks ago by the American president Barack Obama, who urged Congress to pass a series of cybersecurity and privacy laws that will protect even more the data privacy of customers and children in schools. Once again the data Privacy and Regulation topic became newspaper headlines.

Technology
1 of 3
Download to read offline
www.pecb.org Personally Identifiable Information Protection
“If we’re going to be connected, then we need to be protected. As Americans, we shouldn’t have to forfeit our basic privacy when we go online to do our business. Each of us as individuals have a sphere of privacy around us that should not be breached, whether by our government, but also by commercial interests.” These words were spoken two weeks ago by the American president Barack Obama, who urged Congress to pass a series of cybersecurity and privacy laws that will protect even more the data privacy of customers and children in schools. Once again the data Privacy and Regulation topic became newspaper headlines. In 2014 Privacy and Regulation issues have continued affecting lots of levels, and looking ahead to 2015, according to Information Security Forum (ISF), this topic will still dominate as one of the five security trends together with cybercrime, threats from third-party providers, bring-your-own BYO, and people. Even more, it is predicted that in 2015 all these security trends will just continue to increase their complexity and sophistication. So, for every organization the concept of privacy specifically the concept of Personally Identifiable Information (PII) protection will have critical role to achieve organizations objectives. Nowadays every organization has to balance its own interests with those of the customers. It has to comply with various applicable laws to reduce regulatory sanctions inside the state where it functions, and also to treat data privacy protection as a business risk, all this to reduce possible reputation damage and loss of customers due to privacy breaches. However the massive numbers of information and communication technologies (ICT) which are used to transmit, share, collect and carry data information and the enormous amount of data that pass everyday through these processes have made privacy protection a very complex task. One of the reasons for this is that data privacy breaches are influenced directly by technology innovations, and the fact that legislation can never be fast enough to answer technology developments makes it very difficult to maintain regulations regarding this issue. Another reason is that in different countries there are already different laws that regulate and protect the use of Personally Identifiable Information (PII), and they have penalties for these kinds of threats. Compliance to all these regulations is hard and confusing for international organizations. There are already some states in US and EU that are developing stronger protections and have created several penalties for customers’ data loss. Since states are creating regulation systems in independent way, to have to comply with all these laws its costly and it is bringing more work for organizations which need to have resources, specific management structure and control toward this issue. 2
As a result, it is more than needed to have international information security standards as a global point of reference to PII protection. The International Organization for Standardization has already published some standards and is intending to have specific standards that will protect PII from different points of view. Code of practice for information security controls known as ISO 27002 is considered one of them. This standard was developed taking into account the controls requirement already contained in ISO 27001. So, ISO 27002 is a technical standard providing a number of requirements and good practices designed to ensure information security of data in general. Personally Identifiable Information PII requires that organizations develop and implement a policy that will protect Personally Identifiable Information. In addition to this, standards such as ISO 29100 Privacy framework and ISO 29101 Privacy framework architecture are developed to provide a higher level framework for the protection of Personally Identifiable Information PII within information and communication technology systems. These standards can be used to design, implement, operate and maintain information and communication technologies system that will enable the protection of PII and will improve organizations’ privacy programs through the use of best practices. The vast amount of data that nowadays is saved in cloud systems have ushered into scope another standard, namely Code of practice for protection of PII or ISO 27018, which requires PII protection at certain functions within the cloud services. This standard is useful for cloud service providers to offer adequate quality and secure cloud services concerning the privacy of data. Furthermore, given the prominence that the issue of privacy security enjoys among customers, the aforementioned standard can facilitate the decision making process of customers when selecting the most feasible option regarding cloud service providers. Compliance with all standards controls will help organizations and will improve their information security system, however in every country such controls implementation depend on national legislation which can impose different obligation and can have different restrictions toward personally identifiable information. This is the reason why every organization should give full attention to have security specialists who are certified on information security and have appropriate knowledge and experience to link data security with company’s goals and to work under the legal and regulatory requirements. Professional Evaluation and Certification Board (PECB) is a personnel certification body on a wide range of professional standards. It offers ISO 27001, ISO 27005, ISO 29100 and ISO 27002, training and certification services for professionals wanting to support organizations on the implementation of these management systems. Regarding privacy PECB offers Certified Lead Privacy Implementer training and certification based on ISO 29100. ISO Standards and Professional Trainings offered by PECB: • Certified Lead Implementer (5 days) • Certified Lead Auditor (5 days) • Certified Foundation (2 days) • ISO Introduction (1 day) Lead Auditor, Lead Implementer and Master are certification schemes accredited by ANSI ISO/IEC 17024. Rreze Halili is the Security, Continuity, Recovery (SCR) Product Manager at PECB. She is in charge of developing and maintaining training courses related to SCR. If you have any questions, please do not hesitate to contact: scr@pecb.org. For further information, please visit www.pecb.org/en/training 3

Recommended

Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...
Jan Carroza
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)
KP Naidu
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance
Raffa Learning Community
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?
Raffa Learning Community
 
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityThe 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
Kegler Brown Hill + Ritter
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
Dmcenter
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
Donald E. Hester
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance
Raffa Learning Community
 

Recommended

Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...
Jan Carroza
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)
KP Naidu
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance
Raffa Learning Community
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?
Raffa Learning Community
 
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityThe 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
Kegler Brown Hill + Ritter
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
Dmcenter
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
Donald E. Hester
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance
Raffa Learning Community
 
Data protection act
Data protection act Data protection act
Data protection act
Iqbal Bocus
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacy
Solix Technologies, Inc
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
Keelan Stewart
 
Lily lim data privacy ownership and ethics
Lily lim data privacy ownership and ethicsLily lim data privacy ownership and ethics
Lily lim data privacy ownership and ethics
MassTLC
 
Data Protection: Process Information
Data Protection: Process InformationData Protection: Process Information
Data Protection: Process Information
Cristina Villavicencio
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...
David Cunningham
 
2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?
Raffa Learning Community
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Financial Poise
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Rapid7
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Raleigh ISSA
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacy
himanshu jain
 
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copyData goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copy
Sandra (Sandy) Dunn
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trust
lmgangi
 
Introduction to Hacking (101) Fundamentals
Introduction to Hacking (101) FundamentalsIntroduction to Hacking (101) Fundamentals
Introduction to Hacking (101) Fundamentals
Toño Herrera
 
Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)
Aspiration Software LLC
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
Anushka Perera
 
Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)
Lance Michalson
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
Trend Micro
 
Case for-secure-email-encryption
Case for-secure-email-encryptionCase for-secure-email-encryption
Case for-secure-email-encryption
NeoCertified
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
imehreenx
 
Ch1 introduction to spi1.0
Ch1 introduction to spi1.0Ch1 introduction to spi1.0
Ch1 introduction to spi1.0
Kittitouch Suteeca
 
Se423mid term preview
Se423mid term previewSe423mid term preview
Se423mid term preview
Kittitouch Suteeca
 

More Related Content

What's hot

Data protection act
Data protection act Data protection act
Data protection act
Iqbal Bocus
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...
David Cunningham
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Financial Poise
 
Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)
Aspiration Software LLC
 
Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)
Lance Michalson
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
Trend Micro
 
Case for-secure-email-encryption
Case for-secure-email-encryptionCase for-secure-email-encryption
Case for-secure-email-encryption
NeoCertified
 

What's hot (20)

Data protection act
Data protection act Data protection act
Data protection act
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacy
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
 
Lily lim data privacy ownership and ethics
Lily lim data privacy ownership and ethicsLily lim data privacy ownership and ethics
Lily lim data privacy ownership and ethics
 
Data Protection: Process Information
Data Protection: Process InformationData Protection: Process Information
Data Protection: Process Information
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...
 
2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacy
 
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copyData goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copy
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trust
 
Introduction to Hacking (101) Fundamentals
Introduction to Hacking (101) FundamentalsIntroduction to Hacking (101) Fundamentals
Introduction to Hacking (101) Fundamentals
 
Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
 
Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
 
Case for-secure-email-encryption
Case for-secure-email-encryptionCase for-secure-email-encryption
Case for-secure-email-encryption
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
 

Viewers also liked

Ch5 software imprementation1.0
Ch5 software imprementation1.0Ch5 software imprementation1.0
Ch5 software imprementation1.0
Kittitouch Suteeca
 
Introduction to ISO29110
Introduction to ISO29110Introduction to ISO29110
Introduction to ISO29110
Krit Kamtuo
 
Ch4 project management process
Ch4 project management processCh4 project management process
Ch4 project management process
Kittitouch Suteeca
 
Data classification
Data classificationData classification
Data classification
Silicon
 
Ch 10 cost of software quality
Ch 10 cost of software qualityCh 10 cost of software quality
Ch 10 cost of software quality
Kittitouch Suteeca
 
Collection, classification and presentation of data
Collection, classification and presentation of dataCollection, classification and presentation of data
Collection, classification and presentation of data
Nidhi
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification Presentation
Derroylo
 

Viewers also liked (16)

Ch1 introduction to spi1.0
Ch1 introduction to spi1.0Ch1 introduction to spi1.0
Ch1 introduction to spi1.0
 
Se423mid term preview
Se423mid term previewSe423mid term preview
Se423mid term preview
 
Software Entrepreneurship
Software EntrepreneurshipSoftware Entrepreneurship
Software Entrepreneurship
 
Mapping a Privacy Framework to a Reference Model of Learning Analytics
Mapping a Privacy Framework to a Reference Model of Learning AnalyticsMapping a Privacy Framework to a Reference Model of Learning Analytics
Mapping a Privacy Framework to a Reference Model of Learning Analytics
 
Ch5 software imprementation1.0
Ch5 software imprementation1.0Ch5 software imprementation1.0
Ch5 software imprementation1.0
 
Ch0 se423 outline
Ch0 se423 outlineCh0 se423 outline
Ch0 se423 outline
 
Ch3 introduction to iso29110
Ch3 introduction to iso29110Ch3 introduction to iso29110
Ch3 introduction to iso29110
 
Ch2 introduction to standard
Ch2 introduction to standardCh2 introduction to standard
Ch2 introduction to standard
 
Introduction to ISO29110
Introduction to ISO29110Introduction to ISO29110
Introduction to ISO29110
 
Ch4 project management process
Ch4 project management processCh4 project management process
Ch4 project management process
 
Data classification
Data classificationData classification
Data classification
 
Ch 10 cost of software quality
Ch 10 cost of software qualityCh 10 cost of software quality
Ch 10 cost of software quality
 
Collection, classification and presentation of data
Collection, classification and presentation of dataCollection, classification and presentation of data
Collection, classification and presentation of data
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification Presentation
 
Classification & tabulation of data
Classification & tabulation of dataClassification & tabulation of data
Classification & tabulation of data
 
What is Big Data?
What is Big Data?What is Big Data?
What is Big Data?
 

Similar to Personally Identifiable Information Protection

A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
PECB
 
Managing Consumer Data Privacy
Managing Consumer Data PrivacyManaging Consumer Data Privacy
Managing Consumer Data Privacy
Gigya
 

Similar to Personally Identifiable Information Protection (20)

The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
 
General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
Data Protection and Data Privacy
Data Protection and Data PrivacyData Protection and Data Privacy
Data Protection and Data Privacy
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standards
 
Encryption During Communication
Encryption During CommunicationEncryption During Communication
Encryption During Communication
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer Platform
 
PREPARING FOR THE GDPR
PREPARING FOR THE GDPRPREPARING FOR THE GDPR
PREPARING FOR THE GDPR
 
Privacy as a Career
Privacy as a CareerPrivacy as a Career
Privacy as a Career
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
 
GDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantGDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliant
 
Is it time for an IT Assessment?
Is it time for an IT Assessment?Is it time for an IT Assessment?
Is it time for an IT Assessment?
 
Managing Consumer Data Privacy
Managing Consumer Data PrivacyManaging Consumer Data Privacy
Managing Consumer Data Privacy
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) planCWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover Story
 
Iso 27001 whitepaper
Iso 27001 whitepaperIso 27001 whitepaper
Iso 27001 whitepaper
 

More from PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
PECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
PECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
PECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
PECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
PECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
PECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 

More from PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Recently uploaded (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Personally Identifiable Information Protection

  • 2. “If we’re going to be connected, then we need to be protected. As Americans, we shouldn’t have to forfeit our basic privacy when we go online to do our business. Each of us as individuals have a sphere of privacy around us that should not be breached, whether by our government, but also by commercial interests.” These words were spoken two weeks ago by the American president Barack Obama, who urged Congress to pass a series of cybersecurity and privacy laws that will protect even more the data privacy of customers and children in schools. Once again the data Privacy and Regulation topic became newspaper headlines. In 2014 Privacy and Regulation issues have continued affecting lots of levels, and looking ahead to 2015, according to Information Security Forum (ISF), this topic will still dominate as one of the five security trends together with cybercrime, threats from third-party providers, bring-your-own BYO, and people. Even more, it is predicted that in 2015 all these security trends will just continue to increase their complexity and sophistication. So, for every organization the concept of privacy specifically the concept of Personally Identifiable Information (PII) protection will have critical role to achieve organizations objectives. Nowadays every organization has to balance its own interests with those of the customers. It has to comply with various applicable laws to reduce regulatory sanctions inside the state where it functions, and also to treat data privacy protection as a business risk, all this to reduce possible reputation damage and loss of customers due to privacy breaches. However the massive numbers of information and communication technologies (ICT) which are used to transmit, share, collect and carry data information and the enormous amount of data that pass everyday through these processes have made privacy protection a very complex task. One of the reasons for this is that data privacy breaches are influenced directly by technology innovations, and the fact that legislation can never be fast enough to answer technology developments makes it very difficult to maintain regulations regarding this issue. Another reason is that in different countries there are already different laws that regulate and protect the use of Personally Identifiable Information (PII), and they have penalties for these kinds of threats. Compliance to all these regulations is hard and confusing for international organizations. There are already some states in US and EU that are developing stronger protections and have created several penalties for customers’ data loss. Since states are creating regulation systems in independent way, to have to comply with all these laws its costly and it is bringing more work for organizations which need to have resources, specific management structure and control toward this issue. 2
  • 3. As a result, it is more than needed to have international information security standards as a global point of reference to PII protection. The International Organization for Standardization has already published some standards and is intending to have specific standards that will protect PII from different points of view. Code of practice for information security controls known as ISO 27002 is considered one of them. This standard was developed taking into account the controls requirement already contained in ISO 27001. So, ISO 27002 is a technical standard providing a number of requirements and good practices designed to ensure information security of data in general. Personally Identifiable Information PII requires that organizations develop and implement a policy that will protect Personally Identifiable Information. In addition to this, standards such as ISO 29100 Privacy framework and ISO 29101 Privacy framework architecture are developed to provide a higher level framework for the protection of Personally Identifiable Information PII within information and communication technology systems. These standards can be used to design, implement, operate and maintain information and communication technologies system that will enable the protection of PII and will improve organizations’ privacy programs through the use of best practices. The vast amount of data that nowadays is saved in cloud systems have ushered into scope another standard, namely Code of practice for protection of PII or ISO 27018, which requires PII protection at certain functions within the cloud services. This standard is useful for cloud service providers to offer adequate quality and secure cloud services concerning the privacy of data. Furthermore, given the prominence that the issue of privacy security enjoys among customers, the aforementioned standard can facilitate the decision making process of customers when selecting the most feasible option regarding cloud service providers. Compliance with all standards controls will help organizations and will improve their information security system, however in every country such controls implementation depend on national legislation which can impose different obligation and can have different restrictions toward personally identifiable information. This is the reason why every organization should give full attention to have security specialists who are certified on information security and have appropriate knowledge and experience to link data security with company’s goals and to work under the legal and regulatory requirements. Professional Evaluation and Certification Board (PECB) is a personnel certification body on a wide range of professional standards. It offers ISO 27001, ISO 27005, ISO 29100 and ISO 27002, training and certification services for professionals wanting to support organizations on the implementation of these management systems. Regarding privacy PECB offers Certified Lead Privacy Implementer training and certification based on ISO 29100. ISO Standards and Professional Trainings offered by PECB: • Certified Lead Implementer (5 days) • Certified Lead Auditor (5 days) • Certified Foundation (2 days) • ISO Introduction (1 day) Lead Auditor, Lead Implementer and Master are certification schemes accredited by ANSI ISO/IEC 17024. Rreze Halili is the Security, Continuity, Recovery (SCR) Product Manager at PECB. She is in charge of developing and maintaining training courses related to SCR. If you have any questions, please do not hesitate to contact: scr@pecb.org. For further information, please visit www.pecb.org/en/training 3