Microsoft ISO 27k Mapping

@william.bello from Zagreb in Croatia (one of our partners there) sent us the following over email:

image1994×496 89.7 KB

url: Data Protection Mapping Project

the app is very simple but i have to say i love this type of projects in particular if it comes from Microsoft , i think is really positive. Paying for this sort of things is very 90’s …

The Project aims to make the link between ISO/IEC 27001 and data protection regulatory requirements comprehensible to privacy professionals. It seeks to continuously improve and expand the data map between ISO/IEC 27701 and data protection laws and regulations, especially that of regulatory requirements. Initial mapping data is based on existing mapping between ISO/IEC 27701 and GDPR, and additional mappings were prepared by outside counsel for Microsoft between ISO/IEC 27701 and regulations from Australia, California, Canada, Brazil, Hong Kong, Singapore, South Korea, and Turkey.

Scenario that I found usefull is when I want to map controls to ISO27K and GDPR in eramba. For example: Art.15 GDPR require that controller establish procedures to fulfill data subject right to access his/hers data. This tool tells me that I could map this requirement to ISO27001 7.3.2., 7.3.8, 7.3.9, 7.5.1, 7.5.2, 8.3.1, etc. Fow someone that already has ISO27K implemented, that makes GDPR (CCPA or other) compliance a snap.

glad it helps, we find microsoft open initiative more important than the mappings shared tough. in our experience mappings must be taken with a pinch of salt !

mapping Implementation guides/issues: https://docs.google.com/document/d/1N9DehnWjlCW4azkYhrLwSbWOAhgktj06PRrs3-ehYfk/edit#heading=h.8fu2f0mv9f0l

eramba mappings feature: https://docs.google.com/document/d/1N9DehnWjlCW4azkYhrLwSbWOAhgktj06PRrs3-ehYfk/edit#heading=h.segbsvlom2zt

eramba opensourcegrc.org database: Feature - opensourcegrc.org (wikipedia of grc)