Privacy & Risk Management according to ISO/IEC 27557:2022

08 Feb 2023 07:00 AM By Davide Micheli

Reading time: ~ 3 min.

ISO/IEC 27557:2022 the information security, cybersecurity and privacy protection standard

The ISO/IEC 27557:2022 standard on «information security, cybersecurity and privacy protectionapplication of ISO 31000:2018 for organizationl privacy risk management» provides a framework for assessing organizational privacy risk.

It is important to note that this framework takes into consideration the privacy impact as a component of the overall organizational risk and particularly in the way that follows:

  • the organizational consequences of adverse privacy impacts on individuals;
  • the organizational consequences of privacy events that damage the organization itself (e.g. by harming its reputation) without causing any kind of privacy impacts to individuals.

The relationship between the ISO/IEC 27557:2022 and ISO 31000:2018 standards

It is useful to remember that ISO/IEC 27557:2002 standard is based on the «ISO 31000:2018 – Risk Management – Guidelines».

This standard includes some specific considerations for organizational privacy risk and to support the organizations on the implementation of a Privacy Information Management System (PIMS), according to the «ISO/IEC 27701:2019 Security  techniques– Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and guidelines» standard.

The ISO/IEC 27557 standard therefore can be used for integrating risk management and compliance between the privacy requirements set by the EU GPDR and the Swiss FADP (known as LDP and DSG).

It sounds quite interesting but it is a little bit confusing to figure out just considering our brief recap? Let's try to look at things from a different perspective with the help of our steady infographic.

ISO/IEC 27557 standard: the «bridge» to integrate risk management and compliance under EU and Swiss privacy regulations

In order to understand better this kind of scenario where the ISO/IEC 27557 standard can be used for an effective integration of risk management and compliance between the privacy requirements set by the UE GDPR and the Swiss FADP (known as well as LPD and DSG), we can take a look at this infographic:
By Andrea Leonardi (VP @ Minerva Group Service, MP @ Alpemi Consulting & itSMF Swizerland board member).
We end our brief overview on «Privacy & Risk Management according to ISO/IEC 27557:2022 standard» inviting you to stay tuned on our blog, social media channels and newsletter to be always updated on the next news about this topic.

If you want support our effort to bring you the best content quality and sharing value, do not forget to follow us on our LinkedIn page!
If you are interested in this topic, you should consider to attend our Annual IT Service Management Forum Day 2023, as we're going to share the expertise of Digital&Privacy lawyer;ISO, SMS & Data Protection auditor and many other professionals.
More info on our hybrid Annual IT Service Management Forum Day 2023

Need to know more about it?

Click on one of the options below to enter in the itSMF Enviroment and for being updated the way which is best for you.

Subscribe to itSMF Newsletter
Get the benefits of Membership Program

Davide Micheli