Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Inventory and documentation of data processing agreements

Critical
High
Normal
Low

The processors of personal data (e.g. providers of data systems, other partners using our employee or customer data) and the agreements related to the processing of personal data have been documented. The documentation includes e.g.:

  • Processor name and location
  • Purpose of processing data
  • Status of agreement
Connected other frameworks and requirements:
28. Processor
GDPR
13.2.2: Agreements on information transfer
ISO 27001
15.1.2: Addressing security within supplier agreements
ISO 27001
A.8.2.4: Infringing instruction
ISO 27701
5.14: Information transfer
ISO 27001

Evaluation of data processing agreement for important data processors

Critical
High
Normal
Low

Data processing agreements bind the actions of a personal data processing partner.

It can be important for us to require an important partner to take care of e.g. ensuring the confidentiality requirements for its personnel and restricting the use of other processors of personal data in connection with our data.

Connected other frameworks and requirements:
28. Processor
GDPR
15.1.2: Addressing security within supplier agreements
ISO 27001
5.20: Addressing information security within supplier agreements
ISO 27001
No items found.