点击上方蓝色字“Sky的安全观”关注我们
>>ISO系列标准解读合集<<
ISO/IEC 27001: 2022 标准详解与实施合集(共42篇)
ISO/IEC 27001: 2013 标准详解与实施合集(共47篇)
ISO/IEC 20000-1: 2018 标准详解与实施合集(共48篇)new!
ISO 22301: 2019 标准详解与实施合集(共38篇)new!
>>更多精彩合集,敬请期待<<
| 4 General 总则/4.4 Customer 顾客 |
| 4.4 Customer 顾客 根据组织(见5.2.1)的角色,“顾客”可以被理解为: a) an organization who has a contract with a PII controller (e.g. the customer of the PII controller); NOTE 1 This can be the case of an organization which is a joint controller. NOTE 2 An individual person in a business to consumer relationship with an organization is referred to as a "PII principal" in this document. b) a PII controller who has a contract with a PII processor (e.g. the customer of the PII processor); or c) a PII processor who has a contract with a subcontractor for PII processing (e.g. the customer of the subcontracted PII sub-processor). NOTE 3 Where “customer” is referred to in Clause 6, the related provisions can be applicable in contexts a), b), or c). NOTE 4 Where “customer” is referred to in Clause 7 and Annex A, the relation provisions are applicable in context a). NOTE 5 Where “customer” is referred to in Clause 8 and Annex B, the relation provisions can be applicable in contexts b) and/or c). |
【标准理解】
(1)本条款主要是对”顾客“的解释和说明,以便能够理解和实施ISO/IEC 27701: 2019 的要求。
(2)”顾客“可以是:与PII控制者签订合同的组织(PII控制者的顾客),与PII处理者签订合同的组织(PII处理者的顾客),与PII处理的分包商签订合同的PII处理者(分包PII的分处理者的顾客)。
(3)要确定组织的顾客类型,首先要确定组织自身的角色,如PII控制者、PII处理者、或者两者都是。
(4)在条款6中,有关对于”顾客“的要求和指南,适用于本条款a)、b)、c)所提到的三种类型的”顾客“。
(5)在条款7和附录A中,有关对于“顾客”的要求和指南,适用于本条款a)所提到的该种类型的”顾客“。
(6)在条款8和附录B中,有关对于“顾客”的要求和指南,适用于b)和/或c)所提到的两种类型的”顾客“。
>>ISO标准过程和文件清单<<
>>更多精彩清单,敬请期待<<
原文始发于微信公众号(Sky的安全观):ISO/IEC 27701: 2019 标准详解与实施(6)4.4 顾客
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论