ISO 27701 | 6.2.1

Management direction for information security

6.2.1.1 Policies for information security The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 5.1.1 and the following additional guidance applies:

6.2.1.2 Review of the policies for information security The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 5.1.2 applies

LGPD (BRA)

Art.44: The processing of personal data is considered irregular when legislation is not followed or when the security that the data subject can expect is not provided, considering relevant circumstances, including: I – The way the processing was performed; II – The result and the risks that can be reasonably expected from the processing; III – The processing techniques available at the time it was performed. Sole Paragraph. The controller or processor that, when failing to adopt the security measures outlined in Article 46 of this Law, cause damage, will be held responsible for a violation of data security.