Self-assessed · sample · ISO/IEC 27701
Initech: ISO/IEC 27701 privacy lens from one AICM run
Privacy on top of the ISMS. Same GRA answers as 27001 and 42001. CSA’s published AICM sheet only grades a handful of controls against 27701, so this report is deliberately thin: silence is not “privacy done.”
Assessed on CSA AICM via the function diagnostic, then rolled through CSA’s AICM→ISO/IEC 27701 crosswalk. Readiness for conversation and planning, not an ISO certification, audit opinion, or measured result.
Executive summary
Initech: CSA’s AICM sheet only grades 2 controls against ISO/IEC 27701 today. Treat this privacy lens as sparse — close DSP/privacy domains with a dedicated PIMS read, not this GRA slice alone. Self-assessed, not certification.
Privacy information management (PIMS) — privacy controls on top of the ISMS.
Controls in this slice
26
Priority (mapped, absent)
0
Attested implemented
1
CSA matrix mapped
2
Matrix: 2 AICM controls carry an explicit 27701 row in the CSA sheet. For a real PIMS climb, pair this with DSP-domain coverage and local privacy law, not GRA alone.
Control register
Expect mostly Unmapped on this GRA slice. That is a property of the CSA mapping density, not a claim that Initech has no privacy work.
| AICM | Title | Gap | Clause refs | Posture | Board line |
|---|---|---|---|---|---|
| GRC-01 | Governance Program Policy and Procedures | Unmapped | n/a | Implemented | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| GRC-02 | Risk Management Program | Unmapped | n/a | Partial | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| GRC-03 | Organizational Policy Reviews | Unmapped | n/a | Absent | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| HRS-15 | AI Acceptable Use | Unmapped | n/a | Partial | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| GRC-15 | Human supervision | Unmapped | n/a | Absent | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| AIS-01 | Application and Interface Security Policy and Procedures | Unmapped | n/a | Partial | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| AIS-04 | Secure Application Development Lifecycle | Unmapped | n/a | Absent | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| AIS-07 | Application Vulnerability Remediation | Unmapped | n/a | Absent | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| TVM-01 | Threat and Vulnerability Management Policy and Procedures | Unmapped | n/a | Partial | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| TVM-03 | Vulnerability Identification | Unmapped | n/a | Absent | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| TVM-08 | Vulnerability Remediation Schedule | Unmapped | n/a | Absent | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| A&A-01 | Audit and Assurance Policy and Procedures | Unmapped | n/a | Partial | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| A&A-02 | Independent Assessments | Unmapped | n/a | Absent | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| A&A-05 | Audit Management Process | Unmapped | n/a | Absent | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| A&A-06 | Remediation | Unmapped | n/a | Absent | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| STA-01 | Supply Chain Risk Management Policies and Procedures | Unmapped | n/a | Partial | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| STA-08 | Supply Chain Inventory | Unmapped | n/a | Partial | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| STA-10 | Supply Chain Risk Management | Unmapped | n/a | Absent | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| STA-13 | Supply Chain Compliance Assessment | Unmapped | n/a | Absent | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| BCR-01 | Business Continuity Management Policy and Procedures | Unmapped | n/a | Absent | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| BCR-02 | Risk Assessment and Impact Analysis | Unmapped | n/a | Absent | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| BCR-08 | Backup | Unmapped | n/a | Partial | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| BCR-06 | Business Continuity Exercises | Unmapped | n/a | Absent | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| IPY-01 | Interoperability and Portability Policy and Procedures | Unmapped | n/a | Absent | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| IPY-03 | Secure Interoperability and Portability Management | Unmapped | n/a | Absent | No CSA AICM→ISO/IEC 27701 mapping on this control id. |
| IPY-04 | Data Portability Contractual Obligations | Unmapped | n/a | Absent | No CSA AICM→ISO/IEC 27701 mapping on this control id. |