ai · security · skills

Self-assessed · sample · ISO/IEC 27701

Initech: ISO/IEC 27701 privacy lens from one AICM run

Privacy on top of the ISMS. Same GRA answers as 27001 and 42001. CSA’s published AICM sheet only grades a handful of controls against 27701, so this report is deliberately thin: silence is not “privacy done.”

Assessed on CSA AICM via the function diagnostic, then rolled through CSA’s AICM→ISO/IEC 27701 crosswalk. Readiness for conversation and planning, not an ISO certification, audit opinion, or measured result.

Executive summary

Initech: CSA’s AICM sheet only grades 2 controls against ISO/IEC 27701 today. Treat this privacy lens as sparse — close DSP/privacy domains with a dedicated PIMS read, not this GRA slice alone. Self-assessed, not certification.

Privacy information management (PIMS) — privacy controls on top of the ISMS.

Controls in this slice

26

Priority (mapped, absent)

0

Attested implemented

1

CSA matrix mapped

2

Matrix: 2 AICM controls carry an explicit 27701 row in the CSA sheet. For a real PIMS climb, pair this with DSP-domain coverage and local privacy law, not GRA alone.

Control register

Expect mostly Unmapped on this GRA slice. That is a property of the CSA mapping density, not a claim that Initech has no privacy work.

AICMTitleGapClause refsPostureBoard line
GRC-01Governance Program Policy and ProceduresUnmappedn/aImplementedNo CSA AICM→ISO/IEC 27701 mapping on this control id.
GRC-02Risk Management ProgramUnmappedn/aPartialNo CSA AICM→ISO/IEC 27701 mapping on this control id.
GRC-03Organizational Policy ReviewsUnmappedn/aAbsentNo CSA AICM→ISO/IEC 27701 mapping on this control id.
HRS-15AI Acceptable UseUnmappedn/aPartialNo CSA AICM→ISO/IEC 27701 mapping on this control id.
GRC-15Human supervisionUnmappedn/aAbsentNo CSA AICM→ISO/IEC 27701 mapping on this control id.
AIS-01Application and Interface Security Policy and ProceduresUnmappedn/aPartialNo CSA AICM→ISO/IEC 27701 mapping on this control id.
AIS-04Secure Application Development LifecycleUnmappedn/aAbsentNo CSA AICM→ISO/IEC 27701 mapping on this control id.
AIS-07Application Vulnerability RemediationUnmappedn/aAbsentNo CSA AICM→ISO/IEC 27701 mapping on this control id.
TVM-01Threat and Vulnerability Management Policy and ProceduresUnmappedn/aPartialNo CSA AICM→ISO/IEC 27701 mapping on this control id.
TVM-03Vulnerability IdentificationUnmappedn/aAbsentNo CSA AICM→ISO/IEC 27701 mapping on this control id.
TVM-08Vulnerability Remediation ScheduleUnmappedn/aAbsentNo CSA AICM→ISO/IEC 27701 mapping on this control id.
A&A-01Audit and Assurance Policy and ProceduresUnmappedn/aPartialNo CSA AICM→ISO/IEC 27701 mapping on this control id.
A&A-02Independent AssessmentsUnmappedn/aAbsentNo CSA AICM→ISO/IEC 27701 mapping on this control id.
A&A-05Audit Management ProcessUnmappedn/aAbsentNo CSA AICM→ISO/IEC 27701 mapping on this control id.
A&A-06RemediationUnmappedn/aAbsentNo CSA AICM→ISO/IEC 27701 mapping on this control id.
STA-01Supply Chain Risk Management Policies and ProceduresUnmappedn/aPartialNo CSA AICM→ISO/IEC 27701 mapping on this control id.
STA-08Supply Chain InventoryUnmappedn/aPartialNo CSA AICM→ISO/IEC 27701 mapping on this control id.
STA-10Supply Chain Risk ManagementUnmappedn/aAbsentNo CSA AICM→ISO/IEC 27701 mapping on this control id.
STA-13Supply Chain Compliance AssessmentUnmappedn/aAbsentNo CSA AICM→ISO/IEC 27701 mapping on this control id.
BCR-01Business Continuity Management Policy and ProceduresUnmappedn/aAbsentNo CSA AICM→ISO/IEC 27701 mapping on this control id.
BCR-02Risk Assessment and Impact AnalysisUnmappedn/aAbsentNo CSA AICM→ISO/IEC 27701 mapping on this control id.
BCR-08BackupUnmappedn/aPartialNo CSA AICM→ISO/IEC 27701 mapping on this control id.
BCR-06Business Continuity ExercisesUnmappedn/aAbsentNo CSA AICM→ISO/IEC 27701 mapping on this control id.
IPY-01Interoperability and Portability Policy and ProceduresUnmappedn/aAbsentNo CSA AICM→ISO/IEC 27701 mapping on this control id.
IPY-03Secure Interoperability and Portability ManagementUnmappedn/aAbsentNo CSA AICM→ISO/IEC 27701 mapping on this control id.
IPY-04Data Portability Contractual ObligationsUnmappedn/aAbsentNo CSA AICM→ISO/IEC 27701 mapping on this control id.