Clause 5 - PIMS-Specific Requirements (ISO 27001)

Clause 5 specifies the requirements for establishing, implementing, maintaining and continually improving a privacy information management system, extending the ISO IEC 27001 information-security framework with privacy-specific obligations such as risk assessment, data-subject rights, lawful processing and governance controls.