1. Will you adapt the DPMS based on industry capabilities?
Example: IT security risks of banks are
different from hotels, as such, resources for IT security cannot be matched by other industries. Answer: 2. There was a mention that one ground for termination of accreditation is "conflict of interest". What comprises conflict of interest? Answer: Conflict of interest applies only to certification bodies. i.e. when certifying bodies provide consultation services and they conduct audit also 3. Will the CB be liable if the system it provided trust mark on is subjected to incident/breach? What is the impact in terms of (future) admin fines on the controller? Will there be mitigated / graduated matrix of fines? 4. Q] How's the PPTM certification differs from ISO/IEC 27701? They are almost similar given the ISO standard requirements, If an organization is already ISO/IEC 27701 certified, is there still a need to conduct a certification process for PPTM? Or if it's already certified by ISO/IEC 27701, can it be considered PPTM certified already? YES
5. Also, is ISO/IEC 27701 a prerequisite for PPTM certification?