...
Any personal information will need to have a nominated Information Asset Owner responsible for the ongoing due diligence required through the entire lifecycle of the information, for example, the assurance of information retention policies.
Any specific security controls such as access control mechanisms, encryption, and other security controls will need to be transitioned to the relevant parties for ongoing management.
Any residual risk will need to be transferred to the relevant BAU department to ensure ongoing monitoring and continual acceptance and/or mitigation.
ISO 27001 Certification
PKB is ISO27001 compliant and the certificate is held by Google because all data is hosted within Google Cloud Platform (GCP) data centers (with the scope of certification including the physical security of the data centres). Further details can be found here.
...