ISO 20000-1:2018 Transition Free Practice Test — 30 Questions

Question 1

InnovTech Solutions, a multinational corporation specializing in cloud computing services, is expanding its operations globally and aims to achieve ISO 27701 certification to demonstrate its commitment to data privacy and compliance with GDPR. The company already possesses an ISO 27001-certified Information Security Management System (ISMS). As the newly appointed Data Protection Officer (DPO), Aisha is tasked with leading the integration of ISO 27701 (Privacy Information Management System - PIMS) with the existing ISO 27001 framework. Aisha understands that a critical initial step involves defining the scope of the PIMS.

Considering InnovTech\'s global presence, its diverse range of cloud services, and the complex landscape of international data protection laws, what comprehensive approach should Aisha prioritize to determine the scope of the PIMS effectively, ensuring it aligns with both ISO 27701 requirements and InnovTech\'s strategic objectives? The approach must consider the organizational context, stakeholder expectations, and legal compliance requirements.

Accepted Answer

Conduct a thorough review of InnovTech's organizational context, including internal and external issues affecting data privacy, perform a detailed stakeholder analysis to identify all relevant parties and their expectations regarding privacy, and define the PIMS scope based on these findings, ensuring alignment with ISO 27701 and applicable data protection laws such as GDPR.

Question 2

Globex Enterprises, a multinational corporation specializing in data analytics, is currently certified under ISO 27001:2013. The board has mandated a transition to ISO 27701:2019 to enhance its privacy management practices, particularly in light of increasing scrutiny from regulatory bodies like the European Data Protection Supervisor (EDPS) and the California Privacy Protection Agency (CPPA). The current ISMS primarily focuses on information security concerning confidentiality, integrity, and availability of data. Given the need to integrate privacy considerations, what is the MOST critical initial step Globex Enterprises should undertake to effectively transition its ISMS to a PIMS compliant with ISO 27701:2019, considering the existing ISO 27001 framework and the need to address global privacy regulations?

Accepted Answer

Conduct a Data Protection Impact Assessment (DPIA) to identify and assess privacy risks associated with the processing of Personally Identifiable Information (PII), and then modify existing ISO 27001 controls and introduce new ones based on the DPIA outcomes, aligned with GDPR and other relevant privacy laws.

Question 3

GlobalTech Solutions, a multinational corporation with operations spanning across Europe, Asia, and North America, is in the process of implementing ISO 27701:2019 to enhance its data privacy management practices. The company processes a wide range of personal data, including employee information, customer data, and supplier details. As the newly appointed Data Protection Officer (DPO), Aaliyah Khan is tasked with defining the scope of the Privacy Information Management System (PIMS). Considering the organization\'s global presence, diverse data processing activities, and the need to comply with various data protection regulations such as GDPR, CCPA, and other local laws, which of the following approaches would be the MOST appropriate for Aaliyah to define the scope of the PIMS effectively? This approach must ensure comprehensive coverage, alignment with business objectives, and compliance with all relevant legal and regulatory requirements.

Accepted Answer

Conduct a comprehensive analysis of the organizational context, including internal and external issues, stakeholder identification and analysis, and alignment with the organization's strategic objectives, documenting the scope clearly and communicating it to all relevant parties.

Question 4

TechSolutions Inc., a global IT service provider, is transitioning its service management system to ISO 20000-1:2018. Recognizing the increasing importance of data privacy, the CIO, Anya Sharma, wants to integrate ISO 27701:2019 to enhance their service management system with robust privacy controls. Anya tasks the service management team, led by Ben Carter, with developing a comprehensive plan for this integration. Ben\'s team needs to ensure that the integration not only aligns with the existing ISO 20000-1:2018 framework but also addresses the specific requirements of ISO 27701:2019, including compliance with GDPR and other relevant data protection laws. What is the most effective initial step for Ben\'s team to take to ensure a successful integration of ISO 27701:2019 into their ISO 20000-1:2018 service management system?

Accepted Answer

Conduct a thorough assessment of the organization's context, identify relevant stakeholders, and define the scope of the Privacy Information Management System (PIMS), ensuring alignment with the existing service management system.

Question 5

Innovision Tech, a multinational corporation specializing in AI-driven marketing solutions, is expanding its operations into the European Union. As part of their strategic move, the board of directors has mandated the implementation of ISO 27701:2019 to ensure compliance with GDPR and build trust with European clients. Dr. Anya Sharma, the newly appointed Chief Privacy Officer, is tasked with leading the transition. She needs to first establish a robust framework for privacy information management.

Given the complexities of Innovision Tech\'s global operations and the stringent requirements of GDPR, which of the following initial steps should Dr. Sharma prioritize to lay a solid foundation for the ISO 27701:2019 implementation, ensuring that the PIMS is aligned with both the organization\'s strategic goals and the legal landscape of the EU?

Accepted Answer

Conduct a comprehensive stakeholder analysis to identify the needs and expectations of all relevant parties, including customers, employees, regulators, and business partners, and define the scope of the PIMS based on the organizational context and stakeholder requirements, also establish a privacy policy that reflects the organization's commitment to privacy and data protection.

Question 6

\"Globex Corp, a multinational advertising firm headquartered in Switzerland, has recently implemented ISO 27701:2019 to enhance its data privacy practices. As part of its global operations, Globex processes personal data of millions of individuals across various jurisdictions, including the EU and California. A data subject, Ms. Anya Sharma, residing in Berlin, submits a formal request to Globex, exercising her right to erasure (\"right to be forgotten\") under GDPR, concerning all her personal data held by the company. Ms. Sharma has been a client of Globex for five years, and her data is stored across multiple systems, including CRM, marketing automation platforms, and cloud storage. Considering the requirements of ISO 27701:2019 and GDPR, what is the MOST appropriate first course of action for Globex Corp upon receiving Ms. Sharma\'s request?\"

Accepted Answer

Verify Ms. Sharma's identity to ensure she is the data subject and then assess the validity of the request based on GDPR and Globex's data processing activities.

Question 7

Innovate Solutions, a rapidly growing cloud-based service provider headquartered in the United States, currently holds ISO 27001 certification for its Information Security Management System (ISMS). The company is now expanding its operations to include offering services to clients within the European Union, making them subject to the General Data Protection Regulation (GDPR). The CEO, Anya Sharma, recognizes the need to address privacy requirements systematically. While the company has consulted with legal counsel on GDPR, Anya wants to implement a management system that integrates privacy considerations into their existing processes and demonstrates ongoing compliance. Which of the following actions would be the MOST appropriate initial step for Innovate Solutions to take in order to achieve comprehensive GDPR compliance and demonstrate a commitment to privacy management?

Accepted Answer

Implement ISO 27701 as a Privacy Information Management System (PIMS) to extend their existing ISO 27001 certification and address GDPR requirements systematically.

Question 8

\"Globex Innovations,\" a multinational corporation specializing in AI-driven healthcare solutions, is transitioning to ISO 27701:2019 to enhance its data privacy practices and comply with GDPR across its global operations. As the newly appointed Data Protection Officer (DPO), Anya Petrova is tasked with establishing a Privacy Information Management System (PIMS) integrated with the existing ISO 27001 certified Information Security Management System (ISMS). Anya is currently working to define the context of the organization as it relates to privacy. She understands the need to go beyond the standard ISMS context to fully address privacy concerns. What is the MOST critical reason for Anya to conduct a comprehensive stakeholder analysis as part of defining the context of the organization for the PIMS implementation?

Accepted Answer

Stakeholder analysis informs the scope definition, risk assessment, and alignment with strategic objectives, ensuring the PIMS effectively addresses privacy risks and meets stakeholder expectations.

Question 9

\"SecureData Solutions,\" a cloud storage provider, is reviewing its data processing practices as part of its ISO 27701:2019 implementation. They discover that they are collecting and retaining a large amount of personal data that is not strictly necessary for providing their cloud storage services. Which action is MOST important for SecureData Solutions to take to align with data protection principles and minimize privacy risks? SecureData needs to reduce its data footprint. What should SecureData prioritize?

Accepted Answer

Implement the principle of data minimization by reviewing data collection practices, limiting the collection of personal data to what is strictly necessary for providing cloud storage services, and deleting or anonymizing unnecessary data.

Question 10

\"GlobalTech Innovations,\" a multinational technology firm, is implementing ISO 27701:2019 to enhance its privacy information management. As part of this implementation, Chief Information Officer, Kenji Tanaka, needs to define the scope of the Privacy Information Management System (PIMS). GlobalTech operates in multiple countries with varying data protection laws, including the EU (GDPR), California (CCPA), and Brazil (LGPD). The company processes personal data for various purposes, including marketing, customer support, and research and development. Which of the following approaches is MOST comprehensive for Kenji to define the scope of the PIMS effectively?

Accepted Answer

Define the scope based solely on the geographical location of the company's headquarters, assuming that compliance with the data protection laws of the headquarters' location will suffice for all global operations.

Question 11

\"MediCorp Solutions,\" a healthcare provider, is certified to ISO 20000-1:2018 and has implemented ISO 27701:2019 to manage patient data privacy. Following a recent ransomware attack, MediCorp discovered that sensitive patient records were potentially accessed by unauthorized individuals. The company\'s incident response plan outlines a detailed procedure for containment, investigation, and notification. However, the plan lacks specific guidance on determining the threshold for notifying affected patients and regulatory authorities. As the Data Protection Officer, Javier Rodriguez is responsible for ensuring compliance with data breach notification requirements. Which of the following actions is MOST critical for Javier to take immediately to address the gap in MediCorp\'s incident response plan and ensure compliance with ISO 27701:2019 and relevant data protection regulations?

Accepted Answer

Establish clear criteria and thresholds for determining when a data breach requires notification to affected patients and regulatory authorities, considering the sensitivity of the data compromised, the potential harm to individuals, and the applicable legal and regulatory requirements.

Question 12

\"Innovate Solutions,\" a multinational software development company already certified to ISO 27001, is expanding its operations into the European Union, where it will be processing significant amounts of personal data of EU citizens. The company\'s leadership recognizes the need to comply with GDPR and decides to implement ISO 27701 to establish a Privacy Information Management System (PIMS). Considering their existing ISO 27001 certification and the need to efficiently integrate privacy management into their current information security framework, what is the most appropriate initial action for \"Innovate Solutions\" to undertake as they begin their ISO 27701 implementation journey? The company seeks to minimize disruption and leverage its existing ISMS.

Accepted Answer

Conduct a gap analysis between their existing ISO 27001 ISMS and the requirements of ISO 27701 to identify necessary enhancements for privacy management.

Question 13

GlobalTech Solutions, a multinational corporation with offices in Europe and California, is implementing ISO 27701:2019 to manage its privacy information. The company processes personal data of EU citizens and California residents. A significant data breach occurs, affecting both groups. Under GDPR, data breaches that pose a risk to individuals must be reported to supervisory authorities within 72 hours. CCPA, while focusing on consumer rights and potential litigation, does not stipulate a specific timeframe for reporting breaches to a supervisory authority, but emphasizes consumer notification. Considering these differing legal requirements and the principles of ISO 27701, what is the MOST appropriate course of action for GlobalTech Solutions regarding data breach notification?

Accepted Answer

Establish a harmonized incident response plan that adheres to the GDPR's 72-hour notification requirement for all data breaches, regardless of the location of affected data subjects.

Question 14

\"DataSecure Inc.,\" a cloud storage provider, is implementing ISO 27701:2019 to enhance its privacy management practices. Which of the following documentation and record-keeping practices is most critical for DataSecure Inc. to establish and maintain as part of its PIMS?

Accepted Answer

Maintaining detailed records of all processing activities, including the categories of personal data processed, the purposes of the processing, the recipients of the data, and the retention periods, along with audit trails and logs that capture information about data access, modifications, and security events.

Question 15

Innovate Solutions, a rapidly expanding SaaS provider, is implementing ISO 27701:2019 to bolster its Privacy Information Management System (PIMS). They\'ve identified several key stakeholders: their customers (enterprises using their SaaS platform), their employees (developers, sales, and support staff handling customer data), and various regulatory bodies (overseeing data protection compliance in regions where they operate). As the newly appointed Data Protection Officer, Aaliyah is tasked with defining the scope of the PIMS. Which approach would be most effective for Aaliyah to define the scope of Innovate Solutions\' PIMS, ensuring it aligns with ISO 27701:2019 requirements and adequately addresses the needs of all identified stakeholders?

Accepted Answer

Define the scope of the PIMS based on a comprehensive stakeholder analysis that considers the needs and expectations of customers, employees, and regulatory bodies.

Question 16

InnovTech Solutions, a multinational corporation specializing in cloud computing services, is expanding its operations globally and aims to achieve ISO 27701 certification to demonstrate its commitment to data privacy and compliance with GDPR. The company already possesses an ISO 27001-certified Information Security Management System (ISMS). As the newly appointed Data Protection Officer (DPO), Aisha is tasked with leading the integration of ISO 27701 (Privacy Information Management System - PIMS) with the existing ISO 27001 framework. Aisha understands that a critical initial step involves defining the scope of the PIMS.

Considering InnovTech\'s global presence, its diverse range of cloud services, and the complex landscape of international data protection laws, what comprehensive approach should Aisha prioritize to determine the scope of the PIMS effectively, ensuring it aligns with both ISO 27701 requirements and InnovTech\'s strategic objectives? The approach must consider the organizational context, stakeholder expectations, and legal compliance requirements.

Accepted Answer

Conduct a thorough analysis of InnovTech's organizational context, including its strategic objectives, stakeholder expectations, and GDPR requirements, to develop SMART privacy objectives that are integrated into the existing ISO 27001 framework.

Question 17

GlobalTech Solutions, a multinational corporation with offices in the EU, California, and Brazil, is implementing ISO 27701 to enhance its data privacy practices. The company already has an established ISO 27001 Information Security Management System (ISMS). During the initial planning phase for the Privacy Information Management System (PIMS), the project team faces the challenge of defining the scope of the PIMS. Considering the complexities of operating in multiple jurisdictions with varying privacy regulations (GDPR, CCPA, LGPD), a diverse range of stakeholders (customers, employees, regulatory bodies), and the existing ISMS, what is the MOST effective approach for GlobalTech to determine the scope of its PIMS?

Accepted Answer

Conduct a comprehensive analysis of the organization's context, including internal and external issues, stakeholder identification, applicable legal and regulatory requirements, and integrate it with the existing ISO 27001 ISMS to avoid duplication and ensure consistency.

Question 18

Stellar Solutions, an e-commerce company specializing in personalized gift items, has implemented ISO 27701:2019 to manage privacy within its operations. Initially, customer data collected includes name, address, email, and purchase history, primarily used for order fulfillment and basic customer service inquiries. The marketing department proposes leveraging this existing customer data to create highly personalized marketing campaigns, targeting customers with specific product recommendations based on their past purchases and browsing behavior. Additionally, they suggest collecting further data, such as social media handles and browsing habits on the Stellar Solutions website, to enhance the personalization efforts. However, the data protection officer (DPO) raises concerns about potential violations of data protection principles. What course of action should Stellar Solutions take to align with ISO 27701:2019 and ensure compliance with data protection principles, particularly regarding purpose limitation and data minimization?

Accepted Answer

Restrict the use of existing data to its original purpose, obtain explicit consent for personalized marketing, and cease the collection of unnecessary data like social media handles and browsing habits.

Question 19

GlobalTech Solutions, a multinational corporation with offices in both the European Union and California, is transitioning to ISO 27701:2019 to enhance its Privacy Information Management System (PIMS). The company processes personal data of its employees and customers across various jurisdictions, making it subject to both GDPR and CCPA. As the newly appointed Data Protection Officer (DPO), Aaliyah Khan is tasked with ensuring that GlobalTech\'s PIMS effectively integrates and complies with these diverse legal and regulatory requirements while adhering to ISO 27701 standards. Aaliyah needs to present a strategic approach to the executive management team outlining the initial steps required to ensure a compliant and effective PIMS. What should be the first strategic action recommended by Aaliyah to ensure GlobalTech’s PIMS effectively integrates and complies with GDPR, CCPA, and ISO 27701 requirements?

Accepted Answer

Conduct a comprehensive gap analysis to align existing privacy practices with the requirements of ISO 27701, GDPR, and CCPA, followed by the implementation of necessary controls and procedures.

Question 20

Stellaris Technologies, a leading AI research firm based in Berlin, is developing a new facial recognition system for secure building access. Given the sensitive nature of biometric data and the potential for high risk to individual privacy, the Data Protection Officer (DPO), Klaus Schmidt, recognizes the need for a Data Protection Impact Assessment (DPIA). What primary objectives should Klaus prioritize when conducting this DPIA to ensure Stellaris complies with GDPR and minimizes potential privacy risks associated with the facial recognition system?

Accepted Answer

Identify and assess the potential privacy risks associated with the facial recognition system, determine appropriate measures to mitigate those risks, and ensure compliance with GDPR and other relevant data protection laws before deployment.

Question 21

\"Secure Bank\", a financial institution, is implementing a new customer relationship management (CRM) system. The project manager, Fatima Khan, is aware of the data minimization principle and wants to ensure that the CRM system complies with this principle. Which approach BEST demonstrates adherence to the data minimization principle in this scenario?

Accepted Answer

Collecting and processing only the personal data that is strictly necessary for providing banking services and complying with legal obligations, avoiding the collection of unnecessary or irrelevant data.

Question 22

\"TechSolutions Inc.\", a global IT service provider, has successfully implemented ISO 27001 and is now transitioning to ISO 27701 to enhance its data privacy practices and comply with GDPR. As the lead internal auditor, you are tasked with revising the existing internal audit program to accommodate the requirements of the new Privacy Information Management System (PIMS). The current audit program primarily focuses on information security controls. What is the MOST critical adjustment you must make to the existing internal audit program to ensure it effectively assesses the integrated ISMS and PIMS?

Accepted Answer

Expanding the audit scope to include evaluation of data processing activities' lawfulness, fairness, and transparency, adherence to data protection principles (purpose limitation, data minimization), handling of data subject rights requests, DPIAs, and incident response for data breaches, while also ensuring the audit criteria include ISO 27701 requirements and relevant data protection laws, and providing auditors with training on privacy regulations and PIMS auditing techniques.

Question 23

\"EcoEnergy Corp,\" a renewable energy company, is implementing ISO 27701:2019 to manage the privacy of personal data collected from its customers and employees. As part of the planning phase, the Privacy Manager, Kenji Tanaka, is tasked with conducting a privacy risk assessment and setting privacy objectives. Kenji is considering different approaches to ensure that the planning process is effective and aligned with the requirements of ISO 27701:2019. Which of the following approaches would BEST demonstrate effective planning for PIMS in accordance with ISO 27701:2019?

Accepted Answer

Conducting a comprehensive privacy risk assessment using a recognized methodology, setting SMART privacy objectives aligned with business goals, and developing detailed plans with allocated resources and timelines to achieve those objectives.

Question 24

\"CyberSafe Solutions,\" a multinational corporation already certified to ISO 27001:2013, seeks to achieve ISO 27701:2019 certification to demonstrate enhanced privacy management to its European clients and comply with GDPR. As the lead consultant guiding their transition, you are tasked with emphasizing the most critical sections of ISO 27701:2019 that directly extend their existing ISO 27001 framework into a fully functional Privacy Information Management System (PIMS). Considering the primary goal of aligning their information security management system with privacy requirements, which sections of ISO 27701:2019 should you prioritize during the initial implementation phase to ensure a robust and compliant PIMS? The focus is on actionable requirements and guidelines for extending existing controls.

Accepted Answer

Annex A and Annex B, detailing the ISO 27001-related PIMS requirements and ISO 27002-related PIMS guidelines, respectively.

Question 25

"FinTech Innovations," a financial technology company based in Singapore, is seeking ISO 27701:2019 certification to demonstrate its commitment to data privacy. A customer, Mr. Kenji Tanaka, requests to exercise his right to data portability, wanting to transfer his financial transaction history to a competing service provider.

Which action should "FinTech Innovations" take to BEST facilitate Mr. Tanaka\'s right to data portability, according to ISO 27701:2019 and relevant data protection principles?

Accepted Answer

Providing Mr. Tanaka with his personal data in a structured, commonly used, and machine-readable format to enable him to transmit it to another organization

Question 26

GlobalTech Solutions, a multinational corporation headquartered in a country with GDPR-equivalent data protection laws, has a subsidiary operating in a region with significantly less stringent privacy regulations. The company is implementing ISO 27701:2019 to manage privacy information across its global operations. To ensure consistent data protection standards and avoid potential compliance issues, which of the following actions should GlobalTech Solutions prioritize when establishing its Privacy Information Management System (PIMS) across both its headquarters and its subsidiary? Consider the varying legal requirements and the need for a unified approach to data privacy management. The goal is to implement a robust system that addresses both the stricter regulations at the headquarters and the more lenient regulations at the subsidiary, ensuring that all data processing activities adhere to a high standard of privacy protection. How should GlobalTech balance these differing requirements while maintaining operational efficiency and global consistency?

Accepted Answer

Establish a PIMS based on ISO 27701:2019, tailored to meet the stricter GDPR-like requirements at the headquarters, and apply these standards uniformly across the entire organization, including the subsidiary.

Question 27

Global Solutions Inc., a multinational corporation headquartered in the United States, is expanding its operations into the European Union. The company currently holds ISO 27001 certification for its Information Security Management System (ISMS). With the expansion, Global Solutions Inc. now falls under the jurisdiction of the General Data Protection Regulation (GDPR). The Chief Information Officer (CIO), Anya Sharma, is tasked with ensuring the company\'s compliance with GDPR while minimizing disruption to existing operations and maximizing efficiency. Anya understands that they need to implement a robust Privacy Information Management System (PIMS). Considering the existing ISO 27001 certification and the requirements of GDPR, which of the following approaches would be the most effective and efficient way for Global Solutions Inc. to integrate privacy management practices into its existing framework? Anya must consider the need for a structured approach, minimal disruption, and comprehensive compliance.

Accepted Answer

Implement ISO 27701:2019 and integrate it with the existing ISO 27001 certified ISMS to establish a comprehensive Privacy Information Management System (PIMS).

Question 28

Innovate Solutions, a rapidly growing tech company based in the United States, is expanding its operations into the European Union. As a result, they are now subject to the General Data Protection Regulation (GDPR). Concurrently, the company is implementing ISO 27701:2019 to establish a Privacy Information Management System (PIMS). CEO, Anya Sharma, tasks her compliance team with ensuring both GDPR compliance and effective utilization of ISO 27701. The team lead, Ben Carter, proposes several approaches. Considering that GDPR is a legal requirement and ISO 27701 is a standard providing a framework for PIMS, which of the following actions represents the MOST effective strategy for Innovate Solutions to ensure compliance and leverage the benefits of ISO 27701 in this transition?

Accepted Answer

Use ISO 27701 as a framework to guide the implementation of GDPR requirements, ensuring all necessary legal obligations are met and documented within the PIMS.

Question 29

Innovate Solutions, a software development company certified to ISO 27001, is developing a new health-tracking application and is now integrating ISO 27701:2019 to manage privacy information. The application will collect sensitive personal data, including heart rate, sleep patterns, and activity levels. During the initial project planning, the project manager, Anya Sharma, recognizes the need to address privacy concerns proactively. Considering the principles of privacy by design and by default, and the requirements of ISO 27701:2019, which of the following actions should Anya prioritize to ensure compliance and effectively manage privacy risks associated with the new application? The company is based in the EU and therefore subject to GDPR. The application will be used globally.

Accepted Answer

Conduct a comprehensive Data Protection Impact Assessment (DPIA) early in the project lifecycle, specifically addressing risks to individuals' privacy, and implement measures to mitigate those risks, ensuring the application is designed with privacy as a fundamental principle from the outset, including procedures for handling data subject rights requests.

Question 30

EcoSolutions, a multinational corporation specializing in renewable energy solutions, is implementing ISO 27701:2019 to enhance its privacy management practices. As part of the initial phase, the newly appointed PIMS Manager, Anya Sharma, is tasked with defining the scope of the PIMS. EcoSolutions operates in various countries with differing data protection regulations, including GDPR in Europe, CCPA in California, and LGPD in Brazil. The company processes personal data related to its employees, customers, and research participants. EcoSolutions faces internal challenges such as limited awareness of privacy regulations among its staff and a decentralized IT infrastructure. Externally, the company is subject to increasing scrutiny from environmental advocacy groups regarding the use of personal data in its marketing campaigns. Anya must define the scope of the PIMS, considering these internal and external factors, and stakeholder needs. Which of the following approaches would be most effective for Anya to define the scope of the PIMS?

Accepted Answer

Conduct a comprehensive analysis of internal organizational structure, relevant data protection laws (GDPR, CCPA, LGPD), stakeholder expectations, and existing IT infrastructure to determine the boundaries and applicability of the PIMS.

ISO 20000-1:2018 Transition Free Practice Test — 30 Questions

A lot more is already mapped out

About the ISO 20000-1:2018 Transition Certification