ISO/IEC 27701 is a Privacy Information Management System (PIMS), outlining requirements and providing guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS).
This new standard is a privacy extension to the renowned ISO/IEC 27001 Information Security Management System, forming the foundation for information security. ISO/IEC 27701 builds further on that foundation to provide a comprehensive set of controls for security and the protection of personal information. As an extension, ISO/IEC 27701 must be implemented alongside an existing ISO/IEC 27001 system or in conjunction with a new ISO/IEC 27001 system.
Why ISO/IEC 27701?
The standard focuses on ‘privacy information management’ and how companies deal with the processing of personal information. For example, you do not want other people or businesses to use your personal information without your permission; this means limiting access to your personal information and keeping it confidential. Having confidence in a business is crucial, and a company that applies a PIMS will gain a good reputation for information security.
ISO/IEC 27701 sets the standard of responsibility for businesses to protect personally identifiable information (PII). The processing of personal information is covered by various legal and regulatory requirements globally. ISO/IEC 27701 can go some way towards demonstrating compliance with privacy regulations worldwide, including the General Data Protection Regulation (EU) 2016/679 (GDPR).
Extension to ISO/IEC 27001:
Additional controls are required over and above those listed in the ISO/IEC27001: 2013 standard, specifically concerning Clause 4 context of the Organisation and Clause 6 Planning. There are also additional requirements over and above those listed in Annex A of ISO/IEC 27001: 2013 (taken from ISO/IEC 27002: 2013) and cover every clause except A17 Information Security Aspects of Business Continuity Management.
Dependent on whether the company is a data controller or data processor would determine the number of additional controls required over and above the requirements detailed in ISO/IEC 27701: 2019.
ISO/IEC 27701 Business Benefits
Almost every business holds PII (personally identifiable information) therefore, any company that processes personal information could benefit from an ISO/IEC 27701 Privacy Information Management System, as it’s designed to help companies protect and regulate the personal information they hold. Additional benefits of an effective ISO/IEC 27701 are vast and can be unique to your specific business, but could include:
- Builds trust in managing personal information
- Provides transparency between stakeholders
- Facilitates effective business agreements
- Clarifies roles and responsibilities
- Supports compliance with privacy regulations including GDPR
- Improves staff competence and establishes processes to avoid breaches
- Can be implemented simultaneously with ISO/IEC 27001
Committed to Quality
Implementing ISO/IEC 27701 demonstrates that your business is serious about protecting personal information and accountable for the process. International Standards provide focus and discipline, and externally you will achieve credibility, authority, and recognition.
Increase confidence by establishing a PIMS; call IMSM today for an informal discussion on how your business can obtain ISO/IEC 27701.
For a free Quotation or Remote presentation by an ISO Specialist, contact us today!
IMSM Ltd Head Office
The Gig House