ISO/IEC 27701 – Privacy Information
ISO/IEC 27701 is a Privacy Information Management System (PIMS), outlining requirements and providing guidance for establishing, implementing, maintaining, and continually improving a privacy information management system.
This new standard is a privacy extension to the renowned ISO/IEC 27001 information security management system, forming the foundation for information security. ISO/IEC 27701 builds further on that foundation to provide a comprehensive set of controls for security and the protection of personal information. As an extension, ISO/IEC 27701 must be implemented alongside an existing ISO/IEC 27001 system or in conjunction with a new ISO/IEC 27001 system.
Why should I choose ISO/IEC 27701 certification?
The standard focuses on ‘privacy information management’ and how companies deal with the processing of personal information. For example, you do not want other people or businesses to use your personal information without your permission; this means limiting access to your personal information and keeping it confidential. Having confidence in a business is crucial, and a company that applies a PIMS will gain a good reputation for information security.
ISO/IEC 27701 sets the standard of responsibility for businesses to protect Personally Identifiable Information (PII). The processing of personal information is covered by various legal and regulatory requirements globally. ISO/IEC 27701 can go some way towards demonstrating compliance with privacy regulations worldwide, including the General Data Protection Regulation (EU) 2016/679 (GDPR).
What are the benefits to ISO/IEC 27701?
Almost every business holds PII (personally identifiable information) therefore, any company that processes personal information could benefit from an ISO/IEC 27701 Privacy Information Management System, as it’s designed to help companies protect and regulate the personal information they hold. Additional benefits of an effective ISO/IEC 27701 are vast and can be unique to your specific business, but could include:
- Builds trust in managing personal information
- Provides transparency between stakeholders
- Facilitates effective business agreements
- Clarifies roles and responsibilities
- Supports compliance with privacy regulations including GDPR
- Improves staff competence and establishes processes to avoid breaches
- Can be implemented simultaneously with ISO/IEC 27001
Extension to ISO/IEC 27001
Additional controls are required over and above those listed in the ISO/IEC 27001 standard, specifically concerning clause 4 context of the organisation and clause 6 planning. There are also additional requirements over and above those listed in Annex A of ISO/IEC 27001 (taken from ISO/IEC 27002) and cover every clause except A17 Information Security Aspects of business continuity management.
Dependent on whether the company is a data controller or data processor would determine the number of additional controls required over and above the requirements detailed in ISO/IEC 27701.
Simple: we make it simple. We have been helping businesses achieve ISO certification since 1995 and have over 150 expert auditors operating around the world. With 15,000+ clients that have trusted us to implement ISOs, we are the experts and will do the heavy lifting, saving your company precious time. With a transparent fixed fee and flexible approach, we work with your business to make the process of gaining ISO/IEC 27701 as straightforward and beneficial as possible.
We strive to do this with our:
• World-class gap analysis
• Experienced and diverse ISO consultants
• Flexible terms and contract
• Fixed fee
• Full implementation
How can ISO specialists help your business?
Getting started with ISO/IEC 27701 certification can seem like a daunting process, which is why many businesses choose to use the help of an ISO consultant. We support and guide your business through certification. Our experienced assessors take the lead on auditing your business, helping you use the results to improve your quality management system. If necessary, there is also plenty of room for training.
ISO/IEC 27701 Blogs
Take a look at our most recent blogs relating to ISO/IEC 27701
What is ISO/IEC 27701, and do I need a privacy extension?
As the digital world transforms before our eyes, so are the ways companies are operating and conducting business.
For a free quotation or remote presentation by an ISO specialist, contact us today.
IMSM Ltd Head Office
The Gig House