What is ISO 27701?
ISO 27701 is an international standard that gives guidance on the protection of privacy.
It is implemented as an extension to ISO 27001, the international standard for information security, by providing additional privacy controls and clause requirements within your ISMS framework.
The standard also lists applicable controls for both PII Controllers and PII Processors. Organisations can be both a controller and a processor of PII.
Applying the additional controls of ISO 27701 can help your organisation create a Privacy Information Management System, or (PIMS).
ISO 27701 can be certified by some ISO certification bodies as an extension to the scope of your ISO 27001 management system.
What are the Benefits of ISO 27701?
Since the General Data Protection Regulations and the revised Data Protection Act 2018, focus on protecting the privacy of personal identifiable information (PII) has increased dramatically, with potential fines higher than ever.
Companies that store or process PII need to demonstrate compliance with privacy laws wherever they operate and this international standard can be used to apply additional controls within your established ISMS framework.
Don’t have an Information Security Management System already?
Take a look at our ISO 27001 to get started.
Other benefits of ISO 27701 include:
- Assisting with your GDPR and Data Protection Act Compliance,
- Assisting with compliance to other Privacy Legislation around the World,
- Building trust with the data subjects whose information you handle,
- Publicly demonstrate your commitment to privacy protection through independent certification.
Our ISO 27701 Consultants can Help
Our ISO 27701 consultants are experienced in information security management and GDPR compliance.We can help you extend your existing ISMS to include the additional privacy controls of ISO 27701, and embed the requirements within your business processes.
Not Sure Where to Start?
A Gap Analysis will review your existing arrangements against ISO 27701 and produce a report which can be used to drive a project plan to fully meet the requirements.
Contact us for more information.
Other Extensions for ISO 27001
There are several other extensions to the ISO 27001 standard including: