DOCUMENT

Certificate

ISO 27701 Privacy Information Management System
Certification> Specific Certification

ISO 27701 Privacy Information Management System

This document specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) as an extension of ISO / IEC 27001 and ISO / IEC 27002 for privacy management within the organization.

ISO 27701 Privacy Information Management System

This document specifies PIMS-related requirements and provides guidance for PII controllers and PII processors with responsibility and accountability for PII processors.
This document applies to organizations of all types and sizes, including PMS controllers and / or PII processors that process PII within an ISMS, including public and private companies, government agencies, and non-profit organizations.

What is ISO 27701?

ISO / IEC 27701: 2019 is a privacy extension for the international information security management standard ISO / IEC 27001 (ISO / IEC 27701 Security techniques - Expansion to ISO / IEC 27001 and ISO / IEC 27002 for privacy information management - Requirements and guidelines).

ISO 27701 specifies requirements - and guides to create, implement, maintain and continually improve a PIMS (privacy information management system).
ISO 27701 is based on the requirements, control objectives and controls of ISO 27001 and includes a series of privacy-specific requirements, control and control objectives.

Why was ISO 27701 developed?

Both the EU GDPR (General Data Protection Regulation) and the British DPA (Data Protection Act) 2018 require organizations to take measures to ensure the confidentiality of the personal data they process.
However, both regulations do not provide much guidance on what these measures should look like.

ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) therefore developed this new standard to provide this guidance.
This standard sets out the requirements within the framework of GDPR and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) for privacy management within the scope of expansion to ISO / IEC 27001 and ISO / IEC 27002. On the other hand, it determines the PIMS related requirements and guides the PII controllers that bear the responsibility and responsibility of PII experts. It also applies to organizations of all types and sizes, including PII controllers and / or PII processors that process PII within an ISMS, including public and private companies, government agencies, and non-profit organizations.

Benefits of ISO / IEC 27701:

  • Provides confidence in the management of personal information
  • Provides transparency among stakeholders
  • Facilitates effective business contracts
  • Explain roles and responsibilities
  • Supports compliance with privacy regulations
  • Integrates with leading information security standard ISO / IEC 27001, reducing complexity

Content of the standard

In the style of the industry-specific ISO / IEC 27001 variant, the ~ 70 page standard focuses on the differences in clauses of the PIMS related 27001 and 27002 standards.

For example:
“ISO / IEC 27001: 2013, 6.1.3.c) has been revised as follows:
The controls set out in 27001 b) of ISO / IEC 2013: 6.1.3 will be compared with those of ISO / IEC 27001: 2013, Annex A and / or Annex B of this document to verify that the required controls are not skipped.

In order to eliminate risks, when assessing the applicability of control objectives and controls in Annex A of ISO / IEC 27001: 2013, control objectives and controls will be considered in the context of both information security risks and risks associated with their processing. Including risks for PII managers. "

This reduces the risk of privacy rights for individuals and organizations by improving an existing Information Security Management System.

This standard is a great way to show clients, external stakeholders and internal stakeholders that effective systems exist to support compliance with GDP and other relevant privacy legislation.

Organizations wishing to obtain ISO 27701 certification to comply with GDPR will either need to have an existing ISO 27001 certificate or apply ISO 27001 and ISO 27701 together as a single application audit. ISO 27701 is a natural expansion to the requirements and guidance set out in ISO 27001.

The ISO 27001 standard provides a framework for an Information Security Management Systems (ISMS) that ensures the continuity of legal compliance as well as the confidentiality, integrity and availability of information. More than 60.000 organizations worldwide have ISO 27001 certified to date and have proven certification as an important part of protecting your most vital assets.

Significant conflict in system and technical requirements between a privacy information management system and an information security system presents a challenging situation for adopting ISO 27001 and ISO 27701.

CERTIFICATION PROCESS

First Evaluation

First, it is determined whether the organization meets the mandatory requirements of the standard and whether to proceed to the next stage.

CERTIFICATION PROCESS

Preparation of Documents

It is checked whether necessary procedures and audits have been developed and your institution's readiness for evaluation is reviewed.

CERTIFICATION PROCESS

Issue of Document

The findings that arise in the first two stages are evaluated and after all corrective actions are reviewed, document preparation is started.

MAKE AN APPLICATION

Specific Certification




Contact Us

To get an appointment, to get more detailed information or to request an evaluation, you can ask us to fill in our form and reach you.

© Copyright 2018 EUROLAB Laboratory Inc. All rights reserved.