What is it?
This standard is essential for organisations worldwide that are responsible for Personally Identifiable Information and Personal Data. It provides a framework on how to manage and process data and safeguard privacy. ISO 27701 enhances an already implemented ISO 27001 certified information security management system to address privacy requirements and put in place the systems and infrastructure to support compliance to legislation including GDPR.
Implementing a Privacy Information Management System (PIMS) in compliance with the requirements of ISO 27701 will enable organisations to assess, react and reduce risks associated with the collection, maintenance and processing of personal information.
Certification to ISO 27701 does not confirm legal compliance to GDPR however it provides a valuable framework for any company to support their efforts in compliance and the demonstration accountability.
Difference between ISO 27001 and ISO 27701
ISO 27701 is set to be the go to standard for compliance with GDPR regulations, in the same way that ISO 27001 is considered to be the ‘gold standard’ for information security management.
It aligns to GDPR but also allows organisations to use the standard to incorporate other privacy laws, regulations and requirements. This makes it an excellent choice for organisations of all industries and sizes looking to demonstrate their compliance with the ‘accountability’ principle of GDPR.
How to get certified?
If you already have accredited certification to ISO 27001 you will find applying the information risk management principles to personal information fairly straightforward.
The standards require that organisations with certification to ISO 27001 must include privacy management, this means reviewing the organisation’s contextual analysis, risk assessment and control environment to ensure that privacy management is incorporated.
The privacy information management system then needs to be documented. Organisations that are less confident in their GDPR compliance will find ISO 27701 particularly helpful as it provides specific recommendations for actions to comply with the regulation.
We can assess your compliance to ISO 27701 as an addition to your ISO 27001 assessment. We will ensure our approach follows the same method as the standard – looking at one system supporting information security and personal information management.