ISO 27701 Implementation
ISO 27701: Introducing a Privacy Extension to Your Organisation’s Information Security Management System
ISO 27701 is an international standard that provides guidance and sets out requirements regarding privacy protection for both controllers and processors of personal data. ISO 27701 is the privacy extension to ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Security Controls.
This standard aims to enable organisations to align or integrate their Privacy Information Management System (PIMS) with the requirements of other Management System standards an organisation would already be in-line with.
Possible other standards could be ISO 27001 and ISO 27002 within the context of the organisation, which can harmonise the approach towards adopting best practices for information management.
The scope not only covers organisations acting as controller of processor, it also encompasses all types and sizes of organisations such as public and private, government entities and non-profit organisations processing data within an ISMS.
Keep in mind that a separate and stand-alone ISO 27701 certification cannot be achieved because it is based on the requirements, objectives, and controls of ISO 27001. You should either be ISO 27001 certified, or you can choose to get certified for both the ISO 27701 and ISO 27001 together.
How can your organisation benefit from ISO 27701?
A major benefit from certification is the international recognition your organization will receive. The ISO standard enables you to earn international recognition. As a result, you can grow your operations across the world and maintain your company’s reputation since it reflects that your pratices are aligned with a certified international standard for PIMS. Take note that when your organization is in line with the ISO 27001 standard, you can build a base of ISO 27701, which is an add-on to your organisation’s existing ISO 27001 certification framework.
Another benefit is easier global privacy compliance because you already comply with a standard that holds legal and regulatory requirements. Not only the GDPR, but also other data protection legislations from jurisdictions such as Canada, California, Australia and Brazil, are taken into account. As a result, ISO 27701 has become a global standard. The standard maps GDPR requirements to that organisations can comply with the regulation, which allow you to demonstrate accountability, while managing PII and instill trust and confidence in its stakeholders.
Last but not least, the standard helps to identify and mitigate risks. When you, as an organisation, process (sensitive) personal information about individuals, such as names and addresses or healthcare information, information security risks emerge. A PIMS standard helps to mitigate such risks by setting clear requirements on actions you should take and how you should protect assets and personal data.
CRANIUM Services are recognized by the Flanders Innovation & Entrepreneurship agency. This makes it possible for you as an SME to use the ‘SME Portfolio’ when using our services.
Do you want more information?
Do you want more information on our Privacy solutions, an offer or a commitment-free conversation about your needs?
Reach out through the form below or give us a call: +32 2 310 39 63.