Privacy Information Management System
Privacy Information Management System
ISO 27701 of ISO/IEC 27701 is a Privacy Information Management System (PIMS) standard that is designed to help organisations comply with privacy laws around the world. In recent years, new data protection laws have been introduced in multiple countries that establish requirements for securing and processing Personally Identifiable Information (PII). However, it is not always clear how organisations should comply with these laws. ISO 27701 was introduced in 2019 and provides actionable guidance to help organisations conform to these varied regulations.
ISO/IEC 27701:2019 is an extension of ISO/IEC 27001, the information security management system (ISMS) standard. Where ISO/IEC 27001 sets a standard for secure IT governance in the broadest sense, ISO/IEC 27701 focuses specifically on protecting personal data.
ISO/IEC 27701 is the first standard of its type in the world and is applicable to public and private companies, government entities and not-for-profit organisations. It supports compliance with the EU’s GDPR, but is also applicable to personal data governance laws in all other geographies.
Following several high-profile data breaches, national governments and organisations like the EU have introduced strict new laws around private data protection. These data protection laws aim to protect the PII of citizens, such as their names, addresses, age, bank account details and more.
However, understanding how to apply these regulations to your organisation’s ISMS can be very challenging. Furthermore, for organisations that process customer and employee data in multiple jurisdictions, ensuring compliance with several countries’ data governance laws is complex and time-consuming. ISO/IEC 27701 supports you by providing a standardised way of complying with all these laws.
Benefits of ISO 27701 certification include:
TÜV SÜD’s experienced ISMS teams possess the accreditation and expertise to conduct ISO/IEC 27001 and ISO/IEC 27701 audits across industries. Through our worldwide network of IT governance professionals, we can provide information security certification services no matter where you are. We have an in-depth understanding of the standard and have extensive experience helping organisations implement this kind of IT governance regulation.
Furthermore, TÜV SÜD’s experts actively participate in international standardisation committees and we have a complete understanding of the latest PII regulatory developments around the world. And because we are vendor agnostic, our third-party audits are both impartial and independent, meaning your organisation gains valuable insights from an unbiased expert.
TÜV SÜD has developed an efficient five-step process to support your ISO/IEC 27701 certification:
Complying with new privacy regulations such as the EU’s GDPR, California’s Consumer Privacy Act, India’s Personal Data Protection Bill or Brazil’s General Data Protection Law can be very challenging. However, by becoming ISO/IEC 27701 certified, your organisation can indicate compliance with all these (and similar) requirements.
To find out more about the standard or to begin the ISO/IEC 27701 certification process, contact us today.
ISO 27001 designed a framework for Information Security Management Systems (ISMS) to provide confidentiality. ISO 27701 is an extension of the ISO/IEC 27001 standard, and it provides the requirements for General Data Protection Regulation (GDPR). ISO 27701 focuses on privacy and defines a framework for Privacy Information Management System (PIMS). It manages privacy with processors and controllers for personally identifiable information.
Yes, ISO 27701 can be achieved by any organisation regardless of its size or sector or ownership. Government, private, non-profit sectors can get ISO 27701 certified. It serves as a valuable framework for organisations to comply with privacy legislation.
No. ISO/IEC 27001 is a pre-requisite for ISO 27701 as it serves as an extension of the ISO 27001 standard.
The 114 security controls of ISO 27701 are part of Annex A of ISO 27001. ISO 27701 also defines guidelines to implement these controls. They include mapping to:
○ ISO 29100 (Information technology – Security techniques – Privacy framework);
○ ISO 29151 (Information technology – Security techniques – Code of practice for personally identifiable information protection); and
○ ISO 27018 (Information technology – Security techniques – Code of practice to protect personally identifiable information (PII) in public clouds acting as PII processors).
The ISO 27701 standard focuses on the protection of Personally Identifiable Information (PII). The PIMS definition allows organisations to comply with privacy regulations around the world.
There are 5 simple steps to your ISO 27001 certification with TÜV SÜD. They are:
Readiness audit: TÜV SÜD evaluates your documentation and company records
On-site audit: TÜV SÜD reviews the compliance of your actual activities to ISO 27701 requirements and company records.
Close the gap: Your organisation identifies and implements measures to correct the root cause of any non-conformances identified by the audit.
Certification issuance: TÜV SÜD issues the ISO 27701 certification and certification mark
Surveillance audits: Annual audit required to maintain certification validity
The ISO 27701 standard is necessary to prove compliance and data privacy. Any business dealing with Personally Identifiable Information (PII) can benefit from an ISO 27701 PIMS (Privacy Information Management System) certification. The ISO 27701 audit offers a global, risk-based approach to privacy protection as a part of information security. The scale of the company and its type do not change the necessity of the certification.
The ISO 27701 PIMS certification overlaps with GDPR. The certification can help businesses demonstrate to customers, outside organisations, and internal stakeholders that a company has ISMS safeguards to protect data and comply with GDPR. An organisation can adapt the ISO 27701 operational checklists to display effective compliance with GDPR.
Learn More
Learn More
Worldwide harmonised data privacy approach
Learn More
ISO/IEC 27001: With an Information Security Management System (ISMS) certified by TÜV SÜD, clients worldwide entrust Voith with their data.
Learn more
Reduce overall information security risks by implementing an ISMS
Learn more
Learn More
Site Selector
Global
Americas
Asia
Europe
Middle East and Africa