Adding value with our service portfolio
Adding value with our service portfolio
ISO 27701 of ISO/IEC 27701 is a Privacy Information Management System (PIMS) standard that is designed to help organisations comply with privacy laws around the world. In recent years, new data protection laws have been introduced in multiple countries that establish requirements for securing and processing Personally Identifiable Information (PII). However, it is not always clear how organisations should comply with these laws. ISO 27701 was introduced in 2019 and provides actionable guidance to help organisations conform to these varied regulations.
ISO/IEC 27701:2019 is an extension of ISO/IEC 27001, the information security management system (ISMS) standard. Where ISO/IEC 27001 sets a standard for secure IT governance in the broadest sense, ISO/IEC 27701 focuses specifically on protecting personal data.
ISO/IEC 27701 is the first standard of its type in the world and is applicable to public and private companies, government entities and not-for-profit organisations. It supports compliance with the EU’s GDPR, but is also applicable to personal data governance laws in all other geographies.
Following several high-profile data breaches, national governments and organisations like the EU have introduced strict new laws around private data protection. These data protection laws aim to protect the PII of citizens, such as their names, addresses, age, bank account details and more.
However, understanding how to apply these regulations to your organisation’s ISMS can be very challenging. Furthermore, for organisations that process customer and employee data in multiple jurisdictions, ensuring compliance with several countries’ data governance laws is complex and time-consuming. ISO/IEC 27701 supports you by providing a standardised way of complying with all these laws.
Benefits of ISO 27701 certification include:
TÜV SÜD’s experienced ISMS teams possess the accreditation and expertise to conduct ISO/IEC 27001 and ISO/IEC 27701 audits across industries. Through our worldwide network of IT governance professionals, we can provide information security certification services no matter where you are. We have an in-depth understanding of the standard and have extensive experience helping organisations implement this kind of IT governance regulation.
Furthermore, TÜV SÜD’s experts actively participate in international standardisation committees and we have a complete understanding of the latest PII regulatory developments around the world. And because we are vendor agnostic, our third-party audits are both impartial and independent, meaning your organisation gains valuable insights from an unbiased expert.
TÜV SÜD has developed an efficient five-step process to support your ISO/IEC 27701 certification:
Complying with new privacy regulations such as the EU’s GDPR, California’s Consumer Privacy Act, India’s Personal Data Protection Bill or Brazil’s General Data Protection Law can be very challenging. However, by becoming ISO/IEC 27701 certified, your organisation can indicate compliance with all these (and similar) requirements.
To find out more about the standard or to begin the ISO/IEC 27701 certification process, contact us today.
No, ISO 27701 does not address GDPR, but it can help any organisation prepare for future GDPR compliance. Together, ISO 27001 and ISO 27701 provide organisations with a way to strengthen their information security management systems and achieve privacy standard certification. While ISO 27001 and ISO 27701 provide a strong foundation for organisations attempting to comply with GDPR requirements, they do not address every aspect of the regulation.
There are three steps to obtaining ISO 27701 certification:
1. You must first hire a qualified certification body to conduct an audit of your company.
2. An assessor will thoroughly audit your organisation once you've accepted athe proposal. During the initial certification audit, the assessor is required to make a mandatory visit. They'll check to see if a fully operational personal information management system has been implemented.
3. The certification body will determine whether your organisation has fulfilled the requirements after the assessor has finished the audit. If the result is favourable, they will issue you a certificate certifying that your business complies with the requirements of the ISO 27701 standard. The certification is valid for the following three years or up until your ISO 27001 certificate expires, whichever occurs first.
If your company does not yet have ISO 27001 certification, you must obtain it first or simultaneously pursue ISO 27001 and ISO 27701 certifications.
ISO 27701 PIMS of ISO/IEC 27701 is a Privacy Information Management System (PIMS certification) standard designed to help organisations comply with privacy laws around the world.
Most small to mid-sized companies can implement ISO 27701 PIMS within 6-12 months based on the size and difficulty of the management system. The process is much less tedious when you approach an ISO 27701 expert. ISO 27701 certification in India can be easily achieved through TÜV SÜD.
ISO/IEC 27701:2019 is an extension of ISO/IEC 27001, the information security management system (ISMS) standard. Where ISO/IEC 27001 sets a standard for secure IT governance in the broadest sense, ISO/IEC 27701 Certification focuses specifically on protecting personal data.
The ISO 27701 standard includes the 114 security controls from Annex A of ISO/IEC 27001 as well as the ISO/IEC 27002 implementation guide. However, ISO/IEC 27701 also contains particular security measures that are specifically related to personally identifiable data and are divided into two categories based on whether the business is acting as a controller or a processor.
Worldwide harmonised data privacy approach
Learn More
Secure your knowledge and information with a systematic approach
Download
Implement robust information security controls to safeguard cloud services
Download now
Reduce overall information security risks by implementing an ISMS
Learn more
Site Selector
Global
Americas
Asia
Europe
Middle East and Africa