ISO 27701 - Privacy information Management

What is ISO 27701?

ISO 27701 focuses on the requirements of the controllers and the processors within the defined controls in ISO 27701. Application of this standard lessens workloads by reducing the need for multiple certifications, whilst complying with global privacy laws.

This standard also provides guidance for organisations establishing, implementing, maintaining and improving their Privacy Information Management System (PIMS).

Once certified, organisations can proudly promote themselves as certificate holders in any of their promotional materials and can include the URS certification logo free of charge.

Who requires an ISO 27701 certification?

Any organisation that collects, stores or processes personally identifiable information (PII) should consider becoming certified for ISO 27701. Applicable sectors include:

• Public/private companies


• Government divisions


• Non-profit organisations

How can ISO 27701 benefit your business?

Becoming certified for ISO 27701 can bring a wide range of benefits to your organisation, including:

• Mitigating risks


• Raising awareness of your employees


• Enhancing customers trust in your organisation


• Creating a structured process for managing personal data privacy

How can you prepare for an ISO 27701 Certification?

Although the thought of starting the certification process may seem daunting, there are a variety of steps you can take to make the process to becoming certified far more streamlined:

 

• Familiarise yourself with the ISO 27701 standard


• Conduct a privacy risk assessment


• Implement privacy controls


• Carry out a gap analysis to highlight areas for improvement

What are the key requirements ISO 27701?

When working towards becoming certified for ISO 27701, there are various areas that will be a focus during the audit. These areas include:

 

• Data protection controls


• Incident response


• Privacy policy development


• Training and awareness

What clauses make up the structure of ISO 27701?

Clauses 1-4 – Introductory clauses:

The first four clauses in ISO 27701 introduce the scope and application of the standard, and highlight the additional standards that are referenced throughout.

Clause 3 in particular plays an important part in defining technical terms that are used in the standard, whilst clause 4 introduces the structure of the document and summarises what is included in each of the standard’s clauses.

Clause 5 – PIMS-specific requirements related to ISO/IEC 27001:

Clause 5 provides PIMS specific requirements that build upon the information security requirements that were set out in ISO/IEC 27001. These additional points of guidance cover the context of the organisation and the means of determining the scope of the ISMS.

Clause 6 – PIMS-specific guidance related to ISO/IE 27002:

Clause 5 outlines the requirements set for top management and leadership that are involved in the lifecycle of the Food safety management system. This clause also provides guidance on creating food safety policies and assigning roles and responsibilities.

Clause 7 - Additional ISO/IEC 27002 guidance for PII controllers:

Clause 7 provides further ISO/IEC 27002 requirements for PII controllers and expands the subclauses regarding collection and processing, obtaining and recording consent, and privacy impact assessments.

Clause 8 – Additional ISO/IEC guidance for PII processors:

Clause 8 focuses on the additional scheme specific requirements for PII processor that have been introduced alongside ISO/IEC 27002. These requirements include collection and processing, customer agreements and marketing and advertising.

How long will your ISO 27701 certificate be valid for?

Your ISO 27701 certificate will be valid for at least three years; dependent on the type of site that is being certified.

Ready to get started? Apply using the quotation link below.