ISO 27701 Privacy Information Management

What is ISO 27701?

This is a newly established standard to help organisations implement and develop an Information Security around Personally Identifiable Information (PII). It is intended to be used in conjunction with ISO 27001 to specifically address security controls around PII, both for Data Controllers and processors. This standard provides an additional set of controls to be followed by Data Controllers and Data Processors.

We have ISO 27001, why do we need ISO27701?

Enhancing your existing management system established under ISO 27001 is clearly a choice based on business and customer needs. Whilst ISO 27001 is an excellent standard to prove compliance to information security best practices, its controls are fairly generic and by their nature do not focus in any detail on specific aspects of security. ISO 27701 addresses the gap between the existing controls and the requirements of the latest Data Protection and GDPR requirements.

Essentially, it will enable your business to communicate to the world that you have taken PII security to heart and are working on best practice controls to reduce and mitigate risks associated with non-compliance with data protection laws.

Do we need this if we have BS 10012?

If you already have certification to BS 10012 consideration should be given to transitioning your certification to ISO 27701 as the international standard is more aligned to your existing ISO 27001. Our experience has shown that the step between the two standards is very small and the transition is relatively easy if your management system under BS 10012 is healthy.

How we can help:

Blackmores specialise in helping you to implement and maintain your ISO 27701 Privacy Information Management System across London, Hertfordshire and Bedfordshire, and UK-wide. We can also assist with international locations, having experience of working in 27 other countries.

Conduct a Gap Analysis – To help establish your strengths and weaknesses.

ISO 27701 Consultant – We have a skilled team of consultants to help you implement a Management System. From London to the UAE, we have experience working internationally across many sectors.

Internal Audits – We can help you to plan and conduct Internal Audits to verify your compliance with ISO 27701.

On-Site Support – We can provide support during External Audits carried out by Certification Bodies.

Request a quote for Certification – We can send a request for a quote to 3 UKAS certified Certification Bodies on your behalf. This is done free of charge on request.

Need assistance with ISO 27701, simply Contact Us.

We also have a short podcast episode about ISO 27701 available to watch Here.

Get Supported >

Want more info on ISO 27701 Privacy Information Management?