ISO 27701 Privacy Information Management

What is ISO 27701?

This is a newly established standard to help organisations implement and develop an Information Security around Personally Identifiable Information (PII). It is intended to be used in conjunction with ISO 27001 to specifically address security controls around PII, both for Data Controllers and Processers. This standard provides an additional set of controls to be followed by Data Controllers and Data Processors.

We have ISO 27001, why do we need ISO27701?

To enhance your existing management system established under ISO 27001 is clearly a choice based upon business and customer needs. Whilst ISO 27001 is an excellent standard to prove compliance to information security best practices, its controls are fairly generic and by their nature do not focus in any detail on specific aspects of security. ISO 27701 addresses the gap between the existing controls and the requirements of the latest Data Protection and GDPR requirements.

Essentially, it will enable your business to communicate to the world that you have taken PII security to heart and are working best practice controls to reduce and mitigate risks associated with the non-compliance of data protection laws.

Do we need this if we have BS 10012?

If you already have certification to BS 10012 consideration should be given to transitioning your certification to ISO 27701 as the international standard is more aligned to your existing ISO 27001. Our experience has shown that the step between the two standards is very small and the transition is relatively easy if your management system under BS 10012 is healthy.

How we can help:

Conduct a Gap Analysis – To help establish your strengths and weaknesses.

ISO 27701 Consultant – We have a skilled team of consultants to help you implement a Management System. From London to the UAE, we have experience working internationally across many sectors.

Internal Audits – We can help you to plan and conduct Internal Audits to verify your compliance with ISO 27701.

On-Site support – We can provide support during External Audits carried out by Certification Bodies.

Need assistance with ISO 27701, simply Contact Us.

We also have a short podcast episode about ISO 27701 available to watch Here.

Get Supported >

Want more info on ISO 27701 Privacy Information Management?