ISO 27701 PRIVACY INFORMATION MANAGEMENT SYSTEM
HOW WE CAN HELP
We can guide you through every step of the implementation process ensuring certification.
We can draft any document you may need such as the Scope, Policies, Procedures, Statement of Applicability and all other documentation as required.
We can help you proactively manage, monitor and maintain your privacy information management system (PIMS), ensuring consistent conformity with ISO 27701.
We can provide an internal Information Security training programme or Internal Audit Team training.
We can perform a Risk Assessment and create a Risk Treatment Plan.
We can perform an Internal Audit and as we have extensive experience of ISO 27701 and the audit process, you can gain the assurance you need to ensure you meet your client's and stakeholder's demands.
Builds trust in managing personal information
Provides transparency between stakeholders
Facilitates effective business agreements
Clarifies roles and responsibilities
Supports compliance with privacy regulations
Reduces complexity by integrating with the leading information security standard ISO/IEC 27001
ISO/IEC 27701 is a potential certification mechanism to demonstrate compliance with GDPR.
ISO/IEC 27701 addresses GDPR recommendations, and BSI is anticipating that it could be used as the basis of a certification mechanism (as stipulated by GDPR Article 42).
If used in such a way, it would provide the necessary proof that your organization treats the personal information of its customers in compliance with the law, including for the case of cross-border data flows.
ISO/IEC 27701 is applicable to organizations of all sizes and cultural environments. It is for the collection and processing PII of both employees and customers.
The set of controls being developed extends technical measures for implementing information security to also address privacy requirements and, if implemented by an organization, can assist in demonstrating compliance with data privacy laws such as GDPR.