PRIVACY MATTERS: Managing Personal Information with ISO/IEC 27701

BSI have recently published a whitepaper introducing ISO 27701.

'This new international standard is officially called ISO/IEC 27701 (Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines).

As many organizations have implemented an Information Security Management System (ISMS) based on ISO/IEC 27001 and using the guidance from ISO/IEC 27002, it’s a natural step to provide guidance for the protection of privacy that builds on this strong foundation.

ISO/IEC 27701 is a privacy extension to ISO/IEC 27001 and ISO/IEC 27002 and provides additional guidance for the protection of privacy, which is potentially affected by the collection and processing of personal information.

The design goal is to enhance the existing ISMS with additional requirements in order to establish, implement, maintain and continually improve a Privacy Information Management System (PIMS).

The standard outlines a framework for personally identifiable information (PII) controllers and PII processors to manage privacy controls so that risk to individual privacy rights is reduced.

These additional requirements and guidance are written in such a way that they are practical and usable by organizations of all sizes and cultural environments.' *

If you have any questions in regards to ISO 27701, please contact us.

* BSI whitepaper


ISO 18001 Health and Safety Management System

  • Facebook Social Icon
  • Twitter Social Icon

© 2020 by AKRUP