HOW WE CAN HELP
Implementation
​
We can guide you through every step of the implementation process, ensuring certification.
Document drafting
​
We can draft any document you may need, such as the scope, policies, procedures, statement of applicability, and all other documentation.
Maintenance
​
We can help you proactively manage, monitor and maintain your privacy information management system (PIMS), ensuring consistent conformity with ISO 27701.
Training
​
We can provide an internal Information Security training programme or Internal Audit Team training.
​
Risk management
​
We can perform a Risk Assessment and create a Risk Treatment Plan.
Internal audit
​
We can perform an Internal Audit and as we have extensive experience of ISO 27701 and the audit process, you can gain the assurance you need to ensure you meet your client's and stakeholder's demands.
Builds trust in managing personal information
​
Provides transparency between stakeholders
​
Facilitates effective business agreements
Clarifies roles and responsibilities
​
Supports compliance with privacy regulations
​
Reduces complexity by integrating with the leading information security standard ISO/IEC 27001
​
ISO/IEC 27701 is a potential certification mechanism to demonstrate compliance with GDPR.
​
ISO/IEC 27701 addresses GDPR recommendations, and BSI is anticipating that it could be used as the basis of a certification mechanism (as stipulated by GDPR Article 42).
If used in such a way, it would provide the necessary proof that your organization treats the personal information of its customers in compliance with the law, including for the case of cross-border data flows.
ISO/IEC 27701 is applicable to organizations of all sizes and cultural environments. It is for the collection and processing PII of both employees and customers.
The set of controls being developed extends technical measures for implementing information security to also address privacy requirements and, if implemented by an organization, can assist in demonstrating compliance with data privacy laws such as GDPR.