ISO/IEC 27701:2019 specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO 27001 and ISO 27002 for privacy management within the context of the organization. This standard specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.
As with the most of management system standards, ISO 27701 also follows the high-level structure (HLS) developed by ISO. The HLS structure defines the common terminology and definitions used, as well as the clause sequence (1 to 10), where the requirements for the PIMS are set out in clauses 4 to 10. The HLS enables organizations to integrate various management systems.
ISO 27701 is only available as an add-on to ISO 27001 certification and cannot be obtained as a standalone certificate. ISO 27701 certification is a third-party audit performed by a certification body such as MSECB who, upon verification that an organization is in compliance with these requirements will issue a certificate. This certification is then maintained through regularly scheduled annual surveillance audits by the registrar, with re-certification of the Information Security Management System performed on a triennial basis.
Benefits of ISO 27701
ISO 27701 is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which are PII controllers and/or PII processors processing PII within an ISMS.
INTI.Q mission is to provide our clients comprehensive services that inspire trust, continual improvement, demonstrate recognition, and benefit society as a whole. To find out how you can obtain the ISO 27701 Certification, contact info@intiq.biz