GDPR compliance

ISO 27701

ISO 27701:2019 Security Techniques is the Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management (also Personal Information Management).

ISO 27701: Data Compliance Management System Supporting GDPR Compliance

What is ISO 27701?

ISO/IEC 27701:2019 is a data privacy extension to ISO 27001. This newly published information security standard provides guidance for organizations looking to put in place systems to support compliance with GDPR and other data privacy requirements. ISO 27701, also abbreviated as PIMS (Privacy Information Management System) outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage data privacy. Privacy information management systems are sometimes referred to as personal information management systems.

This reduces risk to the privacy rights of individuals and to the organisation by enhancing an existing Information Security Management System.

This standard is a great way of demonstrating to customers, external stakeholders and internal stakeholders that effective systems are in place to support compliance to GDPR and other related privacy legislation.

Organizations looking to get certified to ISO 27701 in order to comply with GDPR will either need to have an existing ISO 27001 certification or implement ISO 27001 and ISO 27701 together as a single implementation audit. ISO 27701 is a natural expansion to the requirements and guidance set out in ISO 27001.

The ISO 27001 standard provides a framework for an Information Security Management Systems (ISMS) that enables the continued confidentiality, integrity and availability of information as well as legal compliance. More than 60,000 organizations worldwide have certified to date to ISO 27001, proving certification to be an essential part of protecting your most vital assets. 

The significant overlap in system and technical requirements between a privacy information management system and an information security system presents a compelling case to adopt ISO 27001 and ISO 27701. This is supported by the international recognition of an ISO standard.

 

Helps you with

  • GDPR compliance
  • Privacy rights of individuals
  • Continued confidentiality
  • IT governance
  • Data breaches
  • Securing personal information
  • Building customers trust
  • Increasing customer satisfaction
  • Protecting the organization’s reputation

Other risk management standards:


NOTE: We are currently offering certification to this scheme.

Benefits of ISO 27701 Certification

STEPS TO CERTIFICATION

  1. Step 1

    Complete a Quote Request Form so that we can understand your company and requirements. You can do this by completing either the online quick quote or the online formal quote request form. We will use this information to accurately define your scope of assessment and provide you with a proposal for certification.

  2. Step 2

    Once you’ve agreed your proposal, we will contact you to book your assessment with an NQA Assessor. This assessment consists of two mandatory visits that form the Initial Certification Audit. Please note that you must be able to demonstrate that your management system has been fully operational for a minimum of three months and has been subject to a management review and full cycle of internal audits.

  3. Step 3

    Following a successful two stage audit, a certification decision is made and if positive, then certification to the required standard is issued by NQA. You will receive both a hard and soft copy of the certificate. Certification is valid for three years and is maintained through a programme of annual surveillance audits and a three yearly recertification audit.

See more details

ISO 27001 Toolkit

ISO 27001 in relation to GDPR video

Need a Consultant?

Download Certification Logos

ISO 9001 to ISO 27001 Gap Guide

ISO 27001 Implementation Guide

Ready to start your journey?

We'll give you a clear indication of the costs of gaining and maintaining certification.
Not ready yet? Call us at (800) 649-5289 or request a call back to discuss your certification requirements.