ISO 27701 Implementation
Home / ISO 27701 Implementation Service
Personal Information Management System
ISO 27701 is the international standard for the management of personal data.
This standard requires the development and management of a Personal Information Management System (PIMS).
- Certified Implementor
- Experienced in ISO 27001
- Data Privacy Certification
- Meet GDPR Requirements
- Low Cost Compliance
- Strong Commercial Benefits
We have a skilled and experienced team of professionals that can fast-track your data privacy certification.
What are the benefits of ISO 27701?
The major benefit of certification in ISO 27701 is that it is the only internationally recognised certification in data privacy management. At this point, there is no certification for being GDPR compliant. However, with this standard in place, an organisation can state that it complies with not only the ISO requirements, but also data protection legislation such as GDPR, HIPAA and CCPA.
There are obvious commercial benefits to becoming ISO 27701 certified. These relate to the competitive edge than can be obtained with having this certification in procurement and bid tendering scenarios.
What is involved?
This certification is an add-on to ISO 27001 (the international standard for information security).
Therefore, you have to have an existing ISO 27001 certification, or you can add this onto a new ISO 27001 certification.
There are an additional 49 controls in addition to those required by ISO 27001. These are focused on the development and management of personal data.
What do we do to implement ISO 27701?
We review your current status and assess the time, effort and tooling required to achieve the standard.
Usually takes between one and two days to complete.
We produce a detailed project plan that outlines the control implementation requirements.
This includes the development of new documentation, amendments to existing documentation and change to working practices.
Our skilled and experienced team work with you to implement the required additional controls and amend the existing controls for ISO 27001.
This involves a number of meetings to develop the documentation and have regular catch up meetings to discuss the change management activities that are required.
Once the implementation has been completed, we will plan and undertake an internal audit of the new controls for ISO 27701 and the amended controls for ISO 27001.
This typically takes two days and we then document our findings in a fully detailed audit report.
We will state where we have found any non-conformities and observations and then suggest options for improvement.
We will also make recommendations on how to address the actions needed prior to certification.
We support our clients through the certification.
An external organisation will have to certify the standard and we will be on hand to support you through the certification audit.
What is required for certification?
Know Your Processing
All organisations need to have reviewed and recorded what personal data they process as a Data Controller and as a Data Processor.
Adhere To The Principles
Adherence to the basic principles of data protection is very important in ISO 27701. This has to be reflected in the Privacy Management System.
Implement Privacy Controls
The privacy controls sit alongside your information security controls and are focused on the protection of personal data.
Continual Improvement
There must be evidence of how the organisation will improve the management of the security of personal data.