info@earlycompliance.com
+234 916 415 4000

ISO 27701: Privacy Information

ISO/IEC 27701 is a Privacy Information Management System (PIMS), outlining requirements and providing guidance for establishing, implementing, maintaining, and continually improving a privacy information management system.


This new standard is a privacy extension to the renowned ISO/IEC 27001 information security management system, forming the foundation for information security. ISO/IEC 27701 builds further on that foundation to provide a comprehensive set of controls for security and the protection of personal information. As an extension, ISO/IEC 27701 must be implemented alongside an existing ISO/IEC 27001 system or in conjunction with a new ISO/IEC 27001 system.


    By submitting this form, you understand that EC may contact you by email or phone to discuss your enquiry.


    If you'd also like to receive ISO-news, updates and marketing communication from us, you can let us know below:



    You can unsubscribe anytime. By submitting, you agree to your data being used to handle your enquiry. See our Privacy Policy for details.

    What is ISO 27701?

    The standard focuses on ‘privacy information management’ and how companies deal with the processing of personal information. For example, you do not want other people or businesses to use your personal information without your permission; this means limiting access to your personal information and keeping it confidential. Having confidence in a business is crucial, and a company that applies a PIMS will gain a good reputation for information security. ISO/IEC 27701 sets the standard of responsibility for businesses to protect Personally Identifiable Information (PII). The processing of personal information is covered by various legal and regulatory requirements globally. ISO/IEC 27701 can go some way towards demonstrating compliance with privacy regulations worldwide, including the General Data Protection Regulation (EU) 2016/679 (GDPR).

    22+

    Years of Experience

    2K+

    Overall Certificates Issued

    3

    Months to Implement on Average

    What are the Benefits of ISO 27701?

    Almost every business holds PII (personally identifiable information) therefore, any company that processes personal information could benefit from an ISO/IEC 27701 Privacy Information Management System, as it’s designed to help companies protect and regulate the personal information they hold. Additional benefits of an effective ISO/IEC 27701 are vast and can be unique to your specific business, but could include:

    • Builds trust in managing personal information
    • Provides transparency between stakeholders
    • Facilitates effective business agreements
    • Clarifies roles and responsibilities
    • Supports compliance with privacy regulations including GDPR
    • Improves staff competence and establishes processes to avoid breaches
    • Can be implemented simultaneously with ISO/IEC 27001

    Additional controls are required over and above those listed in the ISO/IEC 27001 standard, specifically concerning clause 4 context of the organisation and clause 6 planning. There are also additional requirements over and above those listed in Annex A of ISO/IEC 27001 (taken from ISO/IEC 27002) and cover every clause except A17 Information Security Aspects of business continuity management.

    Dependent on whether the company is a data controller or data processor would determine the number of additional controls required over and above the requirements detailed in ISO/IEC 27701.

    How can ISO Specialists help your business?

    Getting started with ISO 27701 certification might seem daunting; this is often the reason why businesses enlist the help of an ISO consultant. For 22 years, we’ve supported and guided organisations like yours through certification. Our experienced consultants take the lead on auditing your business, helping you use the results to enhance your quality management system. If necessary, there is also plenty of room for training.

    learn more about what we do