ISO/IEC 27701 is a privacy extension to ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Security Controls. An international management system standard, it provides guidance on the protection of privacy, including how organizations should manage personal information, and assists in demonstrating compliance with privacy regulations around the world
ISO 27001 sets out the requirements for an ISMS (information security management system), a risk-based approach that encompasses people, processes and technology. Independently accredited certification to ISO 27001 provides stakeholders with assurance that data is being appropriately secured.
Organisations that have implemented ISO 27001 will be able to use ISO 27701 to extend their security efforts to cover privacy management – including their processing of personal data/PII (personally identifiable information) – which can help them demonstrate that reasonable measures have been taken to comply with data protection laws such as the GDPR.
Organisations without an ISMS can implement ISO 27001 and ISO 27701 together as a single implementation project.
Working towards creating high-quality standards that uphold strict values and principles, the International Organization for Standardization and the International Electrotechnical Commission work hand in hand to guarantee the excellence of your business and its practices.
ISMS is a methodical system for the management of delicate company data and includes all people, processes and IT systems involved in the risk management criteria to ensure the safety of information.
Compatible with all other management system standards that work in accordance with Annex SL of ISO/IEC, the ISO 27001 offers a well-rounded approach surrounding 12 controls.