ISO 27701:2019: What is it?

The International Information Security Management Standard, ISO/IEC 27001, has a privacy extension called ISO/IEC 27701:2019 (also known as ISO/IEC 27002 for Privacy Information Management - Requirements and Guidelines). Establishing, implementing, maintaining, and continuously improving a PIMS are all outlined in ISO 27701, which also offers recommendations (Privacy Information Management System).

A collection of requirements, controls, and control objectives relevant to privacy are included in ISO 27701, which is based on the requirements, control objectives, and controls of ISO 27001.

 

Applicability

All sizes and types of organisations, including public and private businesses, governmental agencies, and non-profit organisations that store, gather, or handle personally identifiable information (PII) such names, contact information, locations, IP addresses, etc., must adhere to ISO/IEC 27701. It offers direction for businesses in charge of processing PII within an ISMS, specifically:

  • PII controllers 
  • PII processors

Objective

The following are the goals of ISO 27701 standards:

  • Increases transparency between parties and fosters confidence in the management of personal information
  • Enables successful business deals
  • Defines roles and obligations
  • Encourages adherence to privacy laws 

Approach

The five phases of our strategy have been covered. These consist of:

Phase 1: Understand Business Process
Understanding the policies and procedures as well as the management's expectations and the environment.


Phase 2: Identify Risks and Controls
Determine the target processes and gain an understanding of their flow, risk, information resources, and controls.


Phase 3: Controls Design Testing
Create issue and opportunity registers, identify controls based on 27701, test the control architecture, and note any flaws. Create a plan for risk mitigation and determine the residual risks.


Phase 4: Controls Evaluation
Internally audit your systems to find control flaws and their effects.


Phase 5: Certification
For the certification audit, invite the certification agency. 


LinkedIn Youtube

We use cookies to enhance your user experience. By continuing to browse, you hereby agree to the use of cookies. To know more; visit our Privacy Policy & Cookies Policy.

X