
The International Information Security Management Standard, ISO/IEC 27001, has a privacy extension called ISO/IEC 27701:2019 (also known as ISO/IEC 27002 for Privacy Information Management - Requirements and Guidelines). Establishing, implementing, maintaining, and continuously improving a PIMS are all outlined in ISO 27701, which also offers recommendations (Privacy Information Management System).
A
collection of requirements, controls, and control objectives relevant to
privacy are included in ISO 27701, which is based on the requirements, control
objectives, and controls of ISO 27001.
 
Applicability
All sizes and types of organisations, including public and private businesses, governmental agencies, and non-profit organisations that store, gather, or handle personally identifiable information (PII) such names, contact information, locations, IP addresses, etc., must adhere to ISO/IEC 27701. It offers direction for businesses in charge of processing PII within an ISMS, specifically:
- PII controllers 
- PII processors
Objective
The following are the goals of ISO 27701 standards:
- Increases transparency between parties and fosters confidence in the management of personal information
- Enables successful business deals
- Defines roles and obligations
- Encourages adherence to privacy laws 
Approach
The five phases of our strategy have been
covered. These consist of:
Phase
1: Understand Business Process
Understanding the policies and procedures as well as the management's
expectations and the environment.
Phase
2: Identify Risks and Controls
Determine the target processes and gain an understanding of their flow, risk,
information resources, and controls.
Phase
3: Controls Design Testing
Create issue and opportunity registers, identify controls based on 27701, test
the control architecture, and note any flaws. Create a plan for risk mitigation
and determine the residual risks.
Phase
4: Controls Evaluation
Internally audit your systems to find control flaws and their effects.
Phase 5: Certification
For the certification audit, invite the certification agency.