The new international standard ISO/IEC 27701 also known as Privacy Information Management System (PIMS) has been put forth to help organizations reconcile their privacy regulation requirements.
ISO/IEC 27701 specifies the requirements and provides guidance for establishing, implementing, maintaining and continually improving a privacy information management system (PIMS). The standard covers how organizations should manage personal identifiable information (PII) and assists in demonstrating compliance with privacy regulations that may apply.
Personal identifiable information (PII) is information that reveals someone's identity, and are sensitive
ISO/IEC 27701 extends your security efforts to cover privacy management if you have already implemented ISO 27001, including processing of PII to demonstrate compliance with data protection regulations. The standard can be mapped into privacy and frameworks defined in ISO/IEC 29100, ISO/IEC 27018, ISO/IEC 29151 and GDPR. The framework provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.
The implementation process can be specified as follows:
QRC provides hassle free and cost-effective ISO 27701:2019 certification and advisory service. As an independent certification body, we conduct an onsite assessment to confirm whether the organization and their components are in conformity with the standard put forth by the ISO body.
The certification process follows the following steps:
PIMS requires one to design, build and implement a a Personal Information Management System (PIMS) for the organisation and the successful implementation can help you achieve the following: