ISO/IEC 27701 Certification

ISO/IEC 27701 Certification

The new international standard ISO/IEC 27701 also known as Privacy Information Management System (PIMS) has been put forth to help organizations reconcile their privacy regulation requirements.

ISO/IEC 27701 specifies the requirements and provides guidance for establishing, implementing, maintaining and continually improving a privacy information management system (PIMS). The standard covers how organizations should manage personal identifiable information (PII) and assists in demonstrating compliance with privacy regulations that may apply.

Personal identifiable information (PII) is information that reveals someone's identity, and are sensitive

ISO/IEC 27701 extends your security efforts to cover privacy management if you have already implemented ISO 27001, including processing of PII to demonstrate compliance with data protection regulations. The standard can be mapped into privacy and frameworks defined in ISO/IEC 29100, ISO/IEC 27018, ISO/IEC 29151 and GDPR. The framework provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.

The implementation process can be specified as follows:

  1. Developing a security policy as per the business requirement for information privacy and security.
  2. Defining the scope of the PIMS, all aspects pertaining to people, processes and technology are included.
  3. Conducting risk assessment.
  4. Identification of risks post assessment and undertaking adequate management steps.
  5. Selection of control objectives and their implementation.
  6. Drawing up a statement of applicability.
  7. Defining policies, procedures and awareness training etc.

QRC provides hassle free and cost-effective ISO 27701:2019 certification and advisory service. As an independent certification body, we conduct an onsite assessment to confirm whether the organization and their components are in conformity with the standard put forth by the ISO body.

    The certification process follows the following steps:

  1. Enquiry Submission
  2. Identifying the man days and Effort Estimation
  3. Contract Agreement
  4. Audit Programme Confirmation
  5. Stage 1 Assessment
  6. Stage 2 Assessment
  7. Issuance of the Certificate
  8. Periodic Assessment

PIMS requires one to design, build and implement a a Personal Information Management System (PIMS) for the organisation and the successful implementation can help you achieve the following:

  • Builds trust in your company’s brand and ability to manage personal information and employees
  • Improves internal competence, while clarifying the roles and responsibilities within your organization.
  • Build a clear set of roles and responsibilities for PII controllers and PII processors holding responsibility and accountability for personal data processing.
  • Facilitates agreements with business partners where the processing of PII is mutually relevant.
  • Integrates easily with ISO/IEC 27001, supports in compliance with GDPR and other applicable privacy regulation.
  • Helps to strengthen relationships with existing customers and stakeholders, proving your seriousness of information privacy.
  • Minimise any risk of disruptions of crucial processes and financial losses in association with a breach.

Get Free Consultation