The new international standard ISO/IEC 27701:2019 also known as Privacy Information Management System (PIMS) has been put forth to help organizations reconcile their privacy regulation requirements.
ISO/IEC 27701 extends your security efforts to cover privacy management. This includes processing of PII to demonstrate compliance with data protection regulations such as GDPR.
ISO 27701 is a Extension to ISO 27001 including how organizations should manage personal information, and assists in demonstrating compliance with privacy regulations around the world.
The intended application of ISO/IEC 27701 is to augment the existing ISMS with privacy-specific controls and, thus, create PIMS to enable effective privacy management within an organization.
ISO/IEC 27701 is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations.
ISO 27701, also abbreviated as PIMS (Privacy Information Management System) outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage data privacy. Privacy information management systems are sometimes referred to as personal information management systems.
ISO 27701 is the standard in data privacy management. Its controls will be very familiar to those who have adopted ISO 27001, the international standard for information security, as it essentially bolts privacy processing controls onto the existing framework.
ISO 27701 is a type of PIMS, its purpose is mainly related to data privacy and security. It specifically holds the framework and requirements for privacy controls and practices. ISO 27701 serves as an extension to ISO 27001, so the latter is required for companies looking to implement a PIMS.
Although GDPR doesn't have certification as such, organizations looking to get certified to ISO 27701 in order to comply with GDPR will either need to have an existing ISO 27001 certification or implement ISO 27001 and ISO 27701 together as a single implementation audit.
The new international standard ISO/IEC 27701 Privacy Information Management System (PIMS) (formerly known as ISO/IEC 27552 during drafting period), helps organizations reconcile privacy regulatory requirements.
It provides guidance on the protection of privacy, including how organizations should manage personal information, and assists in demonstrating compliance with privacy regulations.