ISO/IEC 27701:2019

Almost every organisation has personally identifiable information (PII).

This standard is ideal for organisations wishing to implement a privacy management system that supports its ISMS objectives, and helps to meet its privacy compliance requirements, such as those required by the GDPR and the DPA 2018.

Key features:

• The standard includes mapping to the GDPR, ISO/IEC 29100, ISO/IEC 27018 and ISO/IEC 29151.
• Integrates with other management system standards, including the information security standard, ISO/IEC 27001.
• Provides PIMS-specific guidance for ISO/IEC 27002.
• Specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System.
• Supports compliance with the GDPR and DPA 2018.
• Provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.

Important:

ISO/IEC 27701 supports an established information security management system (ISMS) aligned to ISO/IEC 27001, because it extends the requirements in ISO/IEC 27001.

If you do not have an ISMS which is compliant with ISO/IEC 27001, we recommend you purchase BS 10012:2017 for your PIMS because it doesn’t depend on an already-established ISMS.