ISO 27701 27001 Information Technology Security Techniques

What is ISO 27701?
ISO/IEC 27701 2019 is an extension to the international standard for managing information security, ISO/IEC 27001. (ISO/IEC 27701 Security Techniques - Extension to ISO/IEC 27001 or ISO/IEC 27022 Privacy Information Management - Requirements/guidelines). See iso 27701 here.

ISO 27701 specifies the requirements for - and provides guidance for establishing, implementing, maintaining and continually developing the PIMS (privacy information management system).

ISO 27701 was developed based on ISO 27001's requirements, control goals, and controls. It also incorporates privacy-specific requirements as well as controls and control goals.

For a more concise and concise explanation of the basic principles of managing personal information and ISO/IEC 27701, take a look at our best-selling pocket guide ISO/IEC27701:2019: An introduction to privacy management.

Why was ISO 27701 created?
DPA (Data Protection Act) DPA (Data Protection Act) (Data Protection Act), UK (GDPR General Data Protection Regulation), EU GDPR(General Data Protection Regulation), all oblige companies to adopt security measures to ensure the privacy of any personal information they manage.

The laws do not intend to give guidance regarding the structure of these measures.
The new standard was developed jointly by the IEC and ISO (International Organization for Standardization).

What is the relation between ISO 27001 & ISO 27701
ISO 27001 defines the requirements for an ISMS. It is a risk-based system that encompasses processes, people, and technology. ISO 27001 is an independent certification that provides assurance to stakeholders that data is being properly secured.

Companies that have implemented ISO 27001 will be able to use ISO 27701 to extend their security efforts to cover privacy management, including the processing of personal data/PII (personally identifiable information) that can aid them in proving that appropriate measures have been taken to comply with data protection laws such as the GDPR.

Organizations without an ISMS can also implement ISO 27001/IS 27701 as a single project.
Free PDF Download: Follow your progress to GDPR and DPA Compliance with ISO 27701
Your way to GDPR and DPA 2018 conformity with ISO 27701

Who is the person who should implement ISO 27701?
ISO 27701 is intended for all data processors and data controllers. It is like ISO 27001 and advocates a risk-based approach that ensures each organisation meets the particular threats it faces as well as the ones in relation to privacy and personal information.

What is the difference between a privacy management system for information and a personal information management system?
ISO 27701 outlines privacy information management requirements, but the BS 10012 defines British standards for personal information management.

The terms are very identical. They are both management systems that protect personal data. In your day-to-day activities you could make use of the acronym PIMS to refer to either. However, there are some distinctions between these approaches. They are discussed in the following paragraphs.

Should I pick ISO 27701 over BS 10012?
While both standards are useful There are some differences.

BS 10012 is aligned to the GDPR (2018) and DPA 2018 and DPA 2018, ISO 27701 has no such alignment. This makes it more appropriate and allows conformant organizations to adhere to a wide range of privacy laws.

If your organisation is required to comply with the GDPR as well as DPA 2018, you might discover that BS 10012 is a good fit for your needs.

If you need to demonstrate your compliance with different security protocols for data, the standard internationally recognized is more for your needs.

IT Governance can assist you in determining the best method for your requirements and offer all implementation support that you require.

Show that GDPR compliance is met to ISO 27701 or ISO 27001
Implementing ISO 27701 & ISO 27001 will allow you to comply with the privacy and data security requirements of GDPR. It also shows that you have management arrangements for "appropriate technological, organizational measures" in place to protect personal information and ensure the rights of data subjects, in accordance with Article 5(2). Check Guidelines for the assessment of information security controls for info.

Article 42 of GDPR addresses methods for certifying data protection seals for data protection and marks. No such mechanisms yet exist. But, you can obtain ISO 27001 accreditation if your organization follows its best practices in the security of personal data.