What exactly is ISO 27701?
ISO/IEC 27701 2019 is an update to the international standard for managing information security, ISO/IEC 27001. (ISO/IEC 27701 Security Techniques - Extension to ISO/IEC 27001 or ISO/IEC 27022 Privacy Information Management - Requirements/Guidelines). See iso 27701 pdf here.
ISO 27701 provides guidelines and guidelines for the creation maintenance, enhancement, and ongoing improvement of a Privacy Information Management System (PIMS) (privacy information management systems).
ISO 27701 is built on the specifications of ISO 27001. It includes privacy-specific requirements, controls, and control objectives.
Our bestselling pocket guide ISO/IEC27701 provides brief overview of guidelines and methods of managing personal data.
Why did ISO 27701 get created?
DPA (Data Protection Act), DPA 201 (UK) General Data Protection Regulation, and EU GDPR General Data Protection Regulation (General Data Protection Regulation), both oblige organizations to take the appropriate measures to protect personal data that they handle.
These laws do not provide any guidelines on how these measures ought to be.
This new standard was created by the ISO (International Organization for Standardization) as well as the IEC (International Electrotechnical Commission).
What is the connection between ISO 27001 & ISO 27701
ISO 27001 outlines the requirements for an ISMS which is an information security management system. This ISMS is a risk-based strategy which includes processes, people and technologies. ISO 27001 certification can be independently accredited to give stakeholders confidence that their data is properly protected.
ISO 27001-certified organisations can now use ISO 27701 as a way to expand their security measures and cover privacy management. This covers processing personal information or PII. It can help them show that they've taken reasonable measures to adhere to regulations on data protection, like the GDPR.
An ISMS is not required for organizations to adopt ISO 27001 and ISO 27701 simultaneously.
Download free pdf: How to get your business on the right track to GDPR and DPA conformity with ISO 27701
Use ISO 27701 to map your way to GDPR/DPA compliance for 2018.
Who should apply ISO 27701
All data processors and controllers can use ISO 27701. Like ISO 27001, this standard recommends a risk-based approach to ensure that every conforming firm is aware of both the unique risks and the risks to personal data and privacy.
What is the difference between a privacy management system and a personal management system?
Whereas ISO 27701 sets out the guidelines for a privacy information management system, the BS 10012 standard is the British standard for a personal data management system.
There are a few distinctions between the two terms. Both are management systems that are designed to safeguard personal information and therefore for everyday activities, you can take the acronym PIMS as being referring to or. There are some key differences between both strategies. We will discuss them in detail below.
Do I need to implement ISO 27701?
Both standards have their advantages However, there are some differences.
BS 10012 has been aligned to DPA 2018 (2018) and GDPR 2018 The other is that ISO 27701 is not aligned to any data protection law. This makes it more applicable and allows conformant organizations to adhere to a wide range of privacy laws.
If your company needs to conform only to the GDPR as well as DPA 2018, you might think that BS 10012 will meet your requirements.
If you are required to prove that you are in compliance with various security protocols for data, the international standard is better for your needs.
IT Governance can help you determine which standard is better suitable for your needs. We can also give you any support for implementation you need.
Demonstrate that GDPR is compliant with ISO 27701/ISO 27001
Implementing ISO 27701/ISo 27001 will help meet the GDPR's requirements for privacy. Check iso 27001 for info.
Article 42 of GDPR refers to data protection certification mechanisms sealings for data protection, as well as the marks. These mechanisms are not yet available. It is however possible to obtain an independent, accredited certification of ISO 27001 - and by extension ISO 27701 if you implement its controls - which will show regulators and other stakeholders that your company is following best practices internationally regarding the security of personal data and PII.