ISO 27701 – Private Information Management Systems, was published on August 5, 2019 and aims to establish security controls for data protection, being a logical fit for regulations data protection.
ISO 27701 is an international standard for data protection, the Standard reaches the market to be an international tool to adapt the most diverse data protection regulations in several countries, such as the GDPR – General Data Protection Regulation of Europe.
It should be noted that the company must first obtain certification in ISO 27001 – Information security management systems and then make an extension to ISO 27701 – Private security management systems. This is because ISO 27701 is an extension standard and is directly related to ISO 27001 as a complement to requirements related to data privacy and consequently compliance with international regulations.
1 – Adequacy to data protection regulations
With ISO 27701 the organization will implement the step by step of an internationally recognized protocol, which will facilitate the implementation of the data protection controls and the adequacy of international regulations;
2 – External recognition
With ISO 27701, the organization will be able to demonstrate to interested parties, such as customers and regulators, that it has implemented and keeps active the personal data security controls, which will allow automatic recognition by these parties;
The structure of ISO 27701 determines the fulfillment of the 114 controls in Annex A of ISO 27001 that companies generally implement as part of the alignment to the structure, in addition to specific controls for the security of private information, extending the requirements of ISO 27001 to take into account the protecting the privacy of individuals whose PII is owned by a company seeking certification. As ISO 27701 is an extension of the ISO 27001 standard, ISO 27701 certifications will not be issued independently. A company that obtains a certification under ISO 27001 can include ISO 27701 within the scope of its certification, if it implements the guidelines under ISO 27701.
And now? How to obtain ISO 27701 certification?
As mentioned above, the organization needs to implement the requirements of ISO 27001 and include ISO 27701 in its scope to obtain both certifications.
QMS can help in this scenario by removing all doubts about the certification process. As an international certification body, we carry out audits of ISO 27001 combined with ISO 27701 and issue certificates with a validity of 3 years subject to periodic annual audits. Contact us to learn more about the certification process.
