ISO 27701 Certification Guide
What is ISO 27701?
Briefly, it describes a framework for “controllers” and “processors” of personally identifying information (PII) to manage data privacy and enable regulatory compliance.
The resulting Privacy Information Management System (PIMS) reduces risk to the privacy rights of individuals. Aligning with ISO 27701 is also “silver bullet” to demonstrate to customers, regulators, partners and internal stakeholders worldwide that your business is in compliance with privacy laws and can successfully manage and secure PII.
How do you get ISO 27701 Certified?
Because the ISO 27701 standard is an extension to ISO 27001, there is no separate “certification” for ISO 27701. Instead, organizations can implement the ISO 27701 controls together with the ISO 27001 controls and be certified to both standards in a single audit. Alternatively, an organization that is already ISO 27001 certified can extend the scope of its information security management system (ISMS) to encompass the ISO 27701 controls and be audited against both sets of controls.
If your business is considering ISO 27001 certification and you know you must also address privacy and data protection, it could make solid financial and strategic sense to plan the scope of your initial ISO 27001 implementation to encompass the ISO 27701 controls.