ISO 27701 Certification Guide
What is ISO 27701?
ISO 27701 is a certifiable extension to ISO 27001 that extends the ISO 27001 Information Security Management System to specifically account for Personal Information (PI) and the laws/regulations that apply to it (e.g., CCPA, GDPR, APAC, etc.). Simply put, ISO 27701 is the best way to prove to a key stakeholder that you have a strong Privacy Program
The resulting Privacy Information Management System (PIMS) reduces risk to the privacy rights of individuals. Aligning with ISO 27701 is also “silver bullet” to demonstrate to customers, regulators, partners and internal stakeholders worldwide that your business is in compliance with privacy laws and can successfully manage and secure PII.
How do you get ISO 27701 Certified?
Because the ISO 27701 standard is an extension to ISO 27001, you need to be ISO 27001 certified in order to be ISO 27701 certified. This allows you to be certified to both standards in a single audit. If your business is considering ISO 27001 certification and you know you must also address privacy and data protection, it makes sense financially and strategically to implement both concurrently.
If your business is considering ISO 27001 certification and you know you must also address privacy and data protection, it could make solid financial and strategic sense to plan the scope of your initial ISO 27001 implementation to encompass the ISO 27701 controls.