IMSM Ltd, Wiltshire
01793 296704

ISO 27701:
Privacy Information

ISO/IEC 27701 is a Privacy Information Management System (PIMS), outlining requirements and providing guidance for establishing, implementing, maintaining, and continually improving a privacy information management system.

 

This new standard is a privacy extension to the renowned ISO/IEC 27001 information security management system, forming the foundation for information security. ISO/IEC 27701 builds further on that foundation to provide a comprehensive set of controls for security and the protection of personal information. As an extension, ISO/IEC 27701 must be implemented alongside an existing ISO/IEC 27001 system or in conjunction with a new ISO/IEC 27001 system.

Trusted by over 2,000 companies across the globe

Focus on information privacy.

Tell me more about this standard...

What is ISO 27701?

The standard focuses on ‘privacy information management’ and how companies deal with the processing of personal information. For example, you do not want other people or businesses to use your personal information without your permission; this means limiting access to your personal information and keeping it confidential. Having confidence in a business is crucial, and a company that applies a PIMS will gain a good reputation for information security.

ISO/IEC 27701 sets the standard of responsibility for businesses to protect Personally Identifiable Information (PII). The processing of personal information is covered by various legal and regulatory requirements globally. ISO/IEC 27701 can go some way towards demonstrating compliance with privacy regulations worldwide, including the General Data Protection Regulation (EU) 2016/679 (GDPR).

0+

Years of Experience

0K+

Overall Certificates Issued

0

Months to Implement on Average

The Benefits of ISO 27701

Almost every business holds PII (personally identifiable information) therefore, any company that processes personal information could benefit from an ISO/IEC 27701 Privacy Information Management System, as it’s designed to help companies protect and regulate the personal information they hold. Additional benefits of an effective ISO/IEC 27701 are vast and can be unique to your specific business, but could include:

Builds trust in managing personal information
Provides transparency between stakeholders
Facilitates effective business agreements
Clarifies roles and responsibilities
Supports compliance with privacy regulations including GDPR
Improves staff competence and establishes processes to avoid breaches
Can be implemented simultaneously with ISO/IEC 27001

Additional controls are required over and above those listed in the ISO/IEC 27001 standard, specifically concerning clause 4 context of the organisation and clause 6 planning. There are also additional requirements over and above those listed in Annex A of ISO/IEC 27001 (taken from ISO/IEC 27002) and cover every clause except A17 Information Security Aspects of business continuity management.

Dependent on whether the company is a data controller or data processor would determine the number of additional controls required over and above the requirements detailed in ISO/IEC 27701.

Steps to getting

ISO 27701 certified

Working towards ISO 27701 certification with IMSM is a trouble-free, step-by-step approach.

1. Initial consultation

We help you outline your goals, focusing on what your business wants to achieve and how it defines success, particularly in relation to your client’s requirements. You and your ISO consultants will agree on reasonable outcomes and delivery dates.

2. System Documentation

Our client portal IMSMLoop offers a comprehensive insight into the progress of your ISO implementation, along with copies of the relevant audit reports, certifications, and any necessary corrective actions. The portal serves as a central hub for tracking your ISO journey.

3. ISO 27701 Framework Adoption

Ensuring the framework is embedded throughout your organisation, we can also develop and deliver tailored training for staff to ensure that the understanding and implementation of ISO 27701 is watertight. Creating consistency across your organisation.

4. Submission to External Auditor

Your organisation applies to the third-party certifying body that you have selected to conduct your audit. This audit objectively determines whether your business conforms to ISO 27701, and the relevant accompanying documentation is accessible through our client portal, IMSMLoop.

Our Benefits

Why choose IMSM?

Simple: We make it simple. Since 1994, we've helped businesses achieve ISO certification, with over 150 experts worldwide and 15,000+ clients trusting us to implement their ISOs. We've proven to be experts at handling the logistical heavy lifting, saving your company valuable time.

With a transparent fixed fee, flexible approach, and real-time access to updates, documentation, and an array of other features through IMSMLoop, we collaborate with your organisation to make any ISO implementation as straightforward and beneficial as possible.

This standard contributes to the following Sustainable Development Goals:

Your journey starts here

More information on the Road to ISO Certification

Image link
Experienced ISO Consultants

How can ISO Specialists help your business?

Getting started with ISO certification might seem daunting; this is often the reason why businesses enlist the help of an ISO consultant. For 30 years, we've supported and guided organisations like yours through certification. Our experienced consultants take the lead on auditing your business, helping you use the results to enhance your quality management system. If necessary, there is also plenty of room for training.

Established ISO Certifiers since 1994
google partner badge

ISO 27701: Frequently Asked Questions

Can you get ISO 27701 certified without an ISO 27001 certification?
While organisations can achieve ISO 27001 certification on its own, ISO 27701 certification cannot be obtained without ISO 27001 compliance. Data security is a key element of privacy, which is why ISO 27001 compliance is included as Clause 5 of ISO 27701.
How much does it cost to get ISO certified?
The cost of getting ISO 27701 certified varies from organisation to organisation, but it is priced using three major factors: the size of your business, your industry and the complexity of your processes.
What is the difference between ISO 27001 and 27701?
ISO 27001 and ISO 27701 serve two distinct purposes. ISO 27001 focuses on information security, aiming to help organisations demonstrate their security measures to prospects and customers. ISO 27701, on the other hand, focuses on user privacy, helping organisations comply with global privacy laws and protect consumers' privacy rights.
Who should be ISO 27701 compliant?
ISO 27701 is particularly beneficial for organisations legally required to comply with privacy regulations such as GDPR, CCPA, or HIPAA. In fact, it includes an annex that directly maps its privacy controls to the various components of GDPR.
Is ISO 27701 mandatory?
ISO 27701 is not a law or regulation, so no organisation is legally obliged to follow it. However, any organisation that collects, processes, stores, or handles PII in any way would be wise to implement this standard.
This standard contributes to the following Sustainable Development Goals:
03
05
09
11
12
16

High Quality & Prestigious Brands

Advanced services combined with a large experience and fast performance.

“We decided to use IMSM to help and support us through the process. We were fairly new to this as a company and to have a company like IMSM guiding us through the requirements saved us time and gave us the confidence to present to the external auditors, knowing we had everything covered”

starstarstarstarstar
David Spence, Operations Engineering Manager
Ping Network Solutions

"Our ISO certifications help us provide consistent, quality-focused services that our clients have come to depend on and appreciate.”

starstarstarstarstar
Cherie Sprout, Executive Assistant
Integral Consulting Services, Inc.

“We can now demonstrate, via externally internationally recognised accreditation, that Pall-Ex is the number one pallet network for quality. This also allows us extensive yearly external auditing by our certification provider against a measured standard.”

starstarstarstarstar
Will Gardner, Head of QHSE & Operational Improvement
Pall-Ex Limited

"Our IMSM Assessor put in a lot of time and effort; they did a really good job for us, helping to organise what we had here. We had a lot of the pieces in place, they just weren’t put together, which IMSM helped us to do. We have a system in place now and we continually follow up on everything. “

starstarstarstarstar
Steve Head, Business Improvement Director
Anderson Dahlen