ISO/IEC 27701:2019 is a data privacy extension to ISO 27001. This newly published information security standard provides guidance for organisations looking to put in place systems to support compliance with GDPR and other data privacy requirements. ISO 27701, also abbreviated as PIMS (Privacy Information Management System) outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage data privacy.
Organisations looking to get certified to ISO 27701 in order to comply with GDPR will either need to have an existing ISO 27001 certification or implement ISO 27001 and ISO 27701 together as a single implementation audit. ISO 27701 is a natural expansion to the requirements and guidance set out in ISO 27001.
This standard is a great way of demonstrating to customers, external stakeholders and internal stakeholders that effective systems are in place to support compliance to GDPR and other related privacy legislation. In gov.uk Cyber Security Breaches Survey 2021, around 34 percent of businesses have made changes to cyber security because of GDPR and this number will rise in the upcoming years. It can help you in the following ways:
- GDPR Compliance
- Privacy Rights of Individuals
- Securing Personal Information
- IT Governance
- Building Customers Trust
- Increasing Customer Satisfaction
- Protecting Reputation
- Data Breaches
- Continued Confidentiality
As part of the development and implementation of your PIMS or IMS, Functio will process map all your internal Privacy Information Management processes, provide business improvements based on experience and compliance with ISO 27701. Produce all required supporting registers and documents, such as your:
- Legal register – establishing legal compliance of your organisation
- CROO register – Establishing the risk of failure of core processes and establishing objectives and opportunities for ongoing improvement
- Statement of Applicability – A comprehensive document detailing how compliance is achieved to core elements of ISO 27701
- Asset Register – Detailing all your Assets
- Internal Audit Plan – Establishing a plan to retain compliance
- Access Control Policy – Detailing how access to systems, assets and properties is managed
- Business Continuity Plan – Detailing how the business operates in emergencies and extreme circumstances
- Master Document Register – Detailing all documents, version numbers and review dates
- All required supporting forms
Functio work with our customers through all and at each stage of certification from Initial Consultation, Stage 1 Audits, Stage 2 Audits, Surveillance Audits, Re-Certification Audits and can undertake regular ISO Maintenance Services as required to retain your compliance and certification to the standard.
We provide a stress-free service essentially allowing you as much input as you wish as we develop and implement the system for you, working with customers with a heavy involvement right through to those that need the accreditation but simply don’t have time in their day to get all the elements completed.
Looking for ISO 27701 Certification an Integrated Management System or continued compliance and certification then please do not hesitate to contact us and discuss your requirements
