ISO 27701 is the first global privacy management standard. It is an extension to ISO 27001 and includes specific requirements, objectives and controls relating to the implementation of a Privacy Information Management System (PIMS).
ISO 27701 is a major step forward for privacy. It goes beyond existing regulations by providing actual guidance to organisations regarding how to act on data protection and privacy. This helps protect personally identifiable information (PII) whilst enabling compliance with applicable regulations such as the GDPR.
Benefits of ISO 27701
Protect personal information and build trust
All stakeholders - whether it be customers, employees or regulatory bodies – are demanding that organisations take better steps to protect information and personal data. ISO 27701 certification acts as an independent and impartial stamp of approval that demonstrates your organisation’s commitment to privacy and best practice. This builds trust and provides a competitive advantage.
Demonstrate legal and regulatory compliance
ISO 27701 certification alone doesn’t confirm that an organisation is GDPR compliant. However, it does provide a logical and effective framework that any company could use to support their efforts to comply with various privacy laws and regulations.
Create a more robust integrated system
To achieve ISO 27701 certification, an organisation must already be ISO 27001 certified or implement both standards which can then be assessed via an integrated audit. An integrated system that complies with both ISO 27001 and ISO 27701 demonstrates a more robust information security management system that properly addresses the changing requirements and expectations around privacy management.
Need help with ISO 27701?
If you want to achieve certification to ISO 27701, we can help. We offer a range of ISO 27701 certification services designed to help you demonstrate your commitment to best practice privacy management.
Why work with us
Our assessors are qualified professionals with sector-specific information security and IT experience who are matched with your business needs, ensuring an effective audit of your system.
We need to assess your organisation's compliance with ISO 27701, but we approach this with an open mind and recognise the potential in new ideas. This pragmatic approach guarantees a positive impact on your organisation - today and in the long-term.
What we think
LRQA's experts regularly share their research and insights.