ISO 27701 27001 Information Technology Security Techniques

What is ISO 27701?
ISO/IEC 27701 is 2019 is a privacy extension of the international standards for information security management, ISO/IEC 27001 Security techniques - Extension ISO/IEC 27001 & ISO/IEC 2702 Privacy information management – Requirements and Guidelines See Information technology -- Cybersecurity here.

ISO 27701 outlines the requirements and gives guidance on how to set up, implement, maintain and enhance the privacy information management system (PIMS).

ISO 27701 is based on the requirements of control objectives, controls and requirements of ISO 27001, and includes a set of privacy-specific guidelines, controls, and objectives.

To get a more detailed description of the underlying principles of privacy management for individuals and ISO/IEC 27701, you can look up our best-selling book, ISO/IEC 27701 in Pocket: An Introduction to Privacy Information Management.

Why did ISO 27701 get created?
DPA (Data Protection Act) DPA (Data Protection Act), 201, UK (GDPR General Data Protection Regulation) and EU GDPR (General Data Protection Regulation), require that organizations take measures to safeguard personal data they manage.

However, the laws aren't very clear about how the regulations should be interpreted.
This new standard was developed in collaboration between the IEC as well as ISO (International Organization for Standardization).

What is the best way to make ISO 27001 and ISO 27701 integrate with each other?
ISO 27001 outlines the requirements for an ISMS which is an information security management program. It is an ISMS is a risk-based strategy that includes people, processes and technologies. ISO 27001 certification is independent and confirms that security of data has been maintained properly.

Organizations that have adopted ISO 27001 will be able to use ISO 27701 to extend their security efforts to encompass privacy management, which includes the processing of personal information or PII (personally identifiable information) which will assist them in proving that reasonable measures were taken to be in compliance with the laws on data protection like the GDPR.

Organisations without ISMSs can implement ISO 27001/IS27701 in one project of implementation.
Free PDF download: Map your path towards GDPR and DPA compliance in accordance with ISO 27701
Track your way towards GDPR and DPA 2018 compliance with ISO 27701

Who should be the person to implement ISO 27701
ISO 27701 has been designed to be used by all data controllers and data processors. Similar to ISO 27001, this standard advocates a risk-based approach to ensure that every company is aware of the risks and the risks to personal data and privacy.

What is the difference between a privacy management system for information and a personal information management system?
ISO 27701 outlines what is required for a privacy management system. The BS 10012 standard however is the British standard.

The terms are very similar. Both are management systems that secure your personal information. To refer to your daily routine it is possible to utilize the term PIMS to refer to either. There are some significant differences between these two approaches. They are described below.

Do I need to use BS 10012 or ISO 27701?
Both standards have advantages However, they differ in some aspects.

BS 10012 aligns with the GDPR 2018 and DPA 2018. ISO 27701 does not comply with any particular regulation for data protection. This allows it to be utilized by more organisations, which means that they are able to comply with a variety of privacy regimes.

If your company must be in compliance with the GDPR as well as DPA 2018, you might find BS 10012 suits your requirements.

However, if you are required to prove that you are compliant with multiple privacy regulations then the international standard will be more suitable for your needs.

IT Governance can help you determine which one is best suitable for you, and also provide any implementation support needed.

Show that GDPR compliance is met to ISO 27701 or ISO 27001
Implementing ISO 27701 and ISO 27001 will help you meet the privacy and information security requirements of GDPR and other data protection regimes and show that you have the proper management procedures in place to implement "appropriate technical and organisational measures" to safeguard the personal data you process and ensure the rights of data subjects, in accordance with the Regulation's accountability principle (Article 5(2)). Check Information security management systems for info.

Article 42 of GDPR concentrates on data security certification and data protection seals or marks. There are no such mechanisms currently in place. However, you could get ISO 27001 accreditation if your organization follows its best practices regarding the security of personal information.