ISO 27701 is a framework for data privacy that builds on ISO 27001. This latest privacy best practice guides organizations on policies and procedures that should be in place to comply with GDPR and other data protection/privacy regulations and laws.
The ISO 27701 standard, a PIMS (Privacy Information Management System) standard, lays out a detailed set of operational checklists that can be adapted to a variety of regulations, including GDPR. Companies document their policies, procedures, protocols and activities in line with the standard’s operational checklists, with records then audited by internal and third-party auditors, resulting in detailed proof of compliance with the standard. ISO 27701 helps companies to maintain an effective privacy and information security system and reduce privacy risks.
An important feature of ISO 27701 is its versatility. Just as ISO 27001 works for all organizations, so does ISO 27701. It has been written in such a way that it can be used by organizations of all sizes and from all business sectors. It is also structured in such a way that it clearly differentiates the guidance for PII controllers and PII processors.
ISO 27701 has been designed to be used by all data controllers and data processors. Like ISO 27001, it advocates a risk-based approach so that each conforming organization addresses the specific risks it faces, as well as the risks to personal data and privacy.
A Premier Cybersecurity consulting and GRC Compliance Company