ISO 27701 Privacy Information Management is the extension to ISO/IEC 27001 information Security Management System and ISO/IEC 27002 Security Controls which provides a framework for data privacy that builds on ISO 27001.
It provides guidance on the protection of privacy, including how organizations should manage personal information and assists in demonstrating compliance with privacy regulations around the world.
ISO 27701 also enables organization to reduce privacy risks and maintain an effective privacy and information security system according to the Standard’s operational checklists that can be adapted to a variety of regulations, including General Data Protection Regulation (GDPR).
ISO 27701 is applicable to all types and sizes of organizations, including public and private companies, government entities and non-for profit organization. It has been designed to be used by all data controllers and data processors. Like ISO 27001, it proposes a risk-based approach so that each conforming organization addresses the specific risks it faces, as well as the risks to personal data and privacy.
By attaining the ISO/IEC 27701 Certificate from ACI, it not only enhance the privacy management practices within the organization, also helps to show commitment to protect personal information in today’s digital world.
- Clarify the roles and responsibilities within your organization
- Build trust in your company’s ability to manage personal information, both for employees and customers
- Integrates with the leading information security standards
- Supports compliance with other privacy regulations
- Provide transparency between stakeholders
- Facilitates effective business agreements