NQA ISO 27701:2019 - PIM
0 likes238 views
ISO 27701 is a standard that provides a framework for organizations to establish privacy information management systems (PIMS) to ensure compliance with data privacy laws like GDPR. It enhances existing ISO 27001 information security management systems to address privacy requirements and implement the necessary systems and controls to protect personal data and comply with legislation. Certification to ISO 27701 demonstrates that effective processes are in place for handling personal information appropriately but does not guarantee legal compliance.
NQA ISO 27701:2019 - PIM
- 1. ISO 27701:2019 - PRIVACY INFORMATION MANAGEMENT ISO/IEC 27701:2019 is a data privacy extension to ISO 27001 that covers the management of personal data. It provides a framework for organizations looking to put in place systems to support compliance with GDPR and other data privacy requirements. Privacy information management systems are sometimes referred to as personal information management systems (PIMS). ISO 27701 enhances an already implemented information security management system to address privacy requirements and put in place the systems and infrastructure to support compliance to legislation including GDPR. This reduces risk to the privacy rights of individuals and to the organization by enhancing an existing Information Security Management System. What is ISO 27701? NEW
- 2. Who will benefit? This standard is a great way of demonstrating to customers and stakeholders that effective systems are in place to support compliance to GDPR and other related privacy legislation. Implementing a Privacy Information Management System (PIMS) in compliance with the requirements of ISO 27701 will enable organizations to assess, react to and reduce risks associated with the collection, maintenance and processing of personal information. Certification to ISO 27701 does not confirm legal compliance to GDPR however it provides a valuable framework for any company to support their efforts in compliance to legislation. What is the certification process? Organizations looking to get certified to ISO 27701 in order to comply with GDPR will either need to have an existing ISO 27001 certification or implement ISO 27001 and ISO 27701 together as a single implementation audit. ISO 27701 is a natural expansion to the requirements and guidance set out in ISO 27001. The significant overlap in system and technical requirements between a privacy information management system and an information security system presents a compelling case to adopt ISO 27001 and ISO 27701. This is supported by the international recognition of an ISO standard. Where can I find out more? For more information please visit nqa.com or speak to the business development team. Take a look at our toolkit on our website for further help and information. How is this different to ISO 27001? ISO 27701 is set to be the go to standard for compliance with GDPR regulations, in the same way that ISO 27001 is considered to be the ‘gold standard’ for information security management. It aligns to GDPR but also allows organizations to use the standard to incorporate other privacy laws, regulations and requirements that they may encounter globally. This makes it an excellent choice for organizations of all industries and sizes looking to demonstrate their compliance with the ‘accountability’ principle of GDPR. If a client has ISO 27001 certification with an alternative provider we can transfer them to NQA free of charge.