The ISO 27701 standard is an extension of the ISO 27001 standard for information security. With the ISO 27701 standard you demonstrate that you meet the requirements of the GDPR .

 

Why the ISO 27701?

Many companies process personal data that is seen as privacy sensitive information. This is likely to increase in the coming years. Standard 27701 provides guidelines for the protection of this personal data. The 27701 also helps to comply with privacy laws. Something that will only become more important for consumers and customers. ISO 27701 is not mandatory, but it does demonstrate that your management system is designed to comply with legal frameworks regarding privacy.

 

Privacy Information Management System

The 27701 standard provides specific tools for supplementing an Information Security Management System (ISMS) with a Privacy Information Management System (PIMS). Additional control measures aimed at personal data are added to all parts of the ISMS. If your organization is already certified for ISO 27001 or NEN 7510, the desired additional measures from ISO 27701 are relatively easy to organize.

 

The main advantages of a PIMS:

• As an organization you can demonstrate compliance with privacy legislation.

• It creates confidence in the handling and management of personal information.

• It improves internal competencies and processes to prevent a data breach.

• Clarifies the roles and responsibilities within the organization.

 

Guidance with the implementation of ISO 27701

ISO 27701 is an addition to ISO 27001. To implement this standard, you as an organization will therefore also have to comply with ISO 27001. We can guide you to both certifications. You won't get any vague technical terms and thick books of us, but clear language and understandable documentation.

​

In 5 steps to ISO 27701

1. Intake; what are the needs and what can we do for you?

2. Gap analysis; what is the existing situation and where do we want to go?

3. Plan of action; a tailor-made plan which steps must be taken to meet all requirements.

4. Realization; execution of the aforementioned steps, if desired with the support of our consultants.

5. Audit; we take care of the internal audits. We can also provide support during the certification audit.

Read more about our working method here.