Skip to main content

Introduction to ISO/IEC 27701:2019 | An Important Extension to 27001

ISO/IEC 27701 is an international standard that provides guidelines for implementing and maintaining a Privacy Information Management System (PIMS) based on the requirements of ISO/IEC 27001, which is the internationally recognized standard for information security management. ISO/IEC 27701 focuses specifically on privacy management within the context of an organization's overall information security management system.

The purpose of ISO/IEC 27701 is to help organizations establish, implement, maintain, and continually improve a privacy framework that aligns with applicable privacy laws and regulations. It provides guidance on the protection of personally identifiable information (PII) and other privacy-related information.

ISO/IEC 27701 outlines a set of controls and processes that organizations can adopt to manage privacy risks effectively. Some of the key areas covered by the standard include:

  • Privacy risk management: Establishing a systematic approach to identify, assess, and manage privacy risks associated with the processing of PII.

  • Privacy by design: Integrating privacy requirements and considerations into the design and development of products, services, systems, and processes.

  • Legal and regulatory compliance: Ensuring compliance with relevant privacy laws, regulations, and contractual obligations.

  • Data subject rights: Implementing mechanisms to address data subject rights, such as access, rectification, erasure, and objection.

  • Incident management and breach notification: Establishing procedures for handling and responding to privacy incidents, including breach notification obligations. If you're using a cloud provider, you need to have a well-documented incident response program in place for AWS, Microsoft Azure, GCP, or some other type of environment.

  • Supplier and third-party management: Assessing and managing the privacy risks associated with the use of suppliers and third parties who process PII on behalf of the organization. This is achieved by implementing a Third-Party Risk Management (TPRM) program.

By implementing ISO/IEC 27701, organizations can demonstrate their commitment to privacy management and build trust with stakeholders, including customers, partners, and regulatory authorities. It provides a framework for organizations to establish a comprehensive privacy management system and ensures that privacy considerations are embedded throughout their operations.

Talk to MorganHill today and Get the Answers You Need

Scope: We'll help you define important scoping parameters.

Documentation: We'll help you develop all required policies and procedures.

Guidance: We'll guide you through the ISO/IEC process from start to finish.

One Price: Our fees for all services are fixed.

Wherever you are in North America, Europe, Africa, or Asia, MorganHill is ready to assist.

Expertise: Since 2006, we have been an industry leader for ISO/IEC.

Knowledge: We've worked with every ISO/IEC standard currently in print.

Industry: We've worked in every major industry/sector.

Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input

Four months after completing all necessary pre-certification work, the organization obtained ISO/IEC 27001 certification from an accredited ISO ANAB body that we recommend to them.

Obtained ISO 27001 certification from an accredited ISO ANAB body that I recommend to them.

Four months after completing all necessary pre-certification work, the organization obtained ISO 27001 certification from an accredited ISO ANAB body that we recommend to them.

Three months after completing all necessary pre-certification work, the organization obtained ISO/IEC 27001 certification from an accredited ISO ANAB body that we recommend to them.