At MorganHill, we specialize in offering a wide-range of services relating to ISO 27701, ISO the international standard designed to help organizations establish, maintain, and continually improve a Privacy Information Management System (PIMS). A PIMS serves as a framework for maintaining and improving privacy governance and data protection, which includes not just technological measures but also operational processes, human resources, policies, and legal measures.

Additional services offered by MorganHill for ISO 27701 include the following:

Data Mapping and Classification

• Data Inventory and Mapping: Assist in identifying and classifying types of personal data processed by the organization.
  
  
• Data Flow Analysis: Examine how personal data flows within the organization and identify any potential vulnerabilities.

Policy and Procedure Development

• Policy Creation: Assist in drafting privacy policies compliant with ISO 27701.
  
  
• Procedure Guidelines: Develop detailed procedures and work instructions related to the handling of personal data.

Legal and Regulatory Compliance

• Legal Requirements: Provide guidance on legal obligations related to data protection and privacy.
  
  
• Regulatory Mapping: Align ISO 27701 efforts with other compliance requirements such as GDPR, CCPA, or HIPAA.

Training and Awareness Programs

• Employee Training: Conduct employee training on privacy principles and practices.
  
  
• Management Training: Offer specialized training for management to understand the implications and responsibilities related to ISO 27701.

Internal Audits

• Audit Planning: Help in planning and scheduling internal audits for privacy management.
  
  
• Audit Execution: Conduct internal audits to assess compliance with ISO 27701.
  
  
• Audit Reporting: Provide detailed reports of audit findings along with recommendations for improvement.

Documentation and Record-keeping

• Document Management: Advise on the creation, maintenance, and secure storage of essential privacy-related documents.
  
  
• Record-keeping Strategy: Develop and implement record-keeping practices for tracking privacy activities and demonstrating compliance.

Certification Support

• Preparation for External Audit: Assist in preparing the organization for the external certification audit.
  
  
• Certification Guidance: Offer advice on selecting a certification body and guide through the certification process.
  
  
• Remediation Support: Assist in addressing any gaps or issues identified during the certification audit.

Post-Certification Services

• Continuous Monitoring and Improvement: Help establish mechanisms for ongoing monitoring, reporting, and continuous improvement of the PIMS.
  
  
• Recertification Support: Provide ongoing support for maintaining ISO 27701 certification, including preparation for recertification audits.

Vendor Management

• Third-party Assessment: Evaluate third-party vendors for their compliance with privacy standards.
  
  
• Vendor Risk Management: Develop strategies for managing privacy risks associated with third-party vendors.

By employing a range of these services offered by MorganHill, organizations can navigate the complex landscape of privacy management effectively and achieve ISO 27701 certification, thereby demonstrating their commitment to privacy and data protection. 

MorganHill also offers industry leading services for ISO 27001, 22301, 9001, 14001, and 45001. 

Additionally, we offer a wide range of regulatory compliance services, along with other specialty services.  Furthermore, we offer world-class ISMS security documentation and other specialty documents for today’s growing cybersecurity and data privacy reporting requirements