What is ISO/IEC 27701?
ISO/IEC 27701 is the international standard for a Privacy Information Management System (PIMS). It’s a privacy extension to ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Security Controls.
It provides guidance and requirements on the protection of privacy, helping both personally identifiable information (PII) processors and PII controllers to put robust data processes and controls in place. This means you can demonstrate accountability for managing PII, instil trust and build strong business
relationships.
What kind of organizations can benefit from ISO/IEC 27701?
ISO/IEC 27701 is ideal for all types and sizes of organizations who want to demonstrate that they take protecting personal information seriously.
Whether you’re a public or private company, government entity or not-for-profit organization, if your organization is responsible for processing PII within an information security management system then ISO/IEC 27701 is for you.
Specific organizational roles include:
- PII controllers (including those who are joint PII controllers)
- PII processors
