ISO/IEC 27701:2019 is a data privacy extension of ISO 27001. It guides organizations that want to set up systems to support compliance with GDPR, DPA and other data privacy requirements. ISO/IEC 27701 Privacy Information Management System, PIMS, provides guidance for Personally Identifiable Information (PII) Controllers and PII Processors to manage data privacy.
The ISO/IEC 27001 Information Security Management System standard ensures the confidentiality, integrity and availability of information as well as legal compliance. More than 70,000 organizations worldwide have been ISO/IEC 27001 certified to date, proving that certification is an essential part of protecting your most vital assets.
We offer a comprehensive third-party audit service that assesses your current compliance and identifies potential areas for continuous improvement. CFECERT provides expertise and experience in ISO/IEC 27701 audits to ensure our clients receive comprehensive, careful, supportive and consistent audits.
ISO/IEC 27701 cannot be accredited alone!
Since ISO/IEC 27701 is a privacy extension of ISO/IEC 27001, a certification body must audit both standards — So both accreditation must be from the same certification body.
You should already have ISO/IEC 27001 certification or you should accredited both standards together.
Who should use ISO/IEC 27701?
ISO/IEC 27701 applies to organizations of all types and sizes, including public and private companies, government agencies and non-profits.
Provides guidance for organizations responsible for processing Personally Identifiable Information within the information security management system.
Who might they be?
- Healthcare organizations,
- Organizations providing education services,
- Organizations providing software services,
- Organizations providing travel services,
- Organizations providing consultancy services,
- Organizations that provide customer service,
- Organizations providing call centre services,
- Organizations providing transportation and cargo services,
Differences between ISO/IEC 27001 and ISO/IEC 27701
It deals with ISO/IEC 27001 Information Security and Information Security Management System. Information Security is concerned with the way an organization makes data precise, accessible, and available only to approved employees.
ISO/IEC 27701 deals with Privacy and the implementation of a Privacy Information Management System. Data Privacy relates to the way an organization collects personal and private data and prevents unauthorized disclosure.
The certification audit consists of 2 stages.
The duration of the audit is determined according to the size of your organization, the number of locations and the scope of your certification.
Want to implement an ISO/IEC 27701 management system? Not sure where to start? You can contact us at certification@cfecert.co.uk.
Our accredited certification services under the management of expert auditors:
- ISO/IEC 27001 Information Security Management System,
- ISO/IEC 27701 Privacy Data Management System,
- ISO 27799 Information Security in the Health Sector,
- ISO 22301 Business Continuity Management System,
- ISO/IEC 20000 Information Technology Service Management System,
- ISO 9001 Quality Management System,
- ISO 37001 Anti-Bribery Management System
We have made them more valuable +3500 people for their companies and industry.
Experienced employees make the companies they work for safer, increase business continuity and reduce future risks.
We have hundreds of training course services under the following headings;
- Privacy and Data Protection,
- Quality and Service Management,
- Governance, Risk and Compliance,
- Business Continuity and Recovery,
- Information Security,
- Automotive Industry,
- Health Service,
- Self-improvement
