Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
ISO/IEC 27701: What it is?

ISO/IEC 27701: What it is?

The standard ISO/IEC 27701:2019 specifies the requirements and offers a guideline in order to always establish, implement, maintain and improve a PIMS (Privacy Information Management System) by a set of requirements, controls aims and controls which integrate and extend what it is defined into the standard ISO/IEC 27001:2013 for managing the security of information.

The organizations that have already implemented a ISMS (Information Security Management System) according to ISO/IEC 27001 will be able to use the ISO/IEC 27701 in order to extend the coverage of the security information into privacy management, also including the personal data processing (PII – Personally Identifiable Information), in order to demonstrate the compliance with mandatory legislations about personal data protection like the GDPR (see article 42 – General Data Protection Regulation (EU) 2016/679).

The organizations which have not a ISMS can also implement ISO/IEC 27001 and ISO/IEC 27701 simply extend the provided requirements by the 27001 and by its “code of conduct” (ISO/IEC 27002), and it is not necessary to realize two management systems and/or different implementation systems.

The ISO/IEC 27701 standard has been projected in order to be used by all the organizations, as data controller or processor. Like for the ISO/IEC 27001, the legislation in focused on a risks approach in order that each organization that want to be and keep in compliance with specific risks about personal data processing and privacy to which it is submitted. The legislation is applicable to all the organizations, no matter what dimensions or activity sector.

The ISO/IEC 27701 standard provides requirements and guidelines for building, implementing, maintaining and constantly improving a PIMS, whether the organization operates as the Data Controller or as the Data Processor.

SOURCE: FEDERPRIVACY

Recommended to you

Advanced Research