Home » ISO Certification » ISO 27701

ISO 27701

Privacy Information Management System

ISO 27701, also known as ISO/IEC 27701, is the global standard for Privacy Information Management Systems (PIMS), also known as the PIM system. Developed by ISO, it helps organisations to better protect sensitive customer and employee data, reduce the risk of security breaches and provide accountability for safeguarding privacy.

Get Started Today

Enter your details below to get started on
your journey to certification.

What Is ISO 27701?

ISO 27701 is the world’s first international standard focusing on Privacy Information Management Systems. It provides a comprehensive framework for organisations, regardless of size or complexity, to establish, maintain and enhance their PIMS based on ISO/IEC 27001 and 27002 guidelines. Prior certification to ISO/IEC 27001 is necessary.

By obtaining 27701 certification, organisations can:

• Implement best practices for managing and safeguarding personal information.
• Minimise the risk of data breaches or mishandling.
• Develop practical solutions to address privacy requirements.
• Become compliant with data protection regulations, including GDPR.
• Foster a culture of privacy and data security.

ISO 27701 certification offers a reliable framework for Personal Information Management Systems to safeguard Personally Identifiable Information (PII), reducing the risk of data breaches and ensuring compliance with relevant regulations.

What Are the Benefits of ISO 27701?

Enhanced security

Risk mitigation

Compliance assurance

Data protection

Competitive edge

Transparent process

Customer trust

Improved reputation

Efficient management

Employee awareness

Continuous improvement

Legal confidence

Key Requirements of ISO 27701

The ISO 27701 standard outlines a number of requirements that organisations must meet to demonstrate their commitment to information security and protection. These include:

Privacy risk assessment

Identify and assess information privacy risks associated with processing Personally Identifiable Information, including which users have access and storage methods.

Privacy policies & procedures

Develop comprehensive privacy policies and procedures aligned with ISO/IEC 27001 and legal regulations to best protect sensitive customer and employee data.

Privacy roles & responsibilities

Define roles and responsibilities related to privacy within the organisation across teams, ensuring only authorised access is given to select individuals to reduce informational risks.

Personal information asset management

Classify all information assets based on importance and sensitivity, and implement controls to protect them, including multiple layers of software and passwords.

Asset control for privacy

Restrict access to personal information and the PIMS to authorised personnel only to reduce the chances of ransomeware attacks and data breaches.

Privacy awareness training

Train and raise awareness among all employees in all departments regarding privacy and the protection of PII, including risks to watch out for and potential consequences.

Privacy incident response

Develop a privacy incident response plan to handle incidents effectively and quickly with as minimal interruption and impact to daily operations and your customers.

Monitoring & measuring privacy controls

Regularly and consistently collect data to measure the effectiveness and security of privacy controls and make efficient improvements as and when is necessary.

Why You Should Choose Amtivo

• Ireland-based team that understands your needs
• Five-star ratings, independently reviewed via Feefo
• A wide range of training courses to build your expertise
• Access to a global team with global resources

Get Started Today

Becoming Certified

STEP 1

STEP 2

STEP 3

STEP 4

STEP 5

Stage One The initial assessment determines if the mandatory requirements of the standard are being met and if the management system is capable of proceeding to
Stage Two.

Stage Two The second assessment determines the effectiveness of the system, and seeks to confirm that the management system is implemented and operational.

Recommendation for Certification At this point in the process we review any corrective actions taken to address findings raised at Stage 1 & 2. Certification may be recommended.

Certification Review & Decision The organisations files are reviewed by an independent and impartial panel and the certification decision is made.

Certification Achieved Successful certification is communicated to the client. Certificates are issued.

STEP 1

Stage One The initial assessment determines if the mandatory requirements of the standard are being met and if the management system is capable of proceeding to
Stage Two.

STEP 2

Stage Two The second assessment determines the effectiveness of the system, and seeks to confirm that the management system is implemented and operational.

STEP 3

Recommendation for Certification At this point in the process we review any corrective actions taken to address findings raised at Stage 1 & 2. Certification may be recommended.

STEP 4

Certification Review & Decision The organisations files are reviewed by an independent and impartial panel and the certification decision is made.

STEP 5

Certification Achieved Successful certification is communicated to the client. Certificates are issued.

Implementing ISO 27701

Elevating your Privacy Information Management System (PIMS) to meet ISO 27701 standards is a collective effort involving a variety of departments. Training courses are essential to prepare your teams and support them in understanding this certification. Amtivo offers a variety of ISO 27701 training courses, both online and face-to-face, to meet your needs. 

Our trainer-led courses are delivered by privacy information management experts, these courses cover implementation strategies, auditing techniques and continuous improvement practices.

ISO 27701 Training Course

• PIMS Workshop

Related Resources

ISO Buyer’s Guide

Download our ISO Buyer's Guide to read our expert tips and learn how you can simplify the certification process.

Learn More

Steps to ISO Certification

Our ISO Certification Guide provides a comprehensive introduction to the assessment process covering everything from pre-assessment to recertification audits.

Learn More

Certification Process

Download our free guide to learn the simple steps required to achieve certification and discover how the process works.

Learn More

See All Resources

Related Insights

ISO 27001 guide for beginners

Discover more about ISO 27001 and how an information security management system can benefit your organisation with our beginner's guide.

Learn More

What are the security issues in cloud computing?

Read our tips on how to address security issues in cloud computing, and how best to protect your organisation using cloud

Learn More

What is Big Data? Challenges and solutions

Understand Big Data and discover the solutions to issues that organisations can face. Learn how ISO 27001 can help your business.

Learn More

How to handle a subject access request (SAR)

Learn about the procedures and systems you need to handle a Subject Access Request – and the benefits of ISO 27001.

Learn More

See More Insights

ISO 27701 FAQs

What is ISO 27701:2019?

ISO 27701:2019 is the latest edition of the international standard. We assess and audit organisations in line with the most up-to-date ISO certification requirements.

What industries implement ISO 27701?

ISO 27701 certification is suitable for any organisation, large or small, in any sector. The standard is especially relevant where the protection of personal information is critical, such as in the financial, health, public and IT sectors. The standard is also applicable to organisations that manage high volumes of data or information on behalf of other organisations, such as data centres and IT outsourcing companies.

Do I need to be ISO 27001-certified first?

Companies must be certified to ISO 27001 Information Security Management System first before adding the ISO 27701 Privacy Information Management standard. The information security management standard is valid for three years and is subject to mandatory audits to ensure compliance.

When you become certified in ISO 27701, you don’t receive a physical certificate – your ISO 27001 certificate is updated to reflect this.

What is ISO 27001?

ISO 27001 is the international standard used by organisations worldwide to manage information security. It was first created by the International Organization for Standardization.

 

How long does ISO 27701 certification last?

ISO 27701 is valid for three years and is subject to mandatory audits to ensure compliance.

At the end of the three years, an organisation will be required to complete a reassessment audit to receive the standard for an additional three years.

Sign Up to Our Newsletter

Enter your details below to ensure you stay up to date with all the latest certification news and expert insights.

Related ISO Certifications

ISO 9001

Certification to ISO 9001 is one way to demonstrate to stakeholders and customers that you are committed and able to consistently deliver high quality products.

Learn More

ISO 14001

Want to better manage your environmental impact and lower costs? Amtivo offers comprehensive ISO 14001 certification, auditing and training.

Learn More

ISO 45001

Comply with occupational health and safety regulations and reduce insurance premiums with an ISO 45001 certification.

Learn More

ISO 50001

Reduce energy usage, lower operation costs and reduce your business's impact on the environment with an ISO 50001 Certification for energy management.

Learn More

ISO 13485

Ensure your medical device business is complying with industry regulation and effectively manage risk with Amtivo's globally recognised ISO 13495 certification.

Learn More

ISO 27001

Protect customer data, avoid security risks, demonstrate compliance and stay competitive with an ISO 27001 certification for your ISMS. Contact us for a free quote.

Learn More

ISO 27017

Boost cloud data security and comply with strict data regulations with an ISO 27017 certification.

Learn More

ISO 27018

An ISO 27018 certification helps secure Personally Identifiable Information (PII) data, protecting you from data breaches and lawsuits.

Learn More

ISO 20000-1

With an Amtivo ISO 20000-1 certification, your business can showcase its commitment to delivering satisfying and high-quality, yet cost-efficient, IT services.

Learn More

ISO 22301

Protect your business from disruption and disaster with an ISO 23001 certification from Amtivo.

Learn More

ISO 20121

An ISO 20121 certification for event sustainability management can help you reduce waste and energy usage, boosting your company reputation and delivering a competitive edge.

Learn More