ISO 27701

ISO (International Organization for Standardization)
ISO  27001 and ISO  27002 extension
Privacy management

You know that privacy has become a society wide need that affects all sectors of activity.

You want to be able to confidently manage the privacy risks of the data your organization holds/processes.

You need to show your teams that privacy is not just the responsibility of data managers or IT departments, but of everyone who interacts with personal data.

You are looking for a simple and effective way to address the issue of generalization of consistent data processing practices within your organization.

 

What is ISO 27701 ?

ISO/IEC 27701 is a privacy extension to ISO/IEC 27001 and ISO/IEC 27002. The aim of this standard is to enhance the existing Information Security Management System (ISMS) with additional requirements, in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS).  

ISO is an independent, non-governmental international organization with a membership of 165 national standards bodies. Through its members, it brings together experts to share knowledge and develop voluntary, consensus-based, market relevant international standards that support innovation and provide solutions to global challenges. 

ISO/IEC 27701 outlines a framework for Personally Identifiable Information (PII) Controllers and Processors to manage privacy controls to reduce the risk to the privacy rights of individuals. This standard is intended to be a certifiable extension to ISO/IEC 27001 certifications. This means that organizations planning to seek an ISO/IEC 27701 certification, will also need to have an ISO/IEC 27001 certification. 

This solution will help you to fulfill the requirements of ISO/IEC and moreover, to stay compliant with it. 

Use our software solution to prepare for ISO 27701 certification

The implementation of a privacy management system (PIMS) requires the establishment of an information security management system, which can be extended to privacy at a later stage. Organizations therefore need to study their systems and processes and then to implement controls.

1. Managing responsible governance for compliance with your structure

  • Ready to use or fully customizable: be operational in one to thirty days.
  • Friendly interfaces.
  • Coverage of all your current and future compliance needs.
  • Step-by-step steps, adapted from beginner to expert.
  • Unlimited users.
  • Tutorials for self-learning the solution.
  • Premium online support.
  • A global and instantaneous view of the state of data compliance in the information system and compliance with ISO 27701 requirements.
  • Performance indicators.
  • Dashboards and custom reports.
  • Harmonized working methods.

2. Identifying your compliance with the requirements for your structure

  • Clarify complexities by reconciling requirements, checkpoints and compliance actions common to your obligations.
  • Pre-identification of requirements applied by granularity (Organization, Subcontractor, …).
  • Proof of compliance, non-applicability required for each point of requirement.
  • Collaborative audits and controls.

3. Creating and prioritizing actions to be carried out if non-compliant

  • A structured, intuitive and collaborative framework for continuous improvement.
  • Single entry.
  • Automated action plan with pre-powered modifiable recommendations.
  • Managing collaborative compliance actions.
  • Action accountability .

4. Risk management with a reviewed and regularly updated best practices guide

Implementation guide provided for each requirement point

5. Compliance Documentation to Prove Your Compliance

Mandatory documentation as part of the implementation and certification.

  • Training of a proof base for audit and/or certification track.
  • Documentary Management Centre.
  • Consistency of documentation.

6. Training and Awareness

Team formation, with integrated training register.

7. Contrôles et Audits de Conformité

  • Preparing your audits and/or certification.
  • Collaborative questionnaires.
  • Automatic analysis of results.
  • Guide in the preparation of your certification.
NB: ISO 27701 includes both ISO 27001 requirements and ISO 27002 compliance measures. It is accredited by SGS. It should be noted, finally, that the text of the standard and its rights of use are not provided and can be purchased separately.

Smart Global Governance solutions can be enabled independently of each other depending on the level of compliance you want to address.

Additional benefits

Smart Global Governance  is the operational software solution to automate key processes in Ethics, Compliance    and Controls. It can be used for implementation and compliance management with all local and international regulations as well as internal controls and procedures.