ISO/IEC 27701 is the international standard that serves as an extension to an ISO 27001/ ISO 27002 ISMS (information security management system). It provides guidelines for implementing, maintaining and continually improving a PIMS (privacy information management system).
Almost every organisation holds PII (personally identifiable information).
This standard is ideal for organisations wishing to implement a PIMS that supports their ISMS objectives and helps meet their data privacy compliance requirements, such as those stipulated by the EU’s GDPR (General Data Protection Regulation) and the UK’s DPA (Data Protection Act) 2018.
ISO/IEC 27701 supports an established ISMS aligned to ISO/IEC 27001, because it extends the requirements outlined in ISO/IEC 27001.
If you do not have an ISO 27001-compliant ISMS, we recommend you purchase BS 10012:2017 for your PIMS, as it doesn’t depend on an already-established ISMS.