ISO/ IEC 27701

ISO/ IEC 27701

Security techniques—

Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management —Requirements and guidelines

About ISO/IEC 27701

ISO/IEC 27701 extends the requirements and guidelines of ISO/IEC 27001 and ISO/IEC 27002 to include privacy information management. This standard provides a framework for organizations to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS). It focuses on ensuring that organizations can manage personal data effectively, meet regulatory compliance requirements, and mitigate privacy risks. By integrating privacy management with existing information security practices, ISO/IEC 27701 helps organizations enhance their overall data protection strategies.

The standard covers various aspects of privacy management, including data collection, processing, storage, and disposal. It emphasizes the importance of transparency, accountability, and consent in handling personal data. Additionally, ISO/IEC 27701 provides guidelines for conducting privacy impact assessments, managing data breaches, and implementing privacy controls. Adopting this standard can help organizations build trust with stakeholders, demonstrate compliance with privacy regulations, and protect individuals' privacy rights in an increasingly data-driven world.

Type of Audit

  • Certification Audit

Advantages of ISO/IEC 27701

  1. Regulatory Compliance: Ensures adherence to global privacy regulations like GDPR, reducing legal risks and potential fines.
  2. Integrated Management: Expands your current information security system to incorporate privacy management, offering a unified approach to data protection.
  3. Enhanced Data Privacy: Boosts your ability to safeguard personal data and mitigate privacy-related risks effectively.
  4. Increased Trust: Strengthens confidence among customers, partners, and stakeholders by showcasing your commitment to privacy and security.
  5. Competitive Edge: Distinguishes your organization in the market, highlighting your dedication to protecting personal information.

Certification Audit Process

  1. Request for A Proposal
    1. Company interested in certifying against ISO/IEC 27701 requests for a proposal from TUV NORD Thailand
  2. Certification Audit
    1. Stage 1: Documentation Review
    2. Stage 2: On-site Verification
  3. Issue of ISO/IEC 27701 Certificate
  4. Surveillance Audit 1 & 2 (within the next 2 years after the certificate is issued)
  5. Re-certification within the next 3 years after the certificate issued.