WHAT IS THAT'The ISO/IEC 27701 standard is part of the ISO/IEC 27001 series of standards and defines advanced controls for the management of privacy and Personally Identifiable Information (PII ) .
Clarifies how to "improve" (adapt and extend) an ISO/IEC 27001 system in the context of both information security risks and risks associated with the processing of PII, including risks to PII principles.
Being Guidelines, the ISO/IEC 27701 standard is therefore not certifiable.
Nonetheless, as envisaged by the Accredia circular, it is possible to obtain an integration of an existing ISO/IEC 27001 certificate , provided it is issued by a recognized certification body, such as CSQA .
Integration with ISO 27701 is intended to demonstrate the company's ability to ensure data protection .
CSQA is accredited by ACCREDIA .
KEY POINTSThe standard provides guidance for the protection of personal information that varies according to the context of the organization , particularly where national laws and/or regulations exist. ISO/IEC27001 requires that this context be understood and taken into account.
ISO/IEC ISO 27701 includes mapping to:
- privacy framework and principles defined in ISO/IEC29100;
- It helps service providers address applicable legal obligations as well as customer expectations.
- Facilitates the making of agreements with business partners where the treatment of PII is mutually relevant.
- It improves the transparency and credibility of the activities carried out.
- Increase customer trust .