ISO 27701 Certification

ISO 27701 certification allows data controllers and data processors to demonstrate compliance with a broad scope of privacy laws, such as GDPR and CCPA. An extension of ISO 27001 – one of the most widely accepted standards for information security management – ISO 27701 provides additional standards for implementing and maintaining a Privacy Information Management System (PIMS). By allowing you to satisfy multiple privacy requirements with one set of controls – and by providing a single framework to audit against – it can significantly streamline your compliance efforts.

360 Advanced ISO 27701 Services

Our ISO 27701 Certification Services

At 360 Advanced, we can help you achieve – and maintain – ISO 27701 certification.

Readiness Assessment

If you are implementing ISO 27701 for the first time, 360 Advanced can help you understand the requirements as they apply to your business. We can identify the standards that you are required to meet based on the types of data that you handle, then map these requirements to ISO 27701 controls. We can also identify any additional requirements that are not encompassed by the standard controls, and the conditions under which these requirements apply. From there, we can help you determine how your existing system compares to these standards, and which controls require remediation before your organization can become ISO-certified.

Audits

360 Advanced can formally audit your Privacy Information Management System against ISO 27001 standards, including the 27701 extension. If your PIMS meets the minimum requirements, we will issue a report validating certification. You can use this independent, third-party report to communicate your compliance efforts to regulatory bodies, stakeholders, customers, and business partners.

New to ISO 27701? Learn More about the Requirements.

 

ISO 27701 is designed to complement ISO 27001. Because ISO 27001 provides the security controls that provide an essential foundation for privacy efforts, ISO 27001 certification is a pre-requisite for ISO 27701. However, ISO 27701 introduces new controls that are specific to controllers and processors of personally identifiable information.

ISO 27701 Privacy Requirements

Like ISO 27001, the ISO 27701 privacy framework does not require organizations to implement every control in every situation. Instead, compliance relies on a risk-based approach; you can apply relevant controls based on the way you use your information management system.

The framework prescribes different requirements for data processors and data controllers. However, common requirements for ISO 27701 certification include:

  • Employees that have access to personal data must sign a confidentiality agreement and complete a privacy awareness training program.
  • Organizations must have a public-facing privacy policy.
  • Organizations must complete a privacy risk assessment to identify potential threats.
  • Organizations must appoint a responsible individual for their governance and privacy program.
  • Organizations must have a documented incident response plan.
  • Organizations must keep a record of all activities and systems through which personal information is processed.
  • Organizations must implement appropriate mechanisms to accommodate individuals’ rights to access, correct, and erase their PII.
  • Data controllers must have documented agreements with data processors regarding the access and protection of PII.

How does ISO 27701 Realted to GDPR?

ISO 27701 sets the framework for compliance with a variety of regulations. The standards can be mapped to:

  • GDPR
  • ISO/IEC 29100
  • ISO/IEC 27018
  • ISO/IEC 29151

Mappings to other privacy standards, such as CCPA and HIPAA, are expected in the future, allowing organizations to demonstrate compliance with an even broader spectrum of privacy laws.

While many organizations use their ISO 27701 certification to communicate their GDPR compliance efforts, it is important to note that the certification is not currently recognized as an official GDPR certification. However, it may be considered a potential path to certification in the future.

Learn More about an Integrated Compliance Strategy with our Guide

Integrating your compliance needs into one strategy can save your business time and money. Download our free guide to find out how.

Begin your ISO Certification
Audit today!

Facing compliance, cybersecurity, or privacy challenges? We’re here for you. Fill out the contact form, and within 24 hours, our team will provide the expert guidance you need.

360 Cyber Resources

Explore a wealth of knowledge in our client stories, insightful blogs, cutting-edge white papers, and the latest press releases—your gateway to a repository of expertise and industry insights.