ISO 27701:2019

Privacy Information Management System (PIMS)

7

ISO 27701:2019 is an extension of the ISO 27001 Information Security Management System (ISMS), designed specifically to address privacy information management.

It provides a framework for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS). ISO 27701 helps organisations manage personal data (Personally Identifiable Information – PII) in compliance with various privacy regulations, such as the EU GDPR and POPIA.

Key Components of 27701

  • Privacy Framework: Extends ISO 27001 by adding requirements and guidelines specifically related to the protection of PII.
  • Roles and Responsibilities: Establishes clear responsibilities for data controllers and data processors to ensure compliance with privacy requirements.
  • Privacy Risk Management: Integrates privacy risk assessments into the existing ISMS to manage risks associated with the processing of personal data.
  • Privacy Notices and Consent Management: Helps organisations create transparent privacy notices and manage data subjects’ consent effectively.
  • Data Subject Rights: Ensures procedures are in place to address the rights of data subjects, such as the right to access, correct, or delete their personal data.

TotalCert Consulting’s Services for ISO 27701:2019

Gap Assessment

  • We begin by conducting a Gap Analysis to identify where your current information security and privacy practices diverge from the requirements of ISO 27701.
  • This helps in understanding the areas needing improvement to meet the standard’s requirements.

Implementation Support

  • Policy and Procedure Development: We assist in developing policies and procedures to meet ISO 27701 requirements. This includes privacy impact assessments, data subject rights procedures, and privacy policy updates.
  • Risk Assessment and Treatment: Our team helps integrate privacy risk assessments into your existing ISMS, providing a comprehensive approach to managing risks associated with personal data processing.
  • Roles and Responsibilities: We work with your team to clearly define the responsibilities of data controllers and processors, ensuring accountability.

Policy and Procedure Development

  • We assist in developing policies and procedures to meet ISO 27701 requirements. This includes privacy impact assessments, data subject rights procedures, and privacy policy updates.

Risk Assessment and Treatment

  • Our team helps integrate privacy risk assessments into your existing ISMS, providing a comprehensive approach to managing risks associated with personal data processing.

Roles and Responsibilities

  • We work with your team to clearly define the responsibilities of data controllers and processors, ensuring accountability.:
  • Awareness Training: We offer training sessions to create awareness of privacy obligations among your staff.
  • Lead Auditor Training: For organisations aiming to build internal audit capabilities, we provide lead auditor training focused on ISO 27701 and ISO 27001, ensuring effective internal audit processes.

Internal Audit and Readiness Review

  • We conduct internal audits to evaluate your organisation’s compliance with ISO 27701 before the external certification audit. This helps identify and rectify any issues in advance.
  • Our auditors prepare detailed audit reports with actionable recommendations to ensure a successful certification process.

External Audit Facilitation

  • Audit Coordination: We coordinate the external audit with a globally Recognised and accredited certification body, ensuring a smooth process.
  • Certification Audit Support: Our experts work closely with your team during the external audit to address any questions or issues raised by the auditors.

Certification and Beyond

  • Accredited Certification: We facilitate the certification process through certification bodies accredited under the International Accreditation Forum (IAF), ensuring your certification is Recognised globally.
  • Ongoing Compliance Support: Post-certification, we offer ongoing support to help your organisation maintain compliance. This includes periodic reviews, updates to policies, and continuous improvement measures.

Project Timeline

The typical timeline for ISO 27701 implementation and certification ranges from three and a half to four and a half months, depending on the organisation’s size, complexity, and availability of resources to complete the required steps. This includes the gap analysis, documentation development, training, internal audits, and certification.

Certification Bodies

At TotalCert Consulting, we partner only with globally Recognised certification bodies accredited under the IAF.

This ensures that your ISO 27701 certification is credible and meets international standards.

Why Choose TotalCert Consulting ISO 27701:2019 ?

Expertise in Privacy and Information Security

Our team of experienced consultants and lead auditors are well-versed in both information security (ISO 27001) and privacy management (ISO 27701), providing a holistic approach.

Tailored Implementation

We tailor our implementation strategies to fit your organisation’s unique needs, ensuring the PIMS is practical and effective for your specific business context.

Complete Guidance

From the initial gap analysis to the issuance of the certificate, we provide complete support, making the journey to certification smooth and straightforward.