- Free standard delivery
- Best price guaranteed
- Fast same-day shipping
- Over 20 years experience
- Family-run business
BS ISO/IEC 27701:2019
|Format (Paperback, Hardback etc)||A4|
|Brand / Publisher||BSI|
Security techniques. Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management. Requirements and guidelines
What is this standard about?
In anticipation of the changing regulatory landscape and the need for a common set of concepts to tackle personal data protection, ISO and the IEC have developed this standard as a privacy extension to BS EN ISO/IEC 27001 and BS EN ISO/IEC 27002. These two standards deal with requirements for an Information Security Management System (ISMS). BS EN ISO/IEC 27701 deals with how to establish and run a Privacy Information Management System (PIMS) that adds Personally Identifiable Information (PII) security protection to an existing ISMS.
Who is this standard for?
It applies to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organisations. Within these, specifically to: PII controllers (including those who are joint PII controllers)PII processors processing PII within an ISMSWhy should you use this standard?
Because it specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to BS EN ISO/IEC 27001 and BS EN ISO/IEC 27002 for privacy management within the context of the organisation.
It specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.
The standard can help organisations demonstrate compliance with GDPR and other data protection regulations globally by showing that the right measures have been taken to handle personal information, in a way that aligns with regulatory requirements.
Moreover, many organisations have implemented an ISMS based on BS EN ISO/IEC 27001 (and the guidance from BS EN ISO/IEC 27002). This standard provides a natural step for those clients by extending their current ISMS for privacy protection. It reduces complexity by having an integrated approach.
Finally the standard helps create transparency between stakeholders and build trust between organisations; as such it also contributes to more effective and collaborative business agreements.
NOTE: To use BS ISO/IEC 27701 you need to have BS EN ISO/IEC 27001, since BS ISO/IEC 27701 extends the requirements in BS EN ISO/IEC 27001.
If you do not have BS EN ISO/IEC 27001, instead use BS 10012 for your Privacy Information Management System because it doesn't depend on BS EN ISO/IEC 27001.