ISO Standard Cert

HOME > ISO Standard Cert > ISO 27701 Privacy Information

ISO 27701 Privacy Information

ISO 27701 (Privacy Information Management System) Overview

ISO 27701 is the first global privacy management system standard. ISO 27701 is an extension of ISO 27001, and ISO 27701 includes requirements, specific goals, and management means related to the establishment of a Privacy Information Management System (PIMS).
ISO 27701 is an important step in protecting personal information. ISO 27701 meets existing regulations by providing organizations with practical guidance on how to act on data and privacy. These guidelines allow you to comply with applicable regulations such as the GDPR (European Union Personal Information Protection Act) while protecting PII (Personal Information).
As ISO 27701 standards are based on ISO 27001 and ISO 27002, requirements and guidelines are expanded in consideration of privacy protection of PII security topics that may be affected by PII processing in addition to information security. In other words, when the term "information security" is used in ISO 27001 or ISO 27702, the term "information security and personal information" is applied instead in ISO 27701.
ISO 27701 (Privacy Information Management System) Feature and backgrounds
Recently, there has been a growing demand for guidelines on how organizations should manage and process data to reduce threats to personal information in dynamic environments. As a result, new international standard-type guidelines will work strongly on how organizations manage their personal information and help them comply with various privacy-related regulations being updated around the world, which was the background of ISO 27701 for privacy information management.

ISO 27701 (Privacy Information Management System) Contents

No. Title
4 General
4.1 Structure of this document
4.2 Application of ISO/IEC 27001:2013 requirements
4.3 Application of ISO/IEC 27002:2013 guidelines
4.4 Customer
5 PIMS-specific requirements related to ISO/IEC 27001
5.1 General
5.2 Context of the organization
5.3 Leadership
5.4 Planning
5.5 Support
5.6 Operation
5.7 Performance evaluation
5.8 Improvement
6 PIMS-specific guidance related to ISO/IEC 27002
6.1 General
6.2 Information security policies
6.3 Organization of information security
6.4 Human resource security
6.5 Asset management
6.6 Access control
6.7 Cryptography
6.8 Physical and environmental security
6.9 Operations security
6.10 Communications security
6.11 Systems acquisition, development and maintenance
6.12 Supplier relationships
6.13 Information security incident management
6.14 Information security aspects of business continuity management
6.15 Compliance
7 Additional ISO/IEC 27002 guidance for PII controllers
7.1 General
7.2 Conditions for collection and processing
7.3 Obligations to PII principals
7.4 Privacy by design and privacy by default
7.5 PII sharing, transfer, and disclosure
8 Additional ISO/IEC 27002 guidance for PII processors
8.1 General
8.2 Conditions for collection and processing
8.3 Obligations to PII principals
8.4 Privacy by design and privacy by default
8.5 PII sharing, transfer, and disclosure

ISO 27701 (Privacy Information Management System) Introduction Effectiveness and Necessity

  • 1) Personal information protection and trust building.
    All stakeholders, including clients, employees, and regulators, are calling for organizations to take better action to protect information and personal information. ISO 27701 certification serves as an independent and fair approval to demonstrate your commitment to privacy and best practices. Through this certification, trust can be built and competitive advantage can be secured.

    2) Certification of compliance with laws and regulations.
    ISO 27701 certification alone cannot confirm that the organization complies with the GDPR (European Union General Privacy Act). However, ISO 27701 certification provides a logical and effective framework for businesses to use to support efforts to comply with various privacy laws and regulations.

    3) Building a more systematic integration system.
    To obtain ISO 27701 certification, you must implement both standards that have already received ISO 27001 certification or can be reviewed through integrated screening. An integrated system that complies with both ISO 27001 and ISO 27701 standards can demonstrate a systematic information security management system that adequately handles changing requirements and expectations related to privacy management.
The U.S. Certification Body is constantly striving to become a company of client satisfaction by securing sincere and experienced judges so that domestic and foreign companies can implement ISO 27701, which is internationally recognized. In addition, through the ISO 27701 program of the U.S. Certification Institute, you can pioneer the global market by improving international awareness and improve marketability by satisfying requirements and improving product reliability.