Build confidence within and outside your business with ISO 27701.
As an internationally recognised Standard, ISO 27701 demonstrates to staff, suppliers, contractors and customers that you have processes in place to help you comply with privacy laws when processing personal information or PII (personally identifiable information).
Based on the requirements of ISO 27001, it includes a set of privacy-specific requirements and controls that help you to create a Privacy Information Management System that will ensure your business is fully equipped to safely manage, process and control personal information.
ISO 27701 has been created as an extension to the Information Security Management Standard (ISO 27001) and specifically looks at the protection of privacy and how businesses manage personal information.
With a wider application compared to other Standards, such as BS 10012, it helps businesses to comply with multiple privacy regulations, such as the EU GDPR (General Information Protection Regulation).
It acts as an enhancement to ISO 27001, enabling businesses to put in place a system that will help them assess, react to, and reduce risks that are linked to the collection, management and processing of personal information. When combined in this way, the two Standards create a Privacy Information Management System (PIMS).
Protecting personally identifiable information (PII) is extremely important. Everyone now has the right to decide how their personal information is managed and organisations have a legal obligation to respond. Technology also makes it easier to transfer such information, making it more readily available – and vulnerable.
ISO 27701 strengthens confidence in a business’ privacy management both inside and outside the business, enhancing its reputation and helping it to avoid large fines for breaches.
ISO 27701 also brings the following benefits:
Unlike the UK-centric BS 10012, the international recognition of this Standard also means that it can help to ensure compliance in any geographic location. So, if your business is active across the globe, ISO 27701 will equip you with the right framework to meet all kinds of privacy laws.
The cost of ISO 27701 depends on several factors. These include your sector, annual turnover, and the number of offices and employees you have.
The price will also depend on whether you have already implemented and achieved certification to ISO 27001. This is because ISO 27701 is an extension of this Standard and the requirements for ISO 27701 go across eight different clauses and six annexes.
If you don’t already have an ISO 27001 information security management system in place, this does not mean you cannot achieve certification. You simply need to implement it at the same time as the ISO 27701, forming a combined ISO 27001/ISO 27701 management system.
To get an idea of price, add your details to our free quote calculator.
ISO 27701 has an Annex SL structure, which means it has a structure of 10 clauses that form the following requirements when grouped together.
ISO 27701 is designed as an extension to ISO 27001. This means that it cannot be implemented on its own. In order to become certified in ISO 27701, you will need to have either an existing ISO 27001 management system or implement ISO 27001 at the same time as ISO 27701.
ISO 27001 and ISO 27701 were designed to be integrated to create a Privacy Information Management System (PIMS). For this reason, you will only need to have one audit, which will involve one checklist. However, due to the additional checks that will need to take place, the audit will be slightly longer, typically around one-and-a-half days.
No, you don’t. However, if you do not have an existing ISO 27001 management system, you will need to implement it alongside ISO 27701. ISO 27701 was created as an extension to ISO 27001 so it cannot exist on its own.
No. However, through ISO 27701 and ISO 27001 you will be able to meet the privacy and information security requirements of the GDPR and other information protection regulations. It will help you to demonstrate that you have processes in place to protect the personal information you process and that you uphold information subjects’ rights, in line with the Regulation’s accountability principle.
ISO 27701 helps to build trust and confidence both within and outside your business. By having ISO 27701, you can reassure others that you know how to protect personal information and keep it safe. It can also help you to remain compliant to international privacy legislation, such as the GDPR, and it clarifies the roles and responsibilities of those who process and handle personal information.
This depends on whether you have an existing ISO 27001. If you do, the timeframe for implementing ISO 27701 is shortened as you already have an existing management structure and will be familiar with the ISO framework.
If you need to implement both ISO 27001 and ISO 27701 simultaneously, then the process will take a little longer as there are some additional processes that need to be created and implemented.
ISO 27701 is not a legal requirement but businesses that frequently process and store information should always ensure that they protect it and handle it correctly. Written by industry experts from around the world, ISO 27701 certification can inspire trust in your business from both internal and external stakeholders.
Both the EU GDPR and the UK DPA 2018 require organisations to ensure the privacy of the personal information they process by taking the appropriate measures. However, neither provides much guidance on what those measures should look like.
The ISO (International Organisation for Standardisation) and the IEC (International Electrotechnical Commission) have therefore developed this new Standard to provide that guidance.
Becoming certified in ISO 27701 builds confidence and trust among internal and external stakeholders. It shows that you have processes in place to protect personal information and that you have a framework that supports your compliance with privacy regulations. This can boost the reputation of your company, increase loyalty among staff members, suppliers and contractors, and give you international recognition.
If your ISO 27001 system was not created by QMS, we will need to assess the compatibility of the two systems before we are able to provide a quotation for certification. This is due to the unknown complexity of your existing system. To find out more, please give our Sales Team a call on 0333 344 3646 or send an email to sales@qmsuk.com.
Becoming certified to ISO 27701 is a straightforward process, whether you are adding it to your existing ISO 27001 system or are implementing both.
If you already have ISO 27001, the process will be a little quicker as you will already have some supportive frameworks in place. However, you will still go through the same three-step process as businesses that are implementing both Standards at once.
During the process, our consultant will also identify your business and team members as information controllers, processors or both. This will depend on whether you are the person (or business) who determines the purposes for which, and the way in which, personal information is processed, or the person (or business) who processes personal information on behalf of the information controller. This early classification will remove unnecessary complexity.
A QMS Consultant will visit your Organisation to review and document your current processes and procedures, highlighting any areas that do not meet the requirements of the Standard.
3 Step Certification
Now its time to make sure any required process or procedural changes are made, as highlighted in the Review. QMS can provide templates to assist you in doing this.
3 Step Certification
An Auditor must now visit your Organisation to check that the documented processed are being followed and that the necessary changes have been made. Once they are satisfied, you will be rewarded with your certification.
3 Step Certification
Once you have achieved certification the certification cycle will commence. This is made up of surveillance and re-certification audits, one of which must take place each year, around the anniversary of your certification. These visits confirm your continued compliance with the Standard and verify the validity of your certification.
Our digital management platform, QMS Connect, means that you can take control of your management systems at any time, in any place.
Equipped with simple navigation, real-time reporting and a collection of guides and videos to help you, QMS Connect is a secure and convenient platform for uploading and amending documents, assigning tasks and accessing a helpdesk ticketing system.
It also helps you engage your teams, capturing information that can hone your business decisions for more repeat customers and better customer satisfaction.
At QMS we are constantly updating our approach and process to meet the latest changes in how ISO 27701 works.
Take your information security systems up a notch and prove that your business knows how to keep personal information safe with a new management system. Introducing ISO 27701…
From 1 January we will no longer be a member of the EU, and this means that there will be changes when it comes to the way we handle personal data. To help you make sure you’re ready, take a look at our Brexit checklist.
COVID-19 is still far from being banished to the back of our minds, but with the dust settling on many hastily put-together remote working solutions, what should businesses do next to shore up their information security?
QMS International use cookies to provide you with a better site experience, enable features and to help us understand how our website is being used.
By continuing, you consent to the use of cookies in accordance with our Cookie Policy
