ISO 27701 Certification
Privacy Information Management System

ISO 27701 is designed as an extension to ISO 27001. This means that it cannot be implemented on its own. In order to become certified in ISO 27701, you will need to have either an existing ISO 27001 management system or implement ISO 27001 at the same time as ISO 27701.

ISO 27001 and ISO 27701 were designed to be integrated to create a Privacy Information Management System (PIMS). For this reason, you will only need to have one audit, which will involve one checklist. However, due to the additional checks that will need to take place, the audit will be slightly longer, typically around one-and-a-half days.

No, you don’t. However, if you do not have an existing ISO 27001 management system, you will need to implement it alongside ISO 27701. ISO 27701 was created as an extension to ISO 27001 so it cannot exist on its own.

No. However, through ISO 27701 and ISO 27001 you will be able to meet the privacy and information security requirements of the GDPR and other information protection regulations. It will help you to demonstrate that you have processes in place to protect the personal information you process and that you uphold information subjects’ rights, in line with the Regulation’s accountability principle.

ISO 27701 can be implemented by any organisation, whether you are a public or private company, government organisation or not-for-profit. It can help protect the privacy of information if your business has any part in controlling or processing personal information, and it can also help to ensure that you meet legal obligations when handling that information.

So, if you would like to give people both inside and outside your business confidence that you handle information correctly and keep it safe, an ISO 27701 can help you to form a robust Privacy Information Management System (PIMS).

The cost of ISO 27701 depends on several factors.

If you do not yet have an ISO 27001 management system, you will need to implement it alongside the ISO 27701.

If you already have an ISO 27001 management system, you will only need to buy the ISO 27701. The cost of this then depends on the size of your business, its complexity and some other factors.

To get a quote, use our free calculator or get in touch on 0333 344 3646 or email quote@qmsuk.com.

ISO 27701 helps to build trust and confidence both within and outside your business. By having ISO 27701, you can reassure others that you know how to protect personal information and keep it safe. It can also help you to remain compliant to international privacy legislation, such as the GDPR, and it clarifies the roles and responsibilities of those who process and handle personal information.

This depends on whether you have an existing ISO 27001. If you do, the timeframe for implementing ISO 27701 is shortened as you already have an existing management structure and will be familiar with the ISO framework.

If you need to implement both ISO 27001 and ISO 27701 simultaneously, then the process will take a little longer as there are some additional processes that need to be created and implemented.

ISO 27701 is not a legal requirement but businesses that frequently process and store information should always ensure that they protect it and handle it correctly. Written by industry experts from around the world, ISO 27701 certification can inspire trust in your business from both internal and external stakeholders.

Both the EU GDPR and the UK DPA 2018 require organisations to ensure the privacy of the personal information they process by taking the appropriate measures. However, neither provides much guidance on what those measures should look like.

The ISO (International Organisation for Standardisation) and the IEC (International Electrotechnical Commission) have therefore developed this new Standard to provide that guidance.

Becoming certified in ISO 27701 builds confidence and trust among internal and external stakeholders. It shows that you have processes in place to protect personal information and that you have a framework that supports your compliance with privacy regulations. This can boost the reputation of your company, increase loyalty among staff members, suppliers and contractors, and give you international recognition.

If your ISO 27001 system was not created by QMS, we will need to assess the compatibility of the two systems before we are able to provide a quotation for certification. This is due to the unknown complexity of your existing system. To find out more, please give our Sales Team a call on 0333 344 3646 or send an email to sales@qmsuk.com.