ISO 27701:2019 specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO 27001 for privacy management.
ISO 27701 is relevant for controllers and processors of personally identifying information (PII) and is fully aligned with GDPR
This add-on is designed to upgrade Instant 27001 to function as a PIMS, by providing:
- 6 additional requirements for existing ISO 27001 clauses (chapters 4 thru 10)
- 33 implementation guidelines for existing ISO 27001 Annex A controls
- 18 additional controls for data processors (Annex B)
- 31 additional controls for data controllers (Annex C)
- Implementation instructions for all additional controls
- Sample policies and a processing register for all controlling and processing activities
- Per control an indication of how much extra work is imposed for organizations that already have Instant 27001 in place
Add-ons are delivered as a separate Confluence space backup. They can be merged into Instant 27001 using the provided instructions.
Excluding applicable taxes (read more)