BS EN ISO/IEC 27701:2021

What is BS EN ISO/IEC 27701 - Privacy information management about?

BS EN ISO/IEC 27701 is the world’s first global privacy standard. It is a privacy extension to ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Security Controls.

An international management system standard, it is a document that provides guidance on the protection of privacy, including how organizations should manage personal information, and assists in demonstrating compliance with privacy regulations around the world.

BS EN ISO/IEC 27701 offers a framework for Personally Identifiable Information (PII) controllers and processors to protect collected personal data. It sets out a programme to establish, implement and maintain a Privacy Information Management System (PIMS), as an extension to an BS EN ISO/IEC 27001 Information Security Management System (ISMS).

Take and in-depth look at how this standard can help your organization to manage personal information by reading our Privacy Matters Whitepaper.

What are the benefits of using BS EN ISO/IEC 27701 - Privacy information management?

As requirements for data protection toughen, BS EN ISO/IEC 27701 can help business manage its privacy risks with confidence.

By implementing BS EN ISO/IEC 27701 in your organization, your business can benefit from:

• Building trust in managing personal information
• Providing transparency between stakeholders
• Clarifying roles and responsibilities
• Complying with privacy regulations
• Reducing complexity by integrating with the leading information security an BS EN ISO/IEC 27001
• Having consistent data processing practices across the organization
• Managing privacy risks for personally identifiable information

What’s more, an organization complying with the requirements of the standard will generate documentary evidence of how it handles the processing of PII. Such evidence can be used to facilitate agreements with business partners where the processing of PII is mutually relevant.

Discover how Risk Evolves benefitted from their implementation of BS EN ISO/IEC 27701 by reading our case study here.

Who is BS EN ISO/IEC 27701 - Privacy information management for?

Whatever business you’re in today, you’re in the data privacy business. BS EN ISO/IEC 27701 can be used by all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations.

It provides guidance for organizations who are responsible for Personally Identifiable Information (PII) processing within an information security management system (ISMS), specifically:

• PII controllers (including those who are joint PII controllers)
• PII processors

Its guidance should be followed by anyone who comes into contact with personal data.