ISO / IEC 27701: 2019 Security techniques - Extension of ISO / IEC 27001 and ISO / IEC 27002 for privacy information management - Requirements and guidelines
The standard ISO/IEC 27701 specifies the requirements and provide guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization.
Essentially, the standard specifies requirements related to the Personal Data Management System and provides guidance on the responsibilities and obligations of PII Controllers and PII Processors processing PII (Personal Identifiable Information) withing an Information Security Management System.
General responsibilities of PII Controllers and PII Processors such as setting the conditions for data collection and processing, privacy by design and by default, obligations to PII principals, and records of processing activities are consolidated between others into a management framework with an ultimate objective to safeguard personal identifiable information and protect data subject's rights.
The implementation and the certification according to ISO / IEC 27701 contributes, among others to:
• build trust in the management of personal data information
• ensure transparency between stakeholders – business partners and data subject –
• secure tracking of the terms of cooperation agreements and privacy policies
• safe identification of roles and responsibilities in the management chain
• support compliance with the regulatory framework
• facilitate the implementation of the requirements of the ISO 27001 standard
• promote the continuous improvement of the operation of the business