ISO27701 (PIMS)

In recent times the privacy domain has become increasingly regulated. Privacy governance remains a complex endeavour that gave regulatory attention, evolving legislation globally and societal maturity.  

ISO/IEC 27701:2019 is an extension to the international information security management standard, ISO/IEC 27001. By design, the standard aligns with ISO 27001 to extend an existing ISMS (information security management system) with additional requirements, enabling an organisation to establish, implement, maintain and continually improve its PIMS.

ISO 27701 guides protect privacy, including how organisations should manage personal information and demonstrate compliance with privacy regulations worldwide, such as the GDPR (General Data Protection Regulation) and Protection of Personal Information Act (POPIA).

ISO 27701 intended for:

  • Organisations looking for general information about privacy information management
  • Organisations are implementing, or considering improving, a PIMS.

In conclusion, ISO 27701 is a widely applicable standard and an internationally acknowledged framework that can help integrate privacy governance into risk management practices. In this respect, ISO 27701 might serve as the basis for a potential GDPR or POPIA certification framework.

The Challenges Of ISO27701

Regulatory Governance
 The GDPR, POPIA and other privacy regulations require organisations to implement measures to ensure personal data privacy. 

Regulatory frameworks
The GDPR, POPIA and other privacy regulations require privacy assurance. However, there is no standardised framework mandated to satisfy regulation.

The Benefits Of ISO27701

Compliance with Data Protection Regulations 
ISO 27701 provides an ideal mechanism for demonstrating compliance to GDPR, POPIA and other jurisdictions. By complying with the controls of ISO 27701, you can demonstrate assurance of compliance. 

Trust with Stakeholders and third parties
The standard can help build trust with stakeholders (customers, partners and shareholders) by demonstrating your organisations’ commitment to personally identifiable information (PII).

Suitable for all organisations
ISO 27701 is versatile. It can be used in any organisation of all industries.

What needs to be assessed

Core focus areas for evaluation during the assessment:

Why choose Securicentrix for ISO27701?

Securicentrix is a CREST-accredited and award-winning provider of penetration testing services. Our ethical hacking engagements, including network penetration testing and web application testing, help organisations to achieve PCI DSS pen test standards by identifying weaknesses that could enable card payment details to be compromised by criminal attackers. 

Our services

SecuriCentrix’s security services are designed to provide the vital assistance needed to make tangible improvements to your organisation’s cyber security posture. 

Security
Validation

Expert security services and solutions tailored to your needs