Training Catalogue

    ISO Banner

    ISO/IEC 27701:2019
    Extension to ISO/IEC 27001

    and ISO/IEC 27002 for

    privacy information management

    ISO/IEC 27701:2019 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management

    ISO/IEC 27701:2019 was created to complement the very commonly used ISO/IEC 27001:2022 and ISO/IEC 27002:2022 Information Security Management standards.

    This recently published standard offers guidance for businesses wishing to set up infrastructure to enable GDPR (General Data Protection Regulation) and other data privacy regulations.

    ISO/IEC 27701:2019, also known as The Privacy Information Management System (PIMS), provides a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage data privacy.

    To comply with the General Data Protection Regulation (GDPR), ISO/IEC 27701:2019 establishes a strong integration point for coordinating security and privacy controls. This integration is achieved through a framework for managing personal data that can be used by both data controllers and data processors.

    What is ISO/IEC 27701:2019?

    Why does an Organisation need ISO/IEC 27701:2019?

    What are the Benefits of Implementing ISO/IEC 27701:2019?

    How do I Implement ISO/IEC 27701:2019 in an Organisation?

    Why Choose WWISE to Assist your Organisation:

    Guideline Conformance Process:

    What is ISO/IEC 27701:2019?

    ISO/IEC 27701:2019 is a privacy extension to the ISO/IEC 27001:2013 Information Security Management and ISO/IEC 27002:2013 Security Controls Standards. It provides guidance on the protection of privacy, including how organizations should manage personal information, and assists in demonstrating compliance with privacy regulations around the world.

    ISO/IEC 27701:2019 indicates the requirements and provides guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS). It specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.

    Why does an Organisation need ISO/IEC 27701:2019?

    This Standard is relevant to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations. It will provide guidance for organizations who are responsible for Personally Identifiable Information (PII) processing within an information security management system (ISMS). Organizations which fulfil with the requirements of the Standard will generate documented evidence of how they handle the dispensation of personal information. It will promote relationships with all interested parties.

    Where organizations fail to protect people’s personal information, that breach of trust is likely to have significant, long-term, negative reputational impacts. As such, the introduction of ISO/IEC 27701 seems very timely and necessary. This Standard builds on existing framework, provide a robust and relatively forthright way of developing an internationally recognized approach to managing personal data.

    What are the Benefits of Implementing ISO/IEC 27701:2019?

    • It will clarify roles and responsibilities,
    • Supports compliance with privacy regulations,
    • Provides transparency in interested parties,
    • Builds trust in managing any personal information kept,
    • Assist with effective business agreements,
    • Can be easily integrated with ISO/IEC 27001:2013
    • Strategic governance, and
    • Privacy compliance.

    How do I implement ISO/IEC 27701:2019 in an organisation?

    ISO Consulting and Implementation:

    We have a range of professional Consultants, Engineers, and registered Auditors to assist in implementing and maintaining any ISO Management System. Our industry expertise includes services, telecommunication, manufacturing, construction, engineering services, fast-moving consumer goods, mining, power generation, state-owned companies, and government-run organisations. A good Consultant takes the time to truly understand the processes of your organisation.

    Therefore, they can approach the implementation of ISO requirements accordingly. The cost of hiring a Consultant and the time spent to implement your ISO Management System will definitely pay off in the long run.

    WWISE has a 4-Phase Approach:

    • Phase 1: Gap Analysis Audit and Information Gathering
    • Phase 2: ISO Documentation, Risk Assessment, and Process Mapping
    • Phase 3: Implementation and Coaching
    • Phase 4: Certification

    WWISE provides a turnkey solution which includes templates, one-on-one coaching, on-the-job training, and mentorship. As a consulting firm, we do not provide certification services. However, we will guide you through the certification process and ensure that your organisation becomes certified.

    Why Choose WWISE to assist your organisation?

    An organisation can implement the standard, however, cannot get certified as a guideline standard.