ISO/IEC 27701 Privacy Information Management
With the increased popularity of e-commerce and online electronic payments, massive amounts of data are generated every day. In response to public concerns over data leaks, authorities around the world are implementing regulations to secure private information.
ISO/IEC 27701 provides guidance for organisations on how to implement various controls for identifying and mitigating risk when processing and/or controlling personal identifiable information. By fulfilling the requirements of the Standard, organisations demonstrate their ability to handle privacy information and have controls in place in regards the relevant privacy regulatory requirements, such as the General Data Protection Regulation (“GDPR”) in the European Union and the Personal Data (Privacy) Ordinance (“PDPO”) in Hong Kong.
Certification Standard
ISO/IEC 27701 specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002. The Standard specifies PIMS-related requirements and provides guidance for PII controllers and PII processors who are responsible and accountable for PII processing. It is applicable to all types and sizes of organisation, as long as they are PII controllers and/ or PII processors processing PII within an ISMS.
Benefits of Certification
- Strengthens customers’ trust in the organisation’s ability to handle privacy information
- Provides transparency for stakeholders by helping to clarify their roles and responsibilities
- Showcases the organisation’s ability to establish controls to address the privacy regulatory requirements such as GDPR and PDPO
- Helps organisations to identify and mitigate risk more effectively by implementing rigorous privacy controls
|