ISO 27701 Certification
ISO 27701 is an extension of ISO 27001 designed to manage privacy and Personally Identifiable Information (PII). Stacking an ISO 27701 certification on top of a 27001 certification is a powerful way for businesses to demonstrate heightened commitment to protecting data.
CompliancePoint partners with our customers throughout the entire ISO 27701 process, making it easier for them to achieve their certification goals. Our services can be customized to focus on your organization’s pain points and high-priority tasks. CompliancePoint’s ISO team is comprised of former ISO auditors and senior practitioners who truly understand the challenges our customers face with these initiatives. Partnering with CompliancePoint to secure your ISO 27701 certification will provide you with:
- Non-biased 3rd party support across the entire life cycle
- The expertise, processes, procedures, and technology roadmap required for certification
- Step-by-step support based on years of certification experience, customized to your organizational maturity
- Practical and pragmatic advisory services for navigating the challenges of certification
We are partners with Mastermind, a certification body accredited by the International Accreditation Service that specializes in auditing ISO standards. CompliancePoint and Mastermind work together to simplify the entire certification process for customers, from initial readiness assessments and policy development to the resulting certification audit.
Full Life Cycle Management
Identify
Gap Assessments
Our experts define and determine Privacy Information Management System (PIMS) scope, evaluate controls and policies, identify risks, and provide a roadmap for certification.
Mitigate
Advisory Services
Our experts implement the necessary policies, business processes and technology to prepare for a successful ISO 27701 certification.
Manage
Certification and Program Management
We support your organization during the audit, providing our expertise to help navigate the process successfully.
Once certified, we manage and maintain the PIMS to ensure compliance with ISO 27701 for future certifications.
Speak with an Expert
Our Focus
Our ISO services are designed to get organizations certified against the ISO 27701 standard. CompliancePoint will work with you to achieve and maintain compliance with all 184 controls that fall into the five ISO 27701 control categories.
.
Security Management
Controls for creating and maintaining a security management system.
Information Security Incident Management
Controls for managing incidents that threaten data security.
Information Security Controls
Controls for protecting information from unauthorized access, use, disclosure, or destruction.
Business Continuity Management
Controls for ensuring an organization can continue to operate if an incident takes place.
Information Security Risk Management
Controls for identifying, evaluating, and responding to data security risks.
Our Benefits
Objective & knowledgeable assessments
Proven techniques and strategies
Cost savings
No personnel certification costs
Target high-priority tasks
Access to cutting-edge tools & technology
No turnover
Security awareness training
Institutionalize your security processes
Control design & automation
Objective & knowledgeable assessments
Proven techniques and strategies
Cost savings
No personnel certification costs
Target high-priority tasks
Access to cutting-edge tools & technology
No turnover
Security awareness training
Institutionalize your security processes
Control design & automation
Let us help you develop your ISO 27701 certification roadmap today.
Learn More About ISO 27701
The International Organization for Standardization (ISO) designed ISO 27701 to help organizations manage Personally Identifiable Information (PII) through the implementation of a Privacy Information Management System (PIMS). 27701 compliance will make it easier for businesses to meet the requirements of international and domestic privacy laws like the GDPR and CCPA.
To secure ISO 27701 certification, organizations must go through an audit performed by an accredited third-party certification body to determine if their PIMS meets the standard’s requirements. Certification is valid for three years but annual surveillance audits are required to verify the organization continues to meet the requirements of ISO 277001.
Clauses 5-8 are mandatory and detail what is required of a PIMS to be in compliance with the standard.
Clause 5: PIMS-specific requirements related to ISO/IEC 27001
5.1 General
5.2 Context of the organization
5.3 Leadership
5.4 Planning
5.5 Support
5.6 Operation
5.7 Performance evaluation
5.8 Improvement
Clause 6: PIMS-specific guidance related to ISO/IEC 27002
6.1 General
6.2 Information security policies
6.3 Organization of information security
6.4 Human resource security
6.5 Asset management
6.6 Access control
6.7 Cryptography
6.8 Physical and environmental security
6.9 Operations security
6.10 Communications security
6.11 Systems acquisition, development, and maintenance
6.12 Supplier relationships
6.13 Information security incident management
6.14 Information security aspects of business continuity management
6.15 Compliance
Clause 7: Additional ISO/IEC 27002 guidance for PII controllers
7.1 General
7.2 Conditions for collection and processing
7.3 Obligations to PII principals
7.4 Privacy by design and privacy by default
7.5 PII sharing, transfer, and disclosure
Clause 8: Additional ISO/IEC 27002 guidance for PII processors
8.1 General
8.2 Conditions for collection and processing
8.3 Obligations to PII principals
8.4 Privacy by design and privacy by default
ISO 27701 contains six annexes that guide organizations on how to manage privacy information and implement controls to comply with the standard.
Annex A: PIMS-specific reference control objectives and controls (PII Controllers)
Annex B: PIMS-specific reference control objectives and controls (PII Processors)
Annex C: Mapping to ISO/IEC 29100
Annex D: Mapping to the General Data Protection Regulation
Annex E: Mapping to ISO/IEC 27018 and ISO/IEC 29151
Annex F: How to apply ISO/IEC 27701 to ISO/IEC 27001 and ISO 27002
10 Billion+
Records Audited
150+
Cases as an
Expert Witness
2,500+
Companies Served
+86
Net Promoter Score - Our Customers Love Us!
