ISO/IEC 27701 establishes requirements and provides guidance for establishing, implementing,
maintenance and continuous improvement of a Privacy Information Management System (PIMS)
for privacy management as part of the extension to ISO/IEC 27001 and ISO/IEC 27002. On the other hand,
it defines the requirements related to PIMS and directs the PII controllers who have the responsibility and the
PII experts’ responsibilities. It also applies to organisations of all types and sizes, including PII controllers
and/or PII processors that process PII in SMIBs, including public and private companies,
government agencies and non-profit organisations.
Structure of the standard ISO/IEC 27701
The requirements of the standard are divided into the following four groups:
PIMS requirements related to ISO / IEC 27001 are outlined in Section 5.
The PIMS requirements related to ISO / IEC 27002 are described in section 6.
The PIMS guidelines for PII controllers are outlined in Section 7.
The PIMS guidelines for PII processors are outlined in Section 8.
The standard ISO/IEC 27701 also includes the following appendices:
Annex A PIMS-specific objectives and controls (PII controllers)
Annex B Control objectives and controls specific to PIMS (PII Processors)
Annex C Comparison with ISO/IEC 29100
Annex D Comparison with the General Data Protection Regulation (GDPR) .
Annex E Comparison with ISO/IEC 27018 and ISO/IEC 29151
Annex F How to Apply ISO/IEC 27701 to ISO/IEC 27001 and ISO/IEC 27002
ISO/IEC 27701 is an extension in the field of personal data management of the standards ISO/IEC 27001 – Information security management systems and ISO/IEC 27002 – Security methods and means. Information Security Management Systems and ISO/IEC 27002 – Security Methods and Tools.
It is an international management system standard that provides guidance on the protection of personal information, including guidelines for the management of personal information.
This is an international management system standard that provides guidance on the protection of personal information, including guidance on the management of personal data, which allows you to demonstrate compliance with privacy requirements.
