Overview
ISO 27701 provides specifications and guidance for including personally identifiable information (PII) in the implementation of an information security management system. It is referred to as ‘Privacy information management system’. ISO 27701 extends the requirements of ISO/IEC 27001 to take into account the protection of privacy of PII principals as potentially affected by the processing of PII, in addition to information security.
We have a formal methodology to fulfil and implement privacy information management system.
The standard requirements can be used by organizations to implement ISO 27701 as an independent assessment or an extension of an existing ISO 27001/ISO 27702 certification.
After we have identified whether an organisation is a controller and/or a processor, we guide an organisation through a step-by-step process of determining applicable requirements and taking them through the journey.
Phases of Consultancy
Know your Business Objective rather know you
- What you do?
- How do you do?
- What do you use?
- How much automation is involved?
- Strive to Map is with the standard requirement
Context & Risk assessment along with Gap Analysis
- Know your interested parties, internal and external issues
- Assess business risk and recommend treatment
- Roadmap to bridge the identified gaps
Define Management System (Reverse Engineering)
- Upgrade what you have
- Translate your business practices into compliance-speak with easy-to-use Process & templates
- A very slim set of policies, procedures, template and guideline
Training workshop
- InfoSec Awareness
- Risk Management
- Process Owner’s training
Performance Monitoring
- What is your pain area?
- Where do you expect improvement?
- Define Performance Objective
- Derive Performance
- Analyse Trend
Program Management
- Progress monitoring
- Status overview to Management
- Continuous Record review
- Facilitation to Process Owners
Internal Audit
- Internal Audit to ensure readiness
- NC closure and trend analysis
External Certification Support
- Identify right Certification partner
- Collaboration
- Guidance for NC closure (If any)
- Be there to Celebrate Success
Related Services
ISO 27001/ISO 27002 - Information Security (ISMS)
Ensuring Information Security is defined, implemented, measured and audited in products, services and processes, resulting in business protection and successful ISO 27001 certification
General Data Protection Regulation (GDPR)
By complying with GDPR requirements, businesses will avoid paying costly penalties while improving customer data protection and trust.
California Consumer Privacy Act (CCPA)
It grants consumers greater transparency from companies because Personal information cannot be sold without the consent of the consumer.
Health Insurance Portability & Accountability Act (HIPAA)
Ensuring HIPAA Security Safeguards are embedded in your products, services and processes.
DPO – Data Protection Officer
Employing a virtual DPO demonstrates to the Information Commissioner’s Office (ICO) and your business partners your commitment to a data protection framework.
Privacy Management
Organization making the effort to properly train employees, the long-term benefits of having well-trained staff greatly outweigh the short-term financial investment and potential reduction of productivity.