ISO 27701:2019 - ISO Standard for Managing Information Security and Data Privacy of Personal Information

ISO 27701:2019 provides the approach and structure to an organization for building its PIMS (Personal Information Management System).

Like ISO 9001 pertains to QMS (Quality Management System) and ISO 27001 pertains to ISMS (Information Security Management System), ISO 27701 pertains to PIMS.

The primary aim of PIMS is to provide a comprehensive system which can take care of the management of information security and data privacy of personal information (either identified or identifiable) in a systematic and structured manner.

ISO 27701 is considered to be an extension of ISO 27001.

When it comes to personal information, ISO 27001 is supposed to take care of security aspects whereas ISO 27701 is supposed to extend that further to additionally take care of privacy aspects.

An organization needs to first implement ISO 27001 which lays down the foundation for implementing ISO 27701.

From certification point of view too ISO 27701 certification is possible only on top of ISO 27001 certification.


No comments:

Post a Comment