ISO/IEC 27701

In recent years, data protection has become increasingly vital for companies worldwide, driven by the introduction of privacy laws like the General Data Protection Regulation (GDPR). One challenge faced by many organizations is how to effectively adhere to and comply with the requirements set out by these laws, which govern the safeguarding and processing of Personally Identifiable Information (PII).

ISO/IEC 27701 is a Privacy Information Management System (PIMS) standard, especially designed to help organizations in meeting these requirements. As a privacy extension to the ISO/IEC 27001 Information Security Management System (ISMS) standard, ISO/IEC 27701 specifically emphasizes personal data protection, complementing the broader scope of ISO/IEC 27001 in secure IT governance.

Extend your company's IT security by implementing an effective personal data protection system certified to ISO/IEC 27701. Rely on our experienced information security experts for comprehensive support throughout your ISO/IEC 27701 certification process.

ISO/IEC 27701 is relevant and beneficial for a wide range of organizations, encompassing the public and private sectors, government institutions, and non-profit entities alike. It offers organizations a comprehensive framework for managing and safeguarding customer and employee personal information within an Information Security Management System (ISMS). Furthermore, ISO/IEC 27701 provides organizations with a standardized way to achieve compliance with data governance regulations around the world including the EU's GDPR and California's Consumer Privacy Act.

Unlock the benefits – an ISO/IEC 27701 certification helps you to:

• Comply with data protection regulations
• Increase trust among customers and business partners
• Provide transparency between stakeholders
• Clarify data protection roles and responsibilities
• Reduce the risk of data breaches through improved standards
• Integrates with the ISO/IEC 27001 information security standard

Discover valuable insights: Explore our extensive certificate database, Certipedia, for a transparent and independent overview of the systems, products and people we have tested. Take a look!

With our long-term experience in information security certification, we accompany you on the way to your ISO/IEC 27701 certification. From understanding your current state of readiness to auditing your ISMS and PIMS, we apply our expertise to ensure successful outcomes for your ISO/IEC 27701 certification.

In the field of data protection compliance, we provide support with various measures, including:

• Appointment of a person responsible for the Privacy Information Management System (PIMS)
• Data protection training for employees
• Logging of database access and changes
• Encryption of special categories of personal data (e.g. health data)
• Increased adoption of the Privacy by Design principle
• Review of security incidents for data protection violations

Would you like to learn more about certifying your data protection information management system according to ISO/IEC 27701? Our experts look forward to hearing from you!

Disclaimer: At TÜV Rheinland, the neutrality, objectivity, independency and impartiality of our activities are of utmost importance. Our assessment and audit activities follow these values in compliance with the applicable accreditation requirements. All the necessary structural, organizational and processual measures are in place in all levels of the organization in order to avoid conflicts of interest (e.g. rigorous separation of consultancy and certification) and to ensure impartiality. We do not offer or provide management system consultancy by an accredited certification body for management systems. Within the TR Group, we ensure a minimum 2-year interval between management system consultancy and certification activity for the same costumer.