As previously discussed, ISO/IEC 27701 is a comprehensive international standard that provides specific privacy guidelines for organizations attempting to meet additional standards for handling PII in line with jurisdictions like GDPR. This document aligns ISO-compliant organizations with PII-focused standards by implementing Privacy Information Management Systems (PIMS).

So far, we’ve covered how ISO 27701 refines ISO 27001 and ISO 27002 guidelines to emphasize handling PII and those specific to data controllers. In this final blog post of our series, we will look closely at Section 8 of ISO 27701 and explore specific guidelines for processors handling PII.

Read More

We’ve previously discussed ISO 27701 and how it refines two essential security standards and control libraries (ISO 27001 and ISO 27002). But, the entire purpose of ISO 27701 is to align IT systems with privacy requirements found under GDPR. 

Here, we’ll discuss the third section of this document that defines additional guidelines for organizations acting as data controllers in the EU.

Read More

The International Organization for Standardization wrote ISO 27701 to align the standards of the ISO 27001 series with privacy-based standards like GDPR and CCPA. As such, it addresses the core requirements of that standard and refines them so that organizations don’t have to fumble in the dark about adapting their existing ISO certifications to larger regulatory frameworks.

Previously, we discussed the impact of this document on ISO 27001. In this article, we carry on where we previously left off by discussing refinements to ISO 27002 and adopting specific controls to handle PII.

Read More