ISO/IEC 27701

ISO/IEC 27701 is an international standard that stipulates the requirements of privacy information management system and was published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in August 2019. ISO/IEC 27701 is an extension of ISO/IEC 27001 and ISO/IEC 27002 for privacy information, and aims to establish, implement, maintain, manage, and continually improve privacy information management system.

< ISO/IEC 27701 >

Key features of ISO/IEC 27701 Certification

• •  ISO/IEC 27701 is an extension of ISO/IEC 27001, and companies wishing to certify ISO/IEC 27701 must have ISO/IEC 27001 certification.
• •  Companies that have maintained ISO/IEC 27001 certification must meet the requirements of ISO/IEC 27701 when processing privacy information.
• •  It provides the requirements and guidelines that organizations must have for Privacy information protection.
• •  Provides a definition and guideline of processes for the organization to protect PII.
• •  ISO/IEC 27701 is established with GDPR in mind to enable global commerce and business and includes mapping between each clause.

International standards related to information protection

• ISO/IEC 27001 : Information security management systems
• ISO/IEC 27002 : Guidelines for establishment, implementation, maintenance, management, and continuous improvement of an information security management system based on ISO/IEC 27001

Terms

• PII (Personally Identifiable Information)
  : Any information that can be used to identify the person to whom such information relates
• GDPR (General Data Protection Regulation)
  : It means privacy regulations and integrated regulations made by the European Parliament to strengthen the privacy of European citizens.