ISO/IEC 27701
Privacy Information Management System
ISO/IEC 27701 Privacy Information Management System (PIMS) serves as a privacy extension to the internationally recognised management standard ISO/IEC 27001 Information Security Management Systems, which has already been widely adopted globally by types and sizes of organisations in meeting the regulatory requirements and manage privacy risks related to Personally Identifiable Information (PII).
ISO/IEC 27701 is designed for organisations worldwide that collect and process personally identifiable information (PII) and support organisations to comply with key privacy laws such as European Union General Data Protection Regulation (EU GDPR) and local privacy law & regulations such as Personal Data Protection Act (PDPA) in Singapore.
Why ISO/IEC 27701?
Organisations who have plans to obtain the DPTM Certification (Data Protection Trustmark) are encouraged to go for ISO 27701 certification as it helps the organisation appropriately address their information security and privacy risks, and could potentially reduce the time spent on preparing for the DPTM assessment. Organisations that were well prepared for the DPTM will have already completed a substantial amount of work required for ISO 27701.
Benefits to your organization
-
Establish a structured environment for PII controllers and processors to manage the responsibility and accountability related to both internal and external PII.
-
Allow the company to reduce costs and maximise value related to Risk management, Reputation, Corporate governance, Competitive advantage, Compliance, etc.
-
Enhance stakeholders management by developing confidence and assurance.
-
Comply with key privacy laws such as European Union General Data Protection Regulation (EU GDPR) and local privacy law & regulations such as Personal Data Protection Act (PDPA) in Singapore.
-
For companies who are certified with ISO/IEC 27001 Information Security Management System, you will be ready to go for ISO/IEC 27701.
Benefits to your customers
-
Generate more trust with your customers or potential prospect through a global recognition that it complies with privacy laws.
-
Help customers who have concerns over privacy issues make a faster decision and get buy-in by reducing the level of uncertainty and needs for further inquiry.
-
Add value to the business relationship by enhancing the level of reassurance related to privacy risks.