ISO/IEC 27701:2019 Privacy Information Management System (PIMS)

Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines

The quantity and types of processed PII (Personal Identifiable Information) is increasing, as is the number of situations where an organization needs to cooperate with other organizations regarding the processing of PII. Protection of privacy in the context of the processing of PII is a societal need, as well as the topic of dedicated legislation and/or regulation all over the world.
A Privacy Information Management System (PIMS) expands upon the Information Security Management System (ISMS) and addresses the protection of privacy as potentially affected by the processing of PII.

The ISO/IEC 27701 Standard, specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization. Practically, PIMS is an Information Security Management System which addresses the protection of privacy as potentially affected by the processing of PII.
The ISO/IEC 27701 Standard can be used by PII controllers (including those that are joint PII controllers) and PII processors (including those using subcontracted PII processors and those processing PII as subcontractors to PII processors).
The ISO/IEC 27701 Standard provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing and is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which are PII controllers and/or PII processors processing PII within an ISMS(Information Security Management System)

The ISO/IEC 27701 Certification has several benefits including:
• Build trust and provide assurance to data subjects
• Demonstrate compliance with the legal framework
• Promote continuous improvement to business
• Ensure flexibility and scalability to business
• Reduce risk regarding the privacy
• Facilitate agreements with business partners where the processing of PII is mutually relevant.

The ISO/IEC 27701 contains an Annex mapping the Standard to the GDPR, however is not a GDPR certification.

Do you want to discuss about your needs and provide you the right solutions?

BSc in Computer Science, University of Crete, and MSc in International Marketing, University of London. She is experienced in auditing Management Systems and has been working for more than a decade in international group of companies, specializing in the sector of Sales, Marketing and Corporate Communication.
Lilly Mylona
Sales, Director

Contact with

Mrs. Lily Mylona,

Sales Director, PRIORITY

[email protected]

T. 210 2509900