Home SiteMap English Korean

ISO SYSTEM

ICMC (International Certification Management Center Co., Ltd.)

pic

icmcert@naver.com

pic

+82-2-851-3111

ISO 27701 Privacy Information Management

ISO 27701 (Privacy Information Management System)


Overview

ISO 27701 is the first global privacy management system standard. ISO 27701 is an extension of ISO 27001, and ISO 27701 includes requirements, specific goals, and management means related to the establishment of a Privacy Information Management System (PIMS).
ISO 27701 is an important step in protecting personal information. ISO 27701 meets existing regulations by providing organizations with practical guidance on how to act on data and privacy. These guidelines allow you to comply with applicable regulations such as the GDPR (European Union Personal Information Protection Act) while protecting PII (Personal Information).




ISO 27701 Background

Recently, there has been a growing demand for guidelines on how organizations should manage and process data to reduce threats to personal information in dynamic environments. As a result, new international standard-type guidelines will work strongly on how organizations manage their personal information and help them comply with various privacy-related regulations being updated around the world, which was the background of ISO 27701 for privacy information management.




Composition of ISO 27701

As ISO 27701 standards are based on ISO 27001 and ISO 27002, requirements and guidelines are expanded in consideration of privacy protection of PII security topics that may be affected by PII processing in addition to information security. In other words, when the term "information security" is used in ISO 27001 or ISO 27702, the term "information security and personal information" is applied instead in ISO 27701. In addition, relationships with each standard, terminology organization, application methods, and mapping between each clause are included in the specification.
In particular, ISO 27701 is established with global commerce and business across EU member states and European borders, so it includes the requirements of the privacy management system that PII controllers and organizations serving as processors, and Annex D provides mapping between ISO 27701 and GDPR regulations.




Composition of ISO27701 requirements

NO Title NO Title
4

General
4.1 Structure of this document
4.2 Application of ISO 27001 requirements
4.3 Application of ISO 27002 guidelines
4.4 Customer

 7

Additional ISO 27002 guidance for PII controllers
7.1 General
7.2 Conditions for collection and processing
7.3 Obligations to PII principals
7.4 Privacy by Design and Privacy by default
7.5 PII sharing, transfer, and disclosure
5

PIMS-specific requirements related to ISO 27001
5.1 General
5.2 Context of the organization
5.3 Leadership
5.4 Planning
5.5 Support
5.6 Operation
5.7 Performance evaluation
5.8 Improvement

 8

Additional ISO 27002 guidance for PII processors
8.1General
8.2 Conditions for collection and processing
8.3 Obligations to PII principals
8.4 Privacy by Design and Privacy by default
8.5 PII sharing, transfer, and disclosure
6

PIMS-specific guidance related to ISO 27002
6.1 General
6.2 Information security policies
6.3 Organization of information security
6.4 Human resource security
6.5 Asset management
6.6 Access control
6.7 Cryptography
6.8 Physical and environmental security
6.9 Operations security
6.10 Communications security
6.11 Systems acquisition, development and maintenance
6.12 Supplier relationships
6.13 Information security incident management
6.14 Information security aspects of business continuity management
6.15 Compliance

 Annex Annex A (normative) PIMS-specific reference control objectives and controls (PII Controllers)
Annex B (normative) PIMS-specific reference control objectives and controls (PII Processors)
Annex C (informative) Mapping to ISO 29100
Annex D (informative) Mapping to the General Data Protection Regulation
Annex E (informative) Mapping to ISO 27018 and ISO 29151
Annex F (informative) How to apply ISO 27701 to ISO 27001 and ISO/IEC 27002



Effectiveness of introducing ISO 27701

1
Personal information protection and trust building
All stakeholders, including clients, employees, and regulators, are calling for organizations to take better action to protect information and personal information. ISO 27701 certification serves as an independent and fair approval to demonstrate your commitment to privacy and best practices. Through this certification, trust can be built and competitive advantage can be secured.

2
Certification of compliance with laws and regulations
ISO 27701 certification alone cannot confirm that the organization complies with the GDPR (European Union General Privacy Act). However, ISO 27701 certification provides a logical and effective framework for businesses to use to support efforts to comply with various privacy laws and regulations.

3
Building a more systematic integration system
To obtain ISO 27701 certification, you must implement both standards that have already received ISO 27001 certification or can be reviewed through integrated screening. An integrated system that complies with both ISO 27001 and ISO 27701 standards can demonstrate a systematic information security management system that adequately handles changing requirements and expectations related to privacy management.


ICMC (International Certification Management Center)
 Global/Domestic RA Consulting & GMP(ISO) Internal Auditor Training

ICMC has been working tirelessly to become a customer-satisfying company by securing experienced and excellent RA consultants and audit instructors as a specialized institution for global/domestic RA consulting & GMP(ISO) internal auditor training for more than 25 years. ICMC will provide consulting services to enable the introduction of an internationally recognized system through skilled professionals. In addition, ICMC will provide training services to respond to domestic GMP and international ISO audits, strengthen practical competencies, and acquire internal audit skills. Through this, through the implementation of the global system, the safety, reliability and quality of products can be improved and international competitiveness can be secured. ICMC provides customized consulting services for global system establishment in the shortest period and minimum cost, as well as education to establish the overall concept and operation method of domestic GMP and global ISO, and will become an essential partner for entering the global market.