Yet Another Standard? What Does This One Cover?
You may just remember GDPR. (By the way, you are compliant, aren’t you?). How do you prove to your customers or any other body that you are compliant? Put simply, ISO 27701 accreditation will prove this. Therefore, we thought it useful to address some ISO 27701 FAQ.
Do I Have To Start All Over Again?
No – this is not a business generation exercise for the likes of us ISO consultants. At the core of ISO 27701 is a management system, known as PIMS, “Privacy Information Management System”. This manages the “Personally Identifiable Information” (“PII”) you hold. Therefore, if you consider yourself “GDPR compliant”, then it is highly likely that you already have the main components of a PIMS. However, you will need a formal structure. ISO 27701 gives that structure
Isn’t There an Overlap with ISO 27001?
Yes indeed. Hence, it could be said that the PIMS is an advanced form of the ISMS. If you already hold ISO 27001, then transition to ISO 27701 is not difficult. However, your existing system needs to have been constructed correctly. Ideally, it is neither over-complex nor superficial.
What’s Driving This Standard?
As well as the international formalisation of GDPR-type controls, ISO 27701 addresses an increasingly serious risk to businesses. Large-scale, high-profile data breaches are increasingly common. They are generally devastating to a company’s reputation (and balance sheet). IBM have calculated that the average cost of a data breach for a large organisation is $3.6 million. Furthermore, the additional costs of damage to company reputation and customer confidence are hard to quantify.
It Gets Much Worse (Or,”Why You Really Need ISO 27701″)
Where a breach results in personal information relating to your customers, suppliers or staff, your company also becomes liable for individual legal action from the people involved. Furthermore, costs incurred from such cases, the resources it uses in terms of management time and general disruption can cripple a business.
How Does the Approval Process Work?
For the purposes of this ISO 27701 FAQ document, we’ve given a much-simplified outline of five basic stages.
ISO/IEC 27701 gap analysis: What are the areas your organisation will either need to change or update in order to achieve certification success?
ISO 27701 roadmap: Leading on from our ISO 27701 gap analysis, we create a practical action plan that outlines practical steps in order to meet the standards requirements. Our level of assistance in this area is entirely up to you. We can simply advise, or manage the whole process.
ISO 27701 simulated assessment: we can conduct a “mock” ISO 27701 assessment based on the official certification exercise. This will indicate whether your organisation is ready for the real ISO 27701 assessment from a certified body.
ISO 27701 final preparation: If required, we can address any issues raised during your assessment. This will prepare your organisation for its ISO 27701 certification visit.
Gain formal certification against ISO 27701.
What's the Next Stage?
Make contact with us for an initial discussion. There’s much more to tell beyond ISO 27701 FAQ. We can be as involved or detached as you need us to be, based on your company’s requirements.