Proving compliance with GDPR and other privacy regulations has been difficult up until now. The only way available was to undergo a data protection audit carried out by an independent 3rd party, but this approach produces varied results depending upon the depth of the audit process and the subjectivity of auditors.
The International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC) have developed a new certification titled ISO 27701 Privacy Information Management Systems (PIMS). This is an extension to ISO/IEC 27001 and ISO/ IEC 27002 to provide guidance for businesses to effectively address data privacy measures and ensure the gap between existing management system requirements and global privacy data legislations are effectively bridged.
ISO 27701 specifies privacy requirements and provides guidance for establishing, implementing, maintaining, and continually improving a privacy information management system. Organisations must first be certified to ISO 27001 Information Security Management before adding the ISO 27701 Privacy Information Management standard.
Already leaders in the provision of ISO 27001 alignment services, BH Consulting now also offer an ISO 27701 alignment service which can vary in scale from helping clients who need to build out a complete data protection framework through to simply assessing the existing mature framework for compliance with the requirements of ISO 27701.
We first assess the extent of the alignment needs by carrying out a Gap Analysis exercise against the requirements of ISO 27701. Following that step we prepare a road map of tasks which can be undertaken by the client or carried out in large part by our consultancy team, depending on the client’s resources and preference.
Our consultants are data protection specialists, used to developing comprehensive data protection frameworks for clients and they hold the ISO 27701 Lead Auditor & ISO 27701 Lead Implementer qualifications.
These services can be carried out remotely.
Be amongst the first organisations to prove your privacy credentials to your customers, stakeholders and partners
Demonstrate trust and confidence that the personal data you process and store is protected
Enhance your existing Information Security Management System (ISMS) to show compliance with GDPR
Limit reputational and financial damage that may be caused by a data breach