Since August 2019, ISO has introduced a new standard: ISO 27701. This is an extension of the existing ISO 27001 standard. Is your organization ISO 27001 certified? Then read on and discover what the new standard means to you.
What is the ISO 27701?
ISO 27701 does not look like an unknown standard. This is because this is an extension of the standard for Information Security, the ISO 27001, namely a privacy extension. The new standard is not so different from its brother, but the major advantage of the new ISO 27701 standard is that it includes best practices for protecting personal data, which contributes to GDPR compliance. This way, you can kill 2 birds with one stone.
Take, for example, the measure “Encryption”. This measure focusses on special categories of personal data and provides specific guidance for assessing security incidents involving personal data.
Note: The 27701 standard is a non-mandatory extension of the 27000 standard, so you can also continue with your old way of working, without taking privacy protection into account.
What is actually the purpose of the ISO 27701?
ISO27701 should fill the gap between ISO27001 and the GDPR, by using the best-practice additions to the measures and clarification of the requirements set. So you can also look at the ISO 27701 as an unofficial GDPR certification and that’s how your customers will probably consider it.
What will you notice yourself?
Because the new standard has so much overlap with the ISO 27001 and the GDPR, the introduction of the ISO 27701 means for many companies that no significant changes need to take place. Unless… these topics were not really on the agenda yet. In addition, we expect that many organizations will use the ISO 27701 as a GDPR-compliance stamp.
How can CompLions help you?
CompLions specializes in developing software to support organizations to implement laws and regulations and imposed standards.
GRCcontrol, our risk & compliance software package, provides you with easy insight into the quality level and risks of your organization. In addition, GRCcontrol offers you hundreds of best-practice recommendations that help you improve your organization. We also have these available for your organization for the ISO 27701 standard!
Did this spark your interest? Watch the video below and discover in one minute how GRCcontrol can help your organization to return the focus on what matters: your customers.