ISO/IEC 27701 is designed to specify requirements and provide guidance for establishing, implementing, maintaining and continually improving a PIMS in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of your organization. A PIMS framework will help you to operate and maintain processes for your organization whilst providing assurance to your stakeholders.
This one-day course will help you understand the principles of ISO/IEC 27701 and the changes required to extend your ISMS. It will help you understand how the requirements of ISO/IEC 27701 will provide the basis of an effective PIMS and provides guidance for PII controllers and/or PII processors.
The aim of the course is to help you to understand how ISO/IEC 27701 can extend your ISO/IEC 27001 information security management system (ISMS) to include requirements for protecting personally identifiable information (PII) and provide a framework for a privacy information management system (PIMS).
Goals
The course covers the following specific learning objectives:
- Understand the benefits of having an effective PIMS in place
- Understand the content of ISO/IEC 27701, both requirements and guidance and how it will improve your processing of PII
- Determine the effectiveness of an organization’s PIMS
- Understand how the standard maps to the privacy framework and principles in other ISO/IEC standards (e.g. 29100, 27018 and 29151) and the EU General Data Protection Regulation (GDPR)
- Inspire customer and partner trust
- Protect your organization’s reputation
- Inform your organization’s senior management of the requirements of ISO/IEC 27701 to help them decide the next steps to take
