Recently, due to the high demand at European level, the ISO organization has developed a standard for GDPR. This extension is described in ISO 27701 on the basis of a management system approach. ISO 27001 and ISO 27701 together can therefore be seen as a management system on information security and privacy. This makes certification also possible for this management system.
On the one hand, ISO 27701 provides the additional requirements for the management system as described in ISO 27001 and, on the other, provides guidelines that should be seen as a supplement to ISO 27002. This standard is therefore also extremely suitable for organizations that have already got their information security in order according to ISO 27001.
We would like to carry out for you the audits required to obtain an ISO 27701 certificate. Because every organization is unique, we would be happy to discuss your starting position with you and identify any steps which still need to be taken to be ready for certification. We then draw up a tailor-made certification proposal for you. The cost of ISO 27701 certification depends on various factors, such as the size and complexity of your organization.
What is the difference between ISO 27001 and ISO 27701?
ISO 27701 specifies requirements and provides guidelines for establishing, implementing, maintaining and continuously improving the privacy information management system in the form of an extension to ISO 27001 and ISO 27002 for privacy management within the context of the organisation. Without ISO 27001 certification, there can be no ISO 27701 certification.
What is the difference between ISO 27701 and ISO 27018?
ISO 27018 establishes generally accepted control objectives, controls and guidelines for implementing measures to protect personally identifiable information in accordance with privacy principles in ISO 29100 for the public Cloud computing environment. in particular, this document specifies guidelines based on ISO 27002, taking into account the legal requirements for the protection of PII that may be applicable within the context of the information security risk environment(s) of a public Cloud service offering. This document applies to organisations, which provide information processing services as PII processors via Cloud computing on behalf of other organisations.
What is the difference between ISO 27701 and GDPR?
The ISO 27701 provides guidelines for establishing and implementing the requirements, maintaining and continuously improving a Privacy Information Management System. The AVG (GDPR) is the legislation on which the standard is based. Elements of the law are reflected in the standard. As a result, the law structures the standard. The other way around is not possible.
In addition, the standard states that national (matter) legislation must be complied with. As a result, in the healthcare sector, for example, you also have to comply with the requirements of, for example, the WGBO, Public Health Act, Wabpvz, etc., while these contain instructions that are only outlined in the AVG.