ISO27701 & ISO27001: Information Security Management for the Privacy Protection Era

27 Oct 2022

Protect your data assets from loss or unauthorized access

Cyber, cloud and data privacy risks dominate our modern global business landscape. The frequency and severity of attacks and breaches have grown and so too has the need for corporations to proactively develop risk management systems in order to protect their and their customers’ sensitive data while continuously improving their IT defenses. 

What is the International Standards Organization (ISO) 27001 Standard for Information Security Management Systems (ISMS)?

The International Standards Organization (ISO) 27001 Standard for Information Security Management Systems (ISMS), released in 2013, provides companies seeking to actively manage their IT, data and cyber risks with an internationally recognized Certification. This allows companies to demonstrate that they have an externally and independently validated system that is recognized by today’s modern supply chains. 

The Standard provides guidelines and requirements to protect data assets from loss or unauthorized access as well as risk assessment tools, organizational structure, access control and safeguard mechanisms, policies, procedures, monitoring and reporting guidelines. This Standard also integrates easily into other ISO-based management systems, such as Quality (ISO9001), Environmental (ISO14001), Health & Safety (ISO45001), etc.

What is relationship between ISO 27001 2013 and ISO 27701 2019?

A natural extension to ISO27001 is the Privacy Information Management System (PIMS) Standard - ISO27701, issued in 2019. As different global jurisdictions issue their own privacy regulations, companies with certified PIMS are readily able to demonstrate compliance with regards to the EU’s GDPR requirements, various governmental and institutional bodies, state and military expectations.  It is important to note that a PIMS certified to ISO27701 must have a certified ISO27001 ISMS as its underpinning – however the integration and common structure of both these ISO-based Standards helps to remove duplication and redundancy in the related processes and procedures. 

How is ISO 27701 implemented?

Companies seeking certification to either the ISO27001 or ISO227701 Standards must first build their management systems in line with the prescribed structures. Once complete, the systems are subjected to an independent conformity assessment by an accredited Certification Body, like RINA. This audit identifies any non-conformances and/or opportunities for improvement, which, once resolved, leads to the formal certification. This certification operates on a 3 years cycle, including initial registration followed by surveillance audits. 

How can RINA help you protect data assets from loss or unauthorized access?

We can help your ISMS or PIMS certification journey. 

Your company will gain the benefit of a proven, globally recognized Standard for management of these quickly evolving risks to business.

Our global team of auditing and compliance experts are here to contact us.