ISO/IEC 27701 Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management

---

ISO/IEC 27701:2019 is an international standard that provides requirements and guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization.

This standard is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, which are PII controllers and/or PII processors processing PII within an ISMS.

Here are some key points about ISO/IEC 27701:

1. Integration: ISO 27701 is an integration between the Information Security Management System (ISMS) of ISO 27001, the guide of best practices known as ISO 27002, and the requirements of privacy regulations.
2. Privacy Extension: It’s a privacy extension to ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Security Controls.
3. Protection of Privacy: It provides guidance and requirements on the protection of privacy, helping both personally identifiable information (PII) processors and PII controllers to put robust data processes and controls in place.
4. Requirements and Guidelines: ISO/IEC 27701 specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.

In summary, ISO/IEC 27701 is a valuable tool if you need to integrate GDPR, CCPA, LGPD, and other privacy regulations with ISO 27001 information security management. It helps organizations manage and protect their information assets so that they remain safe and secure, thus preserving their integrity, confidentiality, and availability. This is crucial for organizations that handle sensitive information.