Privacy Information Management System (PIMS)

The ISO / IEC 27701:2019 standard is an extension of the ISMS -ISO 27001 management system & the ISO 27002 guidelines and concerns the protection of personal data. It provides guidance to organizations and companies wishing to implement systems to support compliance with the requirements of the General Data Protection Regulation GDPR 2016/679. The installation and implementation of the PIMS system according to ISO 27701:2019 reduces the risk of leakage of personal data and strengthens the existing ISO 27001 Information Security Management system.

Certification to the above standard is a means for any business/organization to demonstrate to customers, external and internal bodies and stakeholders that it has taken all appropriate technical and organizational measures to support compliance with GDPR and other relevant privacy legislation. ISO 27001 sets out the requirements for an ISMS (information security management system), a risk-based approach that includes people, processes and technology. Independently accredited ISO 27001 certification provides stakeholders with assurance that their data is adequately protected. Organizations that have implemented ISO 27001 will be able to use ISO 27701 to extend their efforts to cover privacy management – ​​including the processing of personal data / PII (personally identifiable information) – that can help them demonstrate that they have taken reasonable steps to comply with data protection laws such as GDPR; Organizations without an ISMS can implement ISO 27001 and ISO 27701 together as a single implementation project.

Organizations/companies wishing to obtain ISO 27701 certification in order to comply with the GDPR will either need to already have ISO 27001 certification or implement ISO 27001 and ISO 27701 together as an integrated management system. ISO 27701 is an extension of the requirements and guidance set out in the ISO 27001 standard. The ISO 27001 standard provides a framework for Information Security Management Systems (ISMS) that enables the continued confidentiality, integrity and availability of information as well as compliance with legislation.

The significant overlap of systems and technical requirements between a privacy information management system and an information security system is a compelling case for the adoption of ISO 27001 and ISO 27701.

Advantages of installing and implementing ISO 27701:

1. Documentary evidence of compliance with GDPR requirements

2. Security of personal data

3. Reducing the risk of personal data leakage

4.Statement of commitment to information/data security to customers, suppliers and other stakeholders

5.The certification is recognized internationally

BM CERT enables you to comply and be certified based on the ISO 27701 standard by integrating its procedures into your existing information security management system.

This certification is provided through a partner agency.

For more information about the ISO 27701 certification and for any further information contact us at 2122133744 for Greece or 22030278 for Cyprus or via email at [email protected].