Privacy Information Management System (PIMS)

With technological advances and online services exponentially expanding in recent years, our lives are ever- increasingly moving online. Our individual and organizational information now lives online and in databases.  Breaches and hacks have been an impetuous for the demand of accountability and better security of our data. Globally, countries and states are passing legislation such as the EU’s GDPR, California’s CCPA, to which organizations must comply. Using international standards like ISO 27001 and ISO 27701 organizations can not only comply with regulations, but have the right competence, processes, and systems in place to more broadly address and mitigate risk to ensure privacy security.

About ISO/IEC 27701:2019

The data privacy extension to ISO 27001 is ISO 27701. It was created to meet the privacy and information security requirements set forth in GDPR, as well as other data protection regulations.

ISO/IEC 27701:2019 outlines the requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS). As an extension, it is used as an add-on to an ISO/IEC 27001 and/or ISO/IEC 27002 management system, providing additional requirements and guidelines for privacy and security on top of an existing ISO management system approach.

ISO 27701 specifies PIMS-related requirements and provides guidance for Personally Identifiable Information (PII) controllers and processors that have the responsibility and are held accountable for PII processing. It is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations.

The Adoption of ISO/IEC 27701:2019

A certified ISO 27701 PIMS will enable your organization to:

  • Protect vital information assets of customers, employees, and the business
  • Have defined processes and responsibilities to avoid breaches
  • Address critical privacy and security issues efficiently and effectively
  • Enhance privacy compliance and reduce the risk of regulation infractions
  • Demonstrate to all stakeholders that effective systems are in place to support compliance to GDPR, CCPA and other related privacy legislation

Rapid adoption of ISO 27701 has been predicted with the increased demand for privacy regulation worldwide. Certification of an organization to ISO/IEC 27701 is one means of providing assurance that the organization has not only implemented a system for the management of privacy security in line with the international standard, but also maintains and continuously improves the system.

SRI was the first and at accreditation, the only U.S.-based registrar to be approved by ANAB to ISO 27001, the information security management system standard. We have continued to be a leader in information technology and security since. A committed link in the supply chain, SRI’s own IT systems meet ISO 27001 and GDPR requirements. Call today at 724-934-9000 to discuss assessment options to ISO 27701 or complete the Request a Proposal form.