ISO 27701 - 2019
Overview
  • ISO 27701 – 2019 is the certification standard for privacy information management system (PIMS).
  • By getting certified you can show certification of your privacy compliance processes as per international best practices.
  • In Coral, we have successfully implemented PIMS-IS 27701-2019 for our clients, using a 7-phase methodology.
  • ISO 27701 has nearly 264 individual requirements, not all of which may be applicable if you are either a controller or a processor. If you are both, then all would perhaps apply, however the best option would be to conduct a gap analysis first to determine those that apply.
  • Contact us so we can get the conversation started.

Kindly share your details for SOC2 requirements

Captcha
bcms
What is the difference between
ISO 27701 – 2019 and ISO 27001 – 2013?
  • ISO 27701 can be summarized as a standard that has General Data Protection Regulation (GDPR) for controllers and processors, with ISO 27701 -2013, latter as security controls library.
  • ISO 27701 2019 section 5 is aligned ISO 27001 – 2013 management system requirements (Section 4 to 10)
  • ISO 27701 2019 section 6 is aligned ISO 27001 – 2013 to Annexure controls (114 controls)
  • If you are currently ISO 27001 – 2013 and wish to get ISO 27701 – 2019 certified, contact us we can explain – how in easy steps we can advise successful implementation and certification to ISO 27701 - 2019 certification.
Our ISO 27701 - 2019 Consulting Methodology has the following broad phases
We bring our world-class experience in delivery BCMS ISO 27701 - 2019 implementation leading to successful certification.

PHASE I – Information Flow Assessment

This phase involves identification of information sources, and is processing infrastructure that involves personnel, technology, physical infrastructure.

PHASE II – Gap Analysis

This phase involves performing privacy impact assessment and security risk assessment to determine security and legal loopholes. Identified gaps are provided with detail recommendations.

PHASE III – Control Design and Documentation

This phase involves our methodology that involves distribution security responsibility to internal stakeholders, with control policies and transactions that ensures that the PIMS is well embedded in the organisation processes. This also includes nomination of a data protection officer and creating data protection office, for the organisation. In a typical engagement organisation receives 25+ policies and procedures.

PHASE IV – Tracking

This phase involves tracking the client risks, and documentation on a weekly basis till all internal controls are adequately implemented.

PHASE V – Performance Tracking

This phase involves showcasing client with changes in a given period by providing change specific score of compliance between 0 -100% compliance.

PHASE VI – Internal Audit

This phase involves verifying the governance system created for the organisation is well in place and ready to declare as PIMS compliant.

At this stage the client has implemented the governance system in completeness.
Call or write to us at :
for proposal / roadmap / information