ISO27701 is an international standard for privacy information management. It is an extension of ISO 27001 Information Security Management and ISO 27002 Security Controls. The standard works as a guide providing organizations framework on ways to manage personal information, and assists in achieving compliance with various international data privacy standards globally. Adhering to this standard is considered as following the industry best practice for data privacy. The standard outlines a detailed framework that can be used as a checklist to comply with various international data privacy regulations like the EU GDPR. The standard helps organizations maintain effective privacy and information security program that promotes data privacy, security and risk management. Holding an ISO27701 Certification demonstrates the organization’s focus and commitment towards data privacy and security that is aligned with the compliance requirements of various privacy laws.
Conduct an initial study of business to understand your card processes, the environment and accordingly consolidate the scope.
Understand your business operations, controls, and systems to define the scope (People, Process, and Technology) as applicable.
Assess your organization vis-à-vis the ISO27701 standard to identify areas that need to be addressed.
Conduct a brief Awareness Training program on ISO27701 for your organization.
Identify your critical information assets and accordingly classify them for creating a separate Asset inventory.
Conduct a comprehensive Risk Assessment to identify weak areas and loopholes that could impact the business-critical assets of your organization.
Our experts rank the risks identified and accordingly help you strategize appropriate Risk Treatment measures.
We help in creating documents of policies and procedures with inputs and validation acquired from your team.
Our process and Tech team will work in collaboration with your team to help you in the ISMS and related policy rollouts.
User Training program for all personnel covered in scope on their specific ISMS responsibilities. Training content shall be provided.
After a reasonable gestation period, a separate team of experts conducts a Pre-assessment of your setup and measures implemented.
Our team will provide you complete support and assistance in helping you achieve certification from external auditors (of your choice) for ISO27701.
If required we can extend our continual support by offering you Managed Compliance Services to help your organization stay certified.
Any organization dealing with personal data and is required to comply with data privacy laws should go for an ISO27701 Certification.
An ISO27701 Audit cost for an average-sized company starts at $7500. Pricing for an ISO27701 Audit usually depends on several factors, including the Scope of Audit, Business Applications, Technology Platforms, Number of Locations, and other additional services.
On average it takes 8-12 weeks to complete an ISO27701 Audit. However, the timeline also greatly depends on the time taken for implementing the remediation suggested in the gap analysis.
You will receive ISO27701 Audit reports documenting the details of the effectiveness of the Organization’s system and controls. The report will detail information about how your client information is maintained securely with all necessary security and privacy controls in place.
ISO27001 certification is only valid for 3 years. But, requires yearly compliance audits to be done.