Structure of the ISO 27701 Standard

The standard is made up of 8 sections and 6 annexes.

The standard establishes the new requirements and implementation guides to the regulatory body of the ISO 27001 and ISO 27002 standards, for the implementation of the Information Privacy Management System.

In addition, it includes a mapping between ISO 27701 and the ISO 29100, ISO 27018 and ISO 29151 standards; as well as a relationship between the requirements of the GDPR and the standard.

Highlights of ISO 27701

• This standard requires the performance of a specific risk analysis for information privacy, which can be an integral part of the organization’s information security risk analysis.
• The organization must make a statement of applicability that includes the new information privacy controls.
• Cryptography begins to have greater weight in data processing processes.
• The controls related to the registration and review of events increase their number of requirements and demands.
• A specific policy is necessary for backups that details, among others: frequency of completion, retention periods, restoration procedures and a record of restoration requests made in relation to the protected data.
• The secure development policy, with greater control throughout the software life cycle.
• New incident response procedures specific to data privacy incidents are necessary.

Contact us for more information about ISO 27701