The ISO/IEC 27701 is a standard related to the protection of personal data within Information Security Management Systems (ISMS) based on ISO/IEC 27001. Specifically linked to the practices of personal data management, ISO/IEC 27701 provides a framework for privacy protection. This standard aims to assist organizations in the field of information management in protecting personal data in accordance with the requirements of the General Data Protection Regulation (GDPR) and other relevant legislation. It provides a framework for implementing control measures and ensuring compliance with personal data protection issues within the ISMS.

Since the beginning of 2016, the European Parliament approved the General Data Protection Regulation (GDPR). This law established a new framework of regulations that companies handling personal data must comply with and has been in effect since May 2018.

The requirements of the ISO/IEC 27701 extension serve as a valuable guide for the organization’s compliance with the GDPR law. Additionally, they enhance the organization’s trust relationships with customers, partners, and employees.

A prerequisite for implementing this standard is certification or simultaneous certification according to the ISO/IEC 27001 standard.The ISO/IEC 27701 is a standard related to the protection of personal data within Information Security Management Systems (ISMS) based on ISO/IEC 27001. Specifically linked to the practices of personal data management, ISO/IEC 27701 provides a framework for privacy protection. This standard aims to assist organizations in the field of information management in protecting personal data in accordance with the requirements of the General Data Protection Regulation (GDPR) and other relevant legislation. It provides a framework for implementing control measures and ensuring compliance with personal data protection issues within the ISMS.

Since the beginning of 2016, the European Parliament approved the General Data Protection Regulation (GDPR). This law established a new framework of regulations that companies handling personal data must comply with and has been in effect since May 2018.

The requirements of the ISO/IEC 27701 extension serve as a valuable guide for the organization’s compliance with the GDPR law. Additionally, they enhance the organization’s trust relationships with customers, partners, and employees.

A prerequisite for implementing this standard is certification or simultaneous certification according to the ISO/IEC 27001 standard.

Audit Information & ExpectationsApplication Form
F-2108, Annex CF-2503Annex D