The ISO 27701 software tool
Do you want to ensure that your organization is ready for ISO 27701 certification? The ProActive Compliance Tool (PCT) helps your organization to do so. This user-friendly tool provides you with tools to comply with the requirements of the ISO standard with regard to Privacy Information Management in a structured and clear way, so that you can easily perform the compliance check on this standard.
The PCT helps you and therefore your organization to go through the process based on your company information, in the form of a PIMS (Privacy Information Management System). In addition, the PCT provides insight into the legal and regulatory requirements that you must meet as an organization and thus ensure that you get a grip on your compliance and certifications. The PCT ensures that you go through the steps of this process in an unambiguous way and thus ensure that the audit can run smoothly.
What is the ISO 27701 standard for Privacy Information Management?
The ISO 27701 standard is an extension of the requirements of the ISO 27001 standard for information security. The ISO 27001 focuses on creating an ISMS (Information Security Management System). ISO 27701 provides guidelines and specifies requirements for setting up, implementing, maintaining and continuously improving a PIMS. This specifically concerns a management system that protects your personal data. A large part of ISO 27701 consists of the requirements set in the European law for GDPR, these requirements are therefore a large part of the requirements for the ISO 27701 standard. That is why this standard can also help your organization with complying with and implementing the GDPR legislation and compliance.
Are you already certified for ISO 27001 and would you like to add ISO 27701 to it? Then it is important that the PDCA (Plan Do Check Act) cycle is continuous. This means that the entirety of guidelines, procedures must be drawn up and implemented. And it is important that this is a continuous PDCA cycle. So that the changes that apply to the PIMS are processed, monitored and implemented correctly. Then you ensure that your organization keeps the PIMS up to date and thus ensures that you meet the certification requirements during the audit.
"A large part of ISO 27701 consists of the requirements set in the European law for GDPR, these requirements are therefore a large part of the requirements for the ISO 27701 standard. That is why this standard can also help your organization in complying with and implementing GDPR legislation and compliance."
Privacy Information Management System (PIMS)
The 27701 standard provides concrete guidelines for supplementing an ISMS with a PIMS. Additional control measures aimed at personal data will be added to all parts of the ISMS. If your organization is already certified for ISO 27001 or NEN 7510, the desired additional measures from ISO 27701 are relatively easy to organize.
The ISO 27701 audit
Because ISO 27701 is an addition to the ISO 27001 standard, you will already be familiar with a certification process and have previously gone through an audit. Nevertheless, an audit can lead to stress, because the work related to certification often comes on top of the daily work. That is why as an organization you would like to be guided by a tool that makes this process as easy as possible.
The PCT will guide your organization to ensure that you can prepare the necessary information online for the audit. By using the PCT you know which steps are still needed to comply with the ISO 27701 certification. In this way you demonstrate that both your organization and the stakeholders involved have well organized and compliant with regard to the protection of privacy in the processing of (personal) data. You also demonstrate that your organization handles privacy-sensitive information carefully and correctly. Particularly when this information can be traced back to the individual; the so-called Personally Identifiable Information (PII).
Based on the information you have added to the software tool, an independent certification body (CB) will assess whether your organization meets the criteria for the ISO 27701 standard. If the audit is positive, the certification will follow and you will receive the official ISO 27701 certificate! It is also possible that shortcomings are still reported by the CB, since the processes still need to be improved.
“The PCT is a tool that helps you step by step and prepares your organization for the process towards certification in accordance with ISO 27701.”
Benefits of the ISO 27701 software compliance tool
Provides insight into the fact that your organization handles privacy-sensitive information responsibly and complies with privacy legislation privacy
Provides insight and clarity to roles and responsibilities in your organization
Helps create structure
Creates trust in organizations you do business with by demonstrating how you handle personal information
Helps to facilitate tender or quotation processes
It improves internal competencies and processes to prevent a data breach
Easy check if all necessary information for certification is up to date