ISO 27701 Consulting

ISO 27701 Consulting Services from SHC will help you become compliant and certified more quickly. Compliance with external standards such as ISO 27701 is a top priority for many organisations who need an internationally recognised Privacy Information Management System (PIMS).

ISO 27701 is a framework for data privacy that builds on ISO 27001. This privacy best practice helps to guide organisations on policies and procedures that must be in place to comply with GDPR and other data protection/privacy regulations and laws. It will help you to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented Privacy Information Management System.

For organisations that need to demonstrate to customers that they have a well organised, robust Privacy Information Management System, it can provide significant competitive advantage in the marketplace and the peace of mind that your organisation is legally compliant.

ISO 27701 Compliance

Becoming compliant with the ISO 27701 standard shows customers, auditors and other stakeholders that your organisation is serious about managing compliance with data protection and privacy laws and regulations. Whether you are using the standard as a guideline or working towards certification, our consultants can provide expert assistance in a number of ways: –

Gap Analysis

An ISO 27701 gap analysis from SHC will compare and document the privacy controls in your current Information Security Management System (ISMS) with the requirements of the standard. We will carry out a detailed assessment of how you comply with the clauses of the standard by looking at all the relevant areas of your organisation and infrastructure.

It will also identify where there are adequate privacy controls in place and where there are areas for improvement by reviewing what you have in place against the Annex A Control list from the ISO 27001 standard.

ISO 27701 Gap Analysis

Developing Policies and Procedures

Before implementing ISO 27701, it is common for organisations to have inadequate documentation and in some cases, no written privacy policies or processes at all. Where policy gaps are identified, we can help you speed up the process of creating policy documents. We can provide both template and bespoke documentation. Our aim is to help you produce policy documents that are practical and brief enough to be useable but robust enough to provide effective privacy management.

Risk Assessment

One of the most difficult and time-consuming elements of implementing ISO standards can be carrying out privacy risk assessments. All ISO management standards are risk based frameworks but Data Protection Law also prescribes specific assessments that should be carried out, such as or Data Protection Impact Assessments (DPIA). Choosing the correct risk assessment methodology for your organisation is an essential step toward effectively managing your data protection risks.

INTERNAL AUDIT

Before you can qualify for an ISO 27701 Certificate, you will need to implement an internal audit program. You will also need to have carried out at least some of the audits from your schedule and carried out follow-up actions. Our consultants can help you get up to speed quickly by walking you through the audit process. Our internal audit service is also aimed at organisations who already have an internal audit program in place but need assistance with the audit workload or who feel they would benefit from a fresh pair of eyes from time to time.

ISO 27701 Certification Preparation

We can provide expert assistance to guide you through the certification process to ensure you are fully prepared for the final certification audits with your UKAS accredited certification body. We can also attend the certification audits themselves, if you want the additional support. This will help to ensure that the effectiveness of your PIMS is communicated to your external auditor, in terms that will be familiar to them.

Management review

Periodic management reviews are a cornerstone of an ISO based management systems and you will need to have held at least one management review to gain certification. An experienced SHC consultant will guide you through the process and ensure effective review of internal and external audit results, security incident records and your updated risk assessments to help you ensure continual improvement of your Privacy Information Management Standard.

NEED MORE INFORMATION?