News

A New ISO Standard for GDPR Compliance – ISO/IEC 27701

December 9, 2019

 

 applied risk mgt

Andy Mills (founder of Applied Risk Management Ltd) is part of the Innovation Martlesham (IM) ecosystem. His Company offers ISO standards consultancy services and as part of the IM ecosystem has been able to help many local companies achieve ISO certifications.

 

Keeping business well informed of changes or new opportunities is very important to Andy and is happy to advise that anyone with an existing ISO/IEC 27001 information security management system may be interested to know that the International Standards Organisation (ISO) has just published a new standard called ISO/IEC 27701:2019

 

In anticipation of the changing regulatory landscape and the need for a common set of concepts to tackle personal data protection, ISO and the IEC have developed this standard as a privacy extension to ISO/IEC 27001. This standard defines requirements for an Information Security Management System (ISMS).


Also a part of the ISO/IEC 27000 series, the new ISO/IEC 27701 standard deals with how to establish and run a Personal Information Management System (PIMS) that adds Personally Identifiable Information (PII) security to an existing ISO/IEC 27001 information security management system.

 

This is available to be purchased in hard-copy format from Applied Risk Management Ltd. If anyone is interested, please contact Andy Mills for a quote. The normal price is £199 but Andy can offer a discount on this price to local businesses.

 

Andy can also offer a discount on any other BS or ISO standard document when purchased as a hard-copy via Applied Risk Management Ltd.

 

If you don’t currently have an ISO/IEC 27001 management system, instead you could use BS 10012 for defining a Personal Information Management System (PIMS) for GDPR compliance because it doesn’t depend on ISO/IEC 27001.

 

Please contact Andy Mills directly if you have any questions about this new standard or need help with ISO management systems, standards or GDPR in general.

 



< Back