Trust Strike Graph to help you become
ISO 27701 certified

As one of the first compliance software companies to offer the ISO 27701 framework, we’ll get—and keep—your organization ahead of the competition.

What is ISO 27701?

ISO/IEC 27701 is a privacy add-on to ISO 27001 that will help you manage Personally Identifiable Information (PII) within your organization. It can assist in privacy compliance with laws such as the California Consumer Privacy Act (CCPA) and European Union General Data Protection Regulation (GDPR).

Achieve

Get—and Stay—Ahead of the Curve

Because it’s so new, very few organizations have adopted ISO 27701, meaning certification will help you get—and stay—ahead of the privacy compliance curve.

Audit-tested control library-1

Target & Support Compliance

Certification won’t only help your organization better align and comply with GDPR, but will also allow you to use the standard to encompass other, applicable privacy and data protection regulations like CCPA and more.

SG icons-6

Build Trust

Build trust in your company’s ability to manage personal information for employees, customers, suppliers and other interested parties by demonstrating a commitment to information security.

Risk = security-1

Safeguard Your Reputation

Protect and maintain the integrity of consumers’ and other interested parties’ personal information. Your organization will be able to conduct its activities with the confidence and knowledge that your systems can help manage data privacy risks.

System Description engine 1-1

Facilitate Agreements

With business partners where the processing of PII is mutually relevant. Certification will make it easier to demonstrate compliance, respond to security questionnaires, and assure organizations and individuals that their data is protected. This extra assurance for potential customers may also enable you to win more bids.

Leveraging the power

Inspire Stakeholder Trust

Certification will demonstrate that your organization is putting data protection at the heart of your business. Not only is it recognized internationally, but it is also accepted throughout industry supply chains and sets industry benchmarks for sourcing suppliers.

100% of Strike Graph customers have achieved clean attestation reports

Cybersecurity compliance platform of choice for growing digital and technology businesses

The ISO 27701 Framework: What You Need to Know

ISO 27001 is a framework for an organization’s Information Security Management System (ISMS), which establishes a systematic approach to security through policies, procedures, processes, technologies, and systems. ISO 27701 expands the ISMS and creates a privacy information management system (PIMS), which covers the methods an organization has for collecting, processing, storing, and destroying personally identifiable information, or PII.

Framework-ISO27701

The Next Step: Becoming ISO 27701 Certified

Since ISO 27701 builds on ISO 27001, you will need to obtain ISO 27001 certification simultaneously with ISO 27701, or have prior ISO 27001 certification with an ANAB/UKAS accredited certification body.

That’s where we come in. Strike Graph can help you build a simple, reliable and effective compliance program so that you can get your ISO 27701 certification quickly and get back to focusing on revenue and sales.

Leveraging_the_power

Additional Resources for ISO 27701

Learn everything you need to know about ISO 27701, including all the benefits of certification, the ins and outs of the framework, how it relates to ISO 27001, how your organization can become and stay certified, and more.

Learn how you can leverage Strike Graph for your cybersecurity needs

ISO 27701: Everything You Need to Know

ISO 27701 is a privacy add-on to ISO 27001

ISO/IEC 27701 will help you manage Personally Identifiable Information (PII) within your organization. This new standard, created for use by anyone responsible for PII in any sort of organization, was designed as the framework for demonstrating GDPR compliance. Prior to ISO 27701, companies could self-assess their adoption of GDPR to claim they were GDPR compliant, but there was no way of knowing for sure. ISO 27701 is an independently assessed certification of a company’s GDPR program. The standard shows you how to design, set up, manage, and continually improve a Privacy Information Management System (PIMS).

 

The benefits of ISO 27701 certification

ISO 27701 provides personal data protection for companies who have enterprise customer data internationally, especially in the EU. This certification won’t only insure you’re GDPR and CCPA compliant, but because it’s so new, very few organizations have adopted it, meaning certification will help you get—and stay—ahead of the privacy compliance curve.

 

The ISO 27701 framework

ISO/IEC 27701:2019 is one of the many standards published by the International Organization for Standardization (ISO). The organization has developed over 24,090 standards, ranging from environmental to information technology. ISO 27701 is part of the ISO 27000 family of standards, co-owned by ISO and the International Electrotechnical Commission (IEC). Its security techniques are an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management.

 

How does it relate to ISO 27001?

ISO 27001 is a framework for an organization’s Information Security Management System (ISMS). An ISMS establishes management processes by means of information security controls to address information and data security risks. Its focus on information security risk management and continuous improvement makes it the most widely recognized IT Security certification internationally. ISO 27701 expands the ISMS and creates a privacy information management system (PIMS).

 

What is an ISMS?

An Information Security Management System (ISMS) is a management framework of policies and procedures to keep sensitive and confidential information secure. An ISMS establishes a systematic approach to security through policies, procedures, processes, technologies, and systems. This approach is designed to manage information risks such as cyberattacks, data leaks, insider threats, hacks, or theft. An ISMS:

  • Enables organizations to secure information in all its forms and increase their resilience to attacks
  • Enables employees and partners to readily understand risks and embrace security controls in their working practices
  • Helps businesses respond to evolving security threats to the integrity, confidentiality, and availability of the data it handles
  • Improves businesses’ cybersecurity cultures through its integrated approach that covers technology, people, and processes


What is a PIMS?

A privacy information management system (PIMS) enables you to meet the highest standards of transparency and responsibility when processing personal information. Privacy information management systems, sometimes referred to as personal information management systems, cover the methods an organization has for collecting, processing, storing, and destroying personally identifiable information, or PII. PII is considered any data that can be used to specifically identify a person; it can include an individual’s name, address, birthday, phone number, email address, IP address, etc. A PIMS:

  • Provides new controller- and processor-specific controls
  • Establishes a point of convergence between what could be two different functions
  • Helps organizations overcome the challenges of privacy and security


Becoming ISO 27701 certified

The ISO 27701 audit requires organizations to declare applicable laws and/or regulations in its criteria for the audit. This is so the standard can be mapped to the many requirements of CCPA, GDPR, or other laws. To obtain certification, you need to implement an effective PIMS complying with the requirements of the standard. Once mapped, the ISO 27701 operational controls are implemented by privacy professionals and audited by internal or third-party auditors. If this audit results in comprehensive evidence of conformity, certification is granted. The cost of an ISO 27701 certification will depend on various factors like the size and level of complexity of your organization, training, number of employees, sites, technologies to be implemented and updated, external expertise, and the certification audit itself.

 

Staying ISO 27701 certified

The ISO 27701 certification is maintained through a program of annual surveillance audits and is valid for three years, at which point your organization will have to undergo a recertification audit. In the meantime, your organization will need to conduct periodic risk assessment reviews as risks and threats evolve, as well as perform internal audit management reviews, taking corrective actions on nonconformities.