SG-logo-white
  • Solutions
    • Frameworks
      • SOC 2
      • ISO 27001
      • ISO 27701
      • HIPAA
      • PCI DSS
      • NIST 800-171
      • CCPA / CPRA
      • GDPR
      • TISAX
    • Design

      Design a robust security posture that mitigates risk and builds trust.

      • Security program design
    • Operate

      Manage and grow your security program as your business matures.

      • Security program operation
      • Integrations
      • Security questionnaires
    • Measure

      Inspire customer trust with security certifications and reports.

      • Security certifications
      • Pen testing
  • Pricing
  • Company
    • Strike Graph
      • About us
      • Careers
      • News
      • Partner
      • Press
    • FEATURED

      Cybersecurity is evolving — Strike Graph is leading the way.

      Screen Shot 2023-02-09 at 2.57.5-min (1)
      February 9, 2023
      Security Compliance: Why It’s A Business Accelerator
    • Thought leadership
      It’s your technology and your security controls: Don’t let an auditor become your CTO
      Cybersecurity compliance that is unique to your organization
      Constant compliance is security theater
  • Resources
    • categories
      • All
      • CCPA / CPRA
      • GDPR
      • HIPAA
      • ISO 27001
      • ISO 27701
      • NIST
      • PCI DSS
      • Pen test
      • Security compliance
      • Security questionnaires
      • SOC 2
      • Strike Graph news
      • TISAX
    • Ebook

      Check out our newest resources.

      get-certified-01_201 (1)
      Learn how to get certified the smarter way.
      Download our free ebook
    • SEARCH

      Find answers to all your questions about security, compliance, and certification.

    • Sign In
    • Schedule a demo
    • Sign In
    • Schedule a demo

    Ready to see Strike Graph in action?

    Find out why Strike Graph is the right choice for your organization. What can you expect?

    • Brief conversation to discuss your compliance goals and how your team currently tracks security operations
    • Live demo of our platform, tailored to the way you work
    • All your questions answered to make sure you have all the information you need
    • No commitment whatsoever

    We look forward to helping you with your compliance needs!

    Fields marked with a star (*) are required

    Find out why Strike Graph is the right choice for your organization. What can you expect?

    • Brief conversation to discuss your compliance goals and how your team currently tracks security operations
    • Live demo of our platform, tailored to the way you work
    • All your questions answered to make sure you have all the information you need
    • No commitment whatsoever

    We look forward to helping you with your compliance needs!

    Stay ahead of the competition with ISO 27701.

    Strike Graph makes it easy to strengthen privacy protections — and prove you’re GDPR and CCPA compliant — with the ISO 27701 add-on.

    Schedule a demo

    As privacy protections evolve, it’s essential to stay ahead of the curve.

    solution-x

    ISO 27701 support
    is tough to find.

    Because the ISO 27701 privacy add-on is so new, there aren’t many platforms that offer support.

    solution-check

    Strike Graph
    has you covered!

    We can help you add ISO 27701 to an existing 27001 certification or facilitate both for you, saving time and money.

    Rectangle_20451_20(1)-min

    Strike Graph is your guide to cutting-edge privacy protections.

    Stay ahead of the competition.

    Strike Graph can help you get your ISO 27701 privacy add-on now, while your competitors are still wondering what it’s all about. It’s a great way to show your business partners and customers that you’re serious about protecting personal information and prove that you’re GDPR and CCPA compliant.


    ISO 27701 framework

    ISO 27701-specific templates

    With Strike Graph, there’s no need to waste time figuring out unfamiliar ISO 27701 requirements. Use our extensive library of policy templates and pre-loaded controls — or, customize them to fit your exact needs.


    Policy Template (1)

    All your security certifications in one place

    Strike Graph lets you apply controls across multiple frameworks, saving hundreds of hours of time when you need to add a security certification. We support SOC 2, ISO, HIPAA, PCI DSS, GDPR, and CCPA.


    control_monitoring_screenshot

    Packed with
    useful features

    strikegraph-icon_penetration-testing-dark
    In-house
    penetration testing
    strikegraph-icon_framework-mapping-dark
    Cross-framework support
    strikegraph-icon_policy-template-dark
    55+ policy templates
    strikegraph-icon_integrations-dark
    Easy integrations

    Here’s how it works.

    Strike Graph demystifies the ISO 27701 certification process.

    Schedule a demo
    Step 1

    Complete an initial risk assessment to identify security gaps.

    Our platform walks you through every aspect of your chosen regulatory framework — such as GDPR or CCPA — so you can address any missing ISO 27001 requirements.
    Step 2

    Assign controls to each of your risks.

    Strike Graph comes preloaded with the controls you need based on your risk assessment. Use them as is or customize them for your company’s unique context.
    Step 3

    Pass your audit and receive ISO 27701 certification!

    Once our internal audit verifies that you’ve successfully mitigated the risk identified in your assessment, you’re ISO 27701 certified!
    • Star 2
    • Star 2
    • Star 2
    • Star 2
    • Star 2

    See what our customers have to say

    UsersMostLikelyToRecommend_Winter 2023
    MomentumLeader_Winter 2023
    HighPerformer_Small-Business_Winter 2023
    HighPerformer_Mid-Market_Winter 2023
    BestMeetsRequirements_Winter 2023

    Say goodbye to compliance stress

    The team at Strike Graph is very hands-on, making my job a lot easier. From SOC 2 to ISO 27001, compliancy can be confusing, but Strike Graph provides the confidence that I have set my team up for success. Read more on G2.com

    — Ben W., partnerships and growth specialist

    Strike Graph has quickly become core to our compliance efforts

    The platform makes managing your controls and evidence so easy, especially if you have multiple compliance frameworks you're working within (i.e. SOC2, HITRUST, ISO, etc.) Read more on G2.com

    — Executive sponsor, Information technology and services

    Strike Graph is your partner in compliance …

    Strike Graph is your one-stop shop to get your security audits going and completed in half the time. There are file repositories for security audits, automated security questionnaires, evidence repository, and great support from the customer success team. Whether you need evidence of HIPAA, SOC 2, or ISO, you're in the right place. Read more on G2.com

    — Administrator, information technology and services
    Find out why hundreds of companies turn to Strike Graph for information security.
    image 6
    image 7
    image 8
    image 9
    image 10
    image 11
    image 12
    image 13
    image 14
    image 15

    ISO 27701: Dig into the details.

    ISO 27701 may be an add-on, but it covers a lot. Read on for answers to all your questions.

    What is ISO 27701?

    ISO/IEC 27701:2019 is one of the many standards published by the International Organization for Standardization (ISO). The organization has developed over 24,090 standards, ranging from environmental to information technology. ISO 27701 is part of the ISO 27000 family of standards, co-owned by ISO and the International Electrotechnical Commission (IEC). Its security techniques are an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management.

    The new ISO 27701 standard, created for use by anyone responsible for PII in any sort of organization, was designed as the framework for demonstrating GDPR compliance. Prior to ISO 27701, companies could self-assess their adoption of GDPR to claim they were GDPR compliant, but there was no way of knowing for sure. ISO 27701 is an independently assessed certification of a company’s GDPR program. The standard shows you how to design, set up, manage, and continually improve a privacy information management system (PIMS).

    How does ISO 27701 relate to ISO 27001?

    ISO 27701 is a privacy add-on to ISO 27001. ISO 27001 is a framework for an organization’s information security management system (ISMS). An ISMS establishes management processes by means of information security controls to address information and data security risks. Its focus on information security risk management and continuous improvement makes it the most widely recognized IT Security certification internationally.

    ISO 27701 expands the ISMS and creates a privacy information management system (PIMS).

    What is an information security management system (ISMS)?

    An information security management system (ISMS) is a management framework of policies and procedures to keep sensitive and confidential information secure. An ISMS establishes a systematic approach to security through policies, procedures, processes, technologies, and systems. This approach is designed to manage information risks such as cyberattacks, data leaks, insider threats, hacks, or theft.

    ISMSs accomplish a number of goals:

    • Enable organizations to secure information in all its forms and increase their resilience to attacks
    • Enable employees and partners to readily understand risks and embrace security controls in their working practices
    • Help businesses respond to evolving security threats to the integrity, confidentiality, and availability of the data they handle
    • Improve businesses’ cybersecurity cultures through an integrated approach that covers technology, people, and processes

    What is a privacy information management system (PIMS)?

    A privacy information management system (PIMS) enables you to meet the highest standards of transparency and responsibility when processing personal information. Privacy information management systems, sometimes referred to as personal information management systems, cover the methods an organization has for collecting, processing, storing, and destroying personally identifiable information (PII. PII is considered any data that can be used to specifically identify a person; it can include an individual’s name, address, birthday, phone number, email address, IP address, etc.

    PIMSs have a number of benefits:

    • Provide new controller- and processor-specific controls
    • Establish a point of convergence between what could be two different functions
    • Help organizations overcome the challenges of privacy and security

    What are the specific requirements to become ISO 27701 certified?

    Since ISO 27701 builds on ISO 27001, you will need to obtain ISO 27001 certification simultaneously with ISO 27701, or have prior ISO 27001 certification with an ANAB/UKAS accredited certification body.

    The ISO 27701 audit requires organizations to declare applicable laws and/or regulations in its criteria for the audit. This is so the standard can be mapped to the many requirements of CCPA, GDPR, or other laws. To obtain certification, you need to implement an effective PIMS complying with the requirements of the standard. Once mapped, the ISO 27701 operational controls are implemented by privacy professionals and audited by internal or third-party auditors. If this audit results in comprehensive evidence of conformity, certification is granted.

    How can my company maintain its ISO 27701 certification?

    The ISO 27701 certification is maintained through a program of annual surveillance audits and is valid for three years, at which point your organization will have to undergo a recertification audit. In the meantime, your organization will need to conduct periodic risk assessment reviews as risks and threats evolve, as well as perform internal audit management reviews, taking corrective actions on nonconformities.

    Additional Resources

    Check out more helpful guides from the Strike Graph team!

    • ISO 27701
    April 7, 2022

    ISO 27701 Basics

    • ISO 27701
    • ISO 27001
    June 21, 2022

    What's the difference between ISO 27001 and 27701?

    • ISO 27701
    • STRIKE GRAPH NEWS
    February 10, 2022

    Strike Graph now supports ISO 27701

    HubSpot Video

    Looking for more information?

    We’re happy to walk you through our ISO 27701 process. Just fill out the form below, and one of our experts will get in touch!

    Request a demo
    SG-logo-white

    Strike Graph offers an easy, flexible security compliance solution that scales efficiently with your business needs — from SOC 2 to ISO 27001 to GDPR and beyond.

    Frameworks

    • SOC 2
    • ISO 27001
    • ISO 27701
    • HIPAA
    • PCI DSS
    • NIST 800-171
    • CCPA / CPRA
    • GDPR

    Design

    • Security program design

    Operate

    • Security program operation
    • Integrations
    • Security questionnaires

    MEASURE

    • Security certifications
    • Pen testing

    Learn more

    • Resources
    • News
    • Press
    • Pricing
    • Partner
    • About us
    • Careers
      • Sign in
      • Schedule a demo
      SOC_NonCPAA
      • 🦆 icon _rounded linkedin_
      • 🦆 icon _rounded facebook_
      • 🦆 icon _rounded twitterbird_
      • Subtract

      @ 2023 Strike Graph, Inc. All Rights Reserved • Privacy Policy • Terms of Service

      Ready to see Strike Graph in action?

      Find out why Strike Graph is the right choice for your organization. What can you expect?

      • Brief conversation to discuss your compliance goals and how your team currently tracks security operations
      • Live demo of our platform, tailored to the way you work
      • All your questions answered to make sure you have all the information you need
      • No commitment whatsoever

      We look forward to helping you with your compliance needs!

      Fields marked with a star (*) are required

      Find out why Strike Graph is the right choice for your organization. What can you expect?

      • Brief conversation to discuss your compliance goals and how your team currently tracks security operations
      • Live demo of our platform, tailored to the way you work
      • All your questions answered to make sure you have all the information you need
      • No commitment whatsoever

      We look forward to helping you with your compliance needs!