Find out why Strike Graph is the right choice for your organization. What can you expect?
Find out why Strike Graph is the right choice for your organization. What can you expect?
As you may have recently heard, Strike Graph now supports ISO 27701. In this post, we wanted to explain a little bit more about what ISO 27701 is, why it’s important, and how Strike Graph can help your organization achieve certification.
Without further ado, let’s get to it!
ISO 27701 is a privacy add-on to ISO 27001. Whereas ISO 27001 establishes a framework for an organization’s Information Security Management System (ISMS)—helping manage the security of data overall—ISO 27701 helps specifically manage Personally Identifiable Information (PII).
PII is considered any data that can be used to specifically identify a person; this can include an individual’s:
ISO 27701 helps organizations manage PII by showing them how to design, set up, manage, and continually improve a Privacy Information Management System (PIMS).
A PIMS covers the methods an organization has for:
It achieves this by providing new controller- and processor-specific controls and establishing a point of convergence between what could be two different functions. This helps organizations overcome some common privacy and security challenges.
ISO 27701 is important primarily because it can assist in privacy compliance with laws such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Both require companies to provide consumers with the right to know about the PII they collect, the right to delete PII, the right to opt-out of the sale of their PII, and more.
Additionally, because it’s so new, very few organizations have adopted it. This means obtaining ISO 27701 certification now will help you get—and stay—ahead of the privacy compliance curve.
Once certified, you’ll also enjoy a plethora of benefits, including:
Seeing as ISO 27701 builds on ISO 27001, you will need to obtain ISO 27001 certification simultaneously with ISO 27701, or already have the ISO 27001 certification.
The ISO 27701 audit itself requires organizations to declare applicable laws and/or regulations in its criteria for the audit. This way, the standard can be mapped to the requirements of CCPA, GDPR, or other standards. Next, your organization will need to implement an effective PIMS complying with the requirements of said standard.
That’s where we come in. Strike Graph can help you build a simple, reliable, and effective compliance program so that you can get your ISO 27701 certification quickly. We achieve this by:
If certification is granted, it will be subject to annual surveillance audits, and after three years your organization will have to undergo a recertification audit. Throughout this process, your organization will need to conduct periodic risk assessment reviews, perform internal audit management reviews, and take corrective actions on nonconformities; but don’t worry, we can help with that too.
The security landscape is ever changing. Sign up for our newsletter to make sure you stay abreast of the latest regulations and requirements.
Strike Graph offers an easy, flexible security compliance solution that scales efficiently with your business needs — from SOC 2 to ISO 27001 to GDPR and beyond.
© 2024 Strike Graph, Inc. All Rights Reserved • Privacy Policy • Terms of Service
Find out why Strike Graph is the right choice for your organization. What can you expect?
Find out why Strike Graph is the right choice for your organization. What can you expect?