r3s-whitepaperlogo

ISO 27701: The Path to Privacy Program Certification and Implementation

Absent an official GDPR certification, companies have scrapped by with a gamut of costly due diligence questionnaires, customer audits, and stringent data protection addendum (DPA’s) in an attempt to gain at least minimum comfort that their company, vendors, and business partners are meeting the requirements spelled out by GDPR. These efforts have left a looming question for all affected companies:

When will there be a GDPR certification?

ISO 27701 not only fills the void as a potential GDPR certification, but provides much more by requiring companies to adhere to the ISO 27001 information security standards.  ISO 27701 combines security and privacy in one comprehensive certification. In this white paper, we will discuss the ISO 27701 framework, implementation methodology, required documents, and relevance to GDPR.  Detailed mappings of Clauses 5, 6, 7, and 8 to existing standards are included as appendices.

This Whitepaper Series Includes:

Part 1: Will present a business case which outlines why organizations should consider ISO 27701 certification from business perspective

Part 2: Will cover the essential elements of the ISO 27701 Framework (This Whitepaper)

Part 3: Will cover the ISO 27701 certification process from start to finish

Request Whitepaper

Philip Brudney

Philip leads Security, Privacy, and Compliance research and quality assurance at risk3sixty. He oversees privacy and attestation reporting and is the co-quality assurance manager for the assurance practice where he is responsible for ensuring each engagement meets risk3sixty’s rigorous quality standards in line with AICPA requirements. Phil leads development and peer review of thought leadership, research, and whitepapers. In addition, Phil acts as the Data Protection Officer (DPO) for a wide array of US based firms facing GDPR compliance.