Just a few days after the new privacy certification was launched, OneTrust announced that we received the world’s-first ISO 27701 certification for a Privacy Information Management System (PIMS) – the privacy extension of ISO 27001, from auditor Coalfire.  

Read the press release: OneTrust Achieves World’s First ISO 27701 Certification, the Privacy Extension to ISO 27001 

The new ISO 27701 standard establishes additional privacy controls for the processing of personal data and may become the foundation for future GDPR certifications. The ISO 27001 standard recommends organizations include information security and personal data protection requirements into their general management systems.  

In honor of this new standard, we’re announcing a white paper that helps with the establishment and maintenance of a PIMS system in accordance with ISO 27701, as well as the planning and implementation of global privacy laws and frameworks.  

Download the whitepaper: ISO 27701 – How OneTrust Helps 

The paper provides an overview of how OneTrust helps with ISO 27701 and privacy information management, relating specifically to:  

  • PIMS Decision-Making 
  • Documentation 
  • Privacy Training, Testing and Attestation 
  • Internal Audits 
  • Records of Processing Activities 
  • Risk Assessment and Treatment 
  • Vendor Management 
  • Incident Response 
  • Data Subject Request Management 
  • Consent Management 

 Register for our ISO 27701 New Privacy Standard: How We Got Certified & How You Can Too! webinar on August 28, 11:00 am ET with Microsoft’s Alex Li 

Ultimately, implementing the new ISO 27701 standard gives organizations the opportunity to bolster their existing ISMS by extending the requirements of ISO 27001 to the privacy of information and protection of privacy as potentially affected by personal data processing.  

Additionally, this extension of ISO 27001 leads to increased collaboration between privacy and security teams as they work together to implement the requirements of ISO 27701 while upholding their own distinct roles and responsibilities.   

For more resources: