As the overlap of privacy and security regulations increases, so does the need for these teams to collaborate, communicate, and use common tools. Technology is needed for the maintenance and continual improvement of a privacy information management system (PIMS) in accordance with ISO 27701 as well as the planning and implementation of global privacy laws and frameworks.
Tools to Streamline Your ISO20771 Audit Process
Develop Your PIMS
With OneTrust Privacy Management, your organization can streamline PIMS development to meet the many ISO 27701 obligations.
PIMS Decision-Making
Leverage the planning templates in OneTrust to assist with PIMS decision-making, evaluate your organization, define risk criteria, and more.
Internal Audits
After completing an audit, easily generate an audit report showing an overview of your answers, comments, and evidence attachments.
Documentation
OneTrust helps store and organize PIMS documentation in a central location for access by the PIMS team and other need-to-know personnel.

Simplify PIMS Planning
The OneTrust ISO 27701 Privacy Information Management System (PIMS) Planning template assists with decision-making according to clause 5 of the ISO 27701 standard. Evaluate your organization and its context, understand the needs and expectations of interested parties, determine the scope of the PIMS, identify leadership roles and responsibilities, and more.

Easily Create, Review, Update, and Control Documentation
OneTrust provides a central privacy management platform to store and organize PIMS documentation in a central location for access by the PIMS team and other need-to-know personnel.

Ensure All Employees and Contractors Receive Privacy Training
Leverage awareness training content created by privacy professionals to train, test, and record employee attestation to acceptable use policies and employee responsibility documents.

Optimize the Auditing Process with Customizable Checklists
Use the OneTrust ISO 27701 Audit Checklist template, a fully customizable questionnaire based on ISO 27701, to assist in conducting internal or external audits to evaluate the maturity and overall effectiveness of the PIMS, and to track corrective action plans.

Establish, Maintain, and Preserve Records of Processing Activities
With OneTrust, you can create and maintain inventories of your organization’s assets and vendors, the risks associated with each, and their owners within the organization. With Data Mapping Automation, collect information about the purpose, type and process by which personal data is being collected, used, stored, and transferred, as well as generate visualizations and data flow diagrams as tools for easier analysis and executive communication.

Automate Your Risk Assessment and Treatment Plan
Use OneTrust PIA and DPIA Automation, and an extensive gallery of questionnaire templates, to identify and calculate risks to individuals as a result of processing their personal information, and to craft and track risk treatment plans.

Streamline Supplier, Processor, and Vendor Management
Use OneTrust third-party risk management software to automate the vendor engagement lifecycle, from onboarding to offboarding, to help obtain and maintain ISO 27701 certification.

Put Incident Management and Breach Response Procedures into Action
Enable self-service reporting of security incidents and weaknesses, maintain incident and breach records, evaluate against breach notification obligations, and analyze overall risk with connections to your underlying inventories of data, processing activities, assets and vendors.

Meet Data Subject and Consumer Rights Requirements
OneTrust provides a standardized way for privacy programs to receive requests and manage them in a centralized system. Additionally, to tailor a branded web form – linked from your company’s privacy policy web page – as well as the ability to receive notification of a submitted request, validate the identity, and automatically file an extension if a deadline is approaching.
