OUR SERVICES

ISO 27701 Privacy Certification

ISO 27701 - Privacy Information Management (PIM) Certification

Would you like to be certified to a globally recognised standard which addresses the challenge of GDPR and Data Protection Act compliance and provides assurance that your organisation has effective data protection controls in place? If so, Teamwork IMS consultants can help.

INTERNATIONAL STANDARDS

About ISO 27701

The ISO 27701 Standard has been introduced to help organisations protect and manage the control and processing of personal information. In conjunction with ISO 27001, ISO 27701 can be applied to companies of all sizes, in any sector, and in any country.

Achieving certification to ISO 27701 provides independent assurance to your existing and potential customers that you have appropriate data protection controls in place. It can give you that vital edge over your competitors.

Staff and regulatory bodies will also know that you are an organisation that has the highest standards of personal information management.

WE CAN HELP YOU ACHIEVE ISO 27701 CERTIFICATION

Teamwork consultants will review your organisation’s current data protection and information security processes against the requirements of the ISO 27701 Standard, and work with you to identify the necessary controls to achieve compliance with ISO 27701. If required, our consultants will then assist you to ultimately achieve ISO 27701 certification.

COMBINING ISO 27701 WITH OTHER ISO STANDARDS

Are you considering achieving combined certifications for ISO 27701 alongside other Standards such as ISO 27001 (Information Security), ISO 9001 (Quality) or ISO 20000 (IT Service Management) for example? Do you already have certification to other ISO Standards and want to integrate ISO 27701 requirements with them? Teamwork IMS consultants specialise in this combined approach, that is, implementing Integrated Management Systems.

For organisations who need to achieve two or more ISO standards, there are significant advantages in implementing these standards in parallel rather than taking a phased approach, in particular the internal and external incremental costs can be significantly reduced. There are also significant resource economies to be achieved with projects addressing multiple ISO standards e.g. one gap analysis, one implementation programme, less potential for duplication and more effective integration of your management systems. Maintenance of an integrated management system is also more efficient in terms of audits, management review, documentation, and continued assessment.

ISO 27701 CERTIFICATION - PROTECTING THE PRIVACY OF YOUR DATA SUBJECTS

ISO/IEC 27701 is a privacy extension to ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Security Controls. The Standard provides a framework for ensuring the appropriate protection and management of personal information and assists in demonstrating an ongoing commitment to compliance with privacy regulations around the world.

Teamwork ISO 27701 consultants will conduct reviews of your current level of compliance, including current data protection and information security policies, procedures and practices within your organisation and examine their effectiveness.

Teamwork can then help your organisation to implement an ISO 27701 compliant privacy information management system ensuring the selection of adequate and proportionate data protection controls which support your organisation in the protection of the privacy of existing and potential customers, staff and any other applicable data subjects.

DATA PROTECTION/PRIVACY CONSULTANCY

Ahead of embarking on a certification you may be looking to seek guidance on the identification of any compliance gaps and/or the implementation of controls.
Teamwork can support you with any of the following: –

  • General Data Protection/Privacy Consultancy
  • GDPR Gap Analysis
  • Development and/or integration of Data Protection and Information Security related Policies and Procedures (e.g. Data Protection Overview (Policy), Subject Access Requests, DPIAs, Risk Assessment, Data Breach/Incident Response etc)
  • Data Protection Auditing (which can be integrated with Company’s existing audit plans e.g. ISO 27001).
  • Support with development of Privacy Notices/Statements
  • Support with Data Protection Impact Assessments (DPIAs)
  • Support with Legitimate Interest Assessments (LIAs)
  • Support with Data Breach Incident Response Testing
  • Development, Issue and Review of Supplier (Processor) Data Protection & Security Questionnaires
  • Supplier (Processor) Data Protection & Security Auditing
  • Data Protection Training Services
  • Support with the development of Records of Processing Activities (ROPA)
  • ISO 27001 Posture Assessment– Information Security Management System (ISMS) Requirements
  • ISO 27017 Posture Assessment – Cloud Services, Code of Practice for Information Security Controls
  • ISO 27018 Posture Assessment –Code of Practice for Personally Identifiable Information (PII) in Public Clouds Acting as PII Processors

BENEFITS OF ISO 27701 CERTIFICATION

  • Supports compliance with privacy regulations
  • Fulfils core requirements for engagement with customers and other interested parties and builds trust in managing their personal information
  • Supports organisations in the effective identification and management of privacy risks organisational risks, including those in its supply chain
  • Drives the formalisation of data protection/privacy and information security processes, procedures and documentation
  • Supports awareness of all employees and contractors so they can identify and fulfil contractual, legislative and company specific privacy management responsibilities
  • Makes visible to all of stakeholders the good governance controls and best practice processes implemented within your organisation
  • Provides a solid foundation for further development of management systems to embrace other industry standards that are likely to become important in the future

THE CERTIFICATION PROCESS AND MAINTAINING CERTIFICATION

To find out more about our ISO 27701 certification process, please click here

If you already have ISO 27701 certification, please click here to find out more about how we can help you maintain and improve your existing management system.

OTHER INFORMATION SECURITY SERVICES

In addition to ISO 27701 consultancy, we also provide a comprehensive service to assist organisations in achieving compliance and certification with the PCI DSS (Payment Card Industry Data Security Standard) including QSA Assessments, Cyber Essentials, DSP Toolkit submissions (for NHS Partners), Supply Chain Security Audits and Assessments, and Physical Security Assessments.

Our knowledge and experience across a broad base of management and technical Standards makes us uniquely equipped to help organisations to develop an information security management system and integrate with existing management systems to achieve all the associated economies and efficiencies in the system design, implementation and maintenance.

OUR ISO 27701 CONSULTANTS

Since 2007, Teamwork has been instilling absolute quality into the delivery processes of a huge range of organisations, from SMEs to large corporates. Our team of quality professionals including CISSP, PCI Security Standards Council QSA, MBCI, GDPR, IEMA, ESOS and CMIOSH qualified consultants) have developed and led UKAS accredited ISO and other standards-based service improvement programmes for private and public-sector organisations across the UK, EMEA, US and beyond, from 5 to over 20,000 people businesses.

Our knowledge and experience across a broad base of management and technical Standards makes us uniquely equipped to help organisations to develop an information security management system and integrate with existing management systems to achieve all the associated economies and efficiencies in the system design, implementation and maintenance.

This experience, and the huge success of both the project delivery and maintenance phases of our standards-based practices, has been firmly based on two key principles: the ability of Teamwork consultants to look beyond the standard in question and identify, define and align with the real business drivers of our customers, and our innate ability to become one with our customer’s own management teams.

INTERESTED IN OUR ISO 27701 CONSULTANCY SERVICES

Please contact us now