BS ISO/IEC 27701:2019 security techniques, requirements and guidelines for privacy information management

BS ISO/IEC 27701:2019

Security techniques. Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management. Requirements and guidelines

Status : Current   Published : August 2019



Save 30% off the key information security standards with the new Privacy Management Kit BS ISO/IEC 27701 2019 Kit. 


What is this standard about?  

In anticipation of the changing regulatory landscape and the need for a common set of concepts to tackle personal data protection, ISO and the IEC have developed this standard as a privacy extension to BS EN ISO/IEC 27001 and BS EN ISO/IEC 27002. These two standards deal with requirements for an Information Security Management System (ISMS).
BS EN ISO/IEC 27701 deals with how to establish and run a Privacy Information Management System (PIMS) that adds Personally Identifiable Information (PII) security protection to an existing ISMS.

Who is this standard for?

It applies to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations. Within these, specifically to:

  • PII controllers (including those who are joint PII controllers)
  • PII processors processing
  • PII within an ISMS

Why should you use this standard?

Because it specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to BS EN ISO/IEC 27001 and BS EN ISO/IEC 27002 for privacy management within the context of the organization.

It specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.

The standard can help organizations demonstrate compliance with GDPR and other data protection regulations globally by showing that the right measures have been taken to handle personal information, in a way that aligns with regulatory requirements.      

Moreover, many organizations have implemented an ISMS based on BS EN ISO/IEC 27001 (and the guidance from BS EN ISO/IEC 27002). This standard provides a natural step for those clients by extending their current ISMS for privacy protection. It reduces complexity by having an integrated approach.

Finally the standard helps create transparency between stakeholders and build trust between organizations; as such it also contributes to more effective and collaborative business agreements.    

NOTE: To use BS ISO/IEC 27701 you need to have BS EN ISO/IEC 27001, since BS ISO/IEC 27701 extends the requirements in BS EN ISO/IEC 27001.

If you do not have BS EN ISO/IEC 27001, instead use BS 10012 for your Privacy Information Management System because it doesn’t depend on BS EN ISO/IEC 27001. 

Standard NumberBS ISO/IEC 27701:2019
TitleSecurity techniques. Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management. Requirements and guidelines
Publication Date07 August 2019
Normative References(Required to achieve compliance to this standard)ISO/IEC 27001:2013, ISO/IEC 27002:2013, ISO/IEC 27000, ISO/IEC 29100
Informative References(Provided for Information)ISO/IEC 27018, ISO/IEC 20889, ISO/IEC 19944, ISO/IEC 27035-1, ISO/IEC 29151, ISO/IEC 29134, ISO/IEC 29101, ISO/IEC 27005, ISO/IEC/DIS 29184
International RelationshipsISO/IEC 27701:2019
Draft Superseded By19/30351735 DC
DescriptorsData management, Risk assessment, Data organization, Document security, Data security
Title in FrenchTechniques de sécurité. Extension d'ISO/IEC 27001 et ISO/IEC 27002 au management de la protection de la vie privée. Exigences et lignes directrices
ISBN978 0 580 96439 8
File Size1.76 MB

 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents

Tracked Changes

Understand the changes made to a standard with our new Tracked Changes version

Worldwide Standards
We can source any standard from anywhere in the world

Develop a PAS

Develop a fast-track standardization document in 9-12 months

Customers who bought this product also bought