Who should use ISO/IEC 27701?
ISO/IEC 27701 is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations. It provides guidance for organizations who are responsible for Personally Identifiable Information (PII) processing within an information security management system (ISMS), specifically:
- PII controllers (including those who are joint PII controllers)
- PII processors