Top tips for implementing ISO/IEC 27701

How do I implement ISO/IEC 27701?

Once you have familiarised yourself with the requirements, you’re ready to begin implementing ISO/IEC 27701 and show you take protecting personal information seriously.

Here are our top tips for successful ISO/IEC 27701 implementation:

  • Secure commitment across your organization, including your leadership team, employees and supply chain
  • Regularly engage with your leadership team and key stakeholders
  • Clearly define your role as a data processor, controller or both
  • Compare your existing privacy processes and controls with ISO/IEC 27701 requirements
  • Get supply chain and stakeholder feedback on your current privacy processes and controls
  • Establish an implementation team to get the best results
  • Map out and share roles, responsibilities and timescales
  • Adapt the basic principles of the ISO/IEC 27701 standard to your organization
  • Motivate and support your staff through training courses
  • Create a more consistent approach throughout the data processing supply chain by encouraging others to implement ISO/IEC 27701
  • Consider BSI software to help capture and manage your ISO/IEC 27701 audits, findings, incidents and risks more effectively
  • Regularly review your ISO/IEC 27701 system to make sure it remains effective and that you are continually improving it