discovered, explained
With ISO 27701, you can add relevant data protection-specific requirements to your existing information security management system (ISMS) in accordance with ISO 27001. The international standard ISO 27701 can also serve as a systematic basis for successfully integrating the requirements of the GDPR into data protection management.
ISO 27701 is an extension of ISO 27001. It contains requirements and guidelines for the protection of privacy and the handling of personal data.
In this way, ISO 27701, building on ISO 27001, forms a framework for a data protection information management system (PIMS) that covers both the security of information and the protection of personal data resulting from processing.
ISO 27701 is not a direct GDPR certification, but can be used as a basis for integrating the GDPR requirements into the management system.
ISO 27001
In principle, ISO 27701 is aimed at any organisation that processes personal data, regardless of its size and type.
However, the international standard is particularly relevant for organisations that
Certification in accordance with ISO 27701 does not constitute direct certification in accordance with Art. 42 GDPR. However, it can be regarded as a systematic framework for successfully integrating the requirements of the GDPR into the existing management system.
The ISO 27701 certificate is valid for a maximum of 3 years.
A surveillance audit must be carried out in the first and second year after successful certification. After 3 years, a recertification audit is carried out to check whether the requirements for renewing the certificate are still met.
As every company has different requirements and the demands placed on a management system vary, the question of the cost of ISO 27701 certification cannot be answered in general terms.
In principle, the number of days required for the two certification audits is decisive. While smaller and medium-sized companies generally require fewer days, larger companies and groups should plan more time and budget accordingly.
We would be happy to provide you with a customised quote.
As ISO 27701 is an extension of ISO 27001 to include data protection, it can only be certified together with ISO 27001.
The necessary prerequisite for ISO 27701 certification is therefore an existing ISMS that fulfils the requirements of ISO 27001 or is already certified in accordance with it.
Do you already have an ISO 27001 certificate?
In this case, your data protection management system will be audited separately in accordance with ISO 27701. The resulting certificate then corresponds to the term of your ISO 27001 certificate.
Your ISO 27001 certificate is expiring?
In this case, it makes sense to synchronise the audits for ISO 27001 and ISO 27701.
Are you aiming for joint certification to ISO 27001 & ISO 27701?
If you start with ISO 27001 and ISO 27701 at the same time, the audits for the two standards will be synchronised.