ISO 27701 is a certifiable extension of ISO 27001 that specifies the requirements for establishing, implementing, maintaining, and continually improving a privacy information management system (PIMS). ISO is a leading, formally certifiable, general-purpose privacy standard. ISO 27701 is one of the best options for formally certifying your privacy program to demonstrate compliance with common privacy laws.  

 

Who should be ISO 27701 compliant? 

  • Any  ISO 27001-certified organization is looking for third-party certification for its privacy program.
  • Companies looking to certify their privacy program against the ISO compliance standards formally

 

Why should my company be ISO 27701 compliant?

  • ISO  is the leading, formally certifiable, general-purpose privacy standard. ISO 27701 is one of the best options for formally certifying your privacy program to demonstrate compliance with common privacy laws like GDPR.

 

What is the timeline for ISO 27701 compliance? 

  • Approximately 40-80 hours. Keep in mind that to achieve ISO 27701 compliance, a company must also be ISO 27001 certified.

 

What can Vanta automate?

  • All controls will have automated tests and requests for expected documents.

Screen_Shot_2022-09-28_at_4.45.39_PM.png

Does ISO 27701 compliance require a formal audit?

  • Yes, this certification does require a formal audit, and a company must also be ISO 27001 certified. Most companies will align their certification efforts with ISO 27001 and 27701 and perform the audits together. 

 

What is the complexity when compared to other popular Standards?

  • ISO 27701 complexity is similar to GDPR and less complex than a SOC2 attestation.