There has been much market anticipation for this standard to be released. It is titled Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management – Requirements and Guidelines. The objective is to provide organizations additional requirements and guidance, specific to elements of the information security management system (ISMS) as well as for additional control guidance and implementation requirements for controls noted within Annex A (and considerations of those from ISO/IEC 27018 and ISO/IEC 29100) that would support an effective privacy information management system (PIMS) as an extension to an organization’s ISMS.
The beauty of ISO 27701 is that it is intended to be applicable to any organization that would be considered a controller or processor for personally identifiable information (PII) in the context of their ISMS.
