Once you have familiarised yourself with the requirements, you’re ready to begin implementing ISO/IEC 27701 and show you take protecting personal information seriously.
Here are our top tips for successful ISO/IEC 27701 implementation:
- Secure commitment across your organization, including your leadership team, employees and supply chain
- Regularly engage with your leadership team and key stakeholders
- Clearly define your role as a data processor, controller or both
- Compare your existing privacy processes and controls with ISO/IEC 27701 requirements
- Get supply chain and stakeholder feedback on your current privacy processes and controls
- Establish an implementation team to get the best results
- Map out and share roles, responsibilities and timescales
- Adapt the basic principles of the ISO/IEC 27701 standard to your organization
- Motivate and support your staff through training courses
- Create a more consistent approach throughout the data processing supply chain by encouraging others to implement ISO/IEC 27701
- Consider BSI software to help capture and manage your ISO/IEC 27701 audits, findings, incidents and risks more effectively
- Regularly review your ISO/IEC 27701 system to make sure it remains effective and that you are continually improving it
