Contact Us
[ifso_geo_override options="AU,PK" default-option="Location" geo-type="countryCode" ajax-render="yes" show-flags="yes" classname="default-location-override"]

ISO/IEC 27701: Stand-alone PIMS is Coming!

Risk Associates Hosts Successful CISO Luncheon at Neptune Palace, Sydney

Are You Prepared?

The world of data privacy is constantly evolving, and so are the standards that govern it. Get ready for a significant shift in privacy information management: the new ISO/IEC 27701 standard is on the horizon, expected to be released around March 2025. This updated version brings a game-changing development: the Privacy Information Management System (PIMS) will become a standalone system, independent of ISO/IEC 27001. This blog post will break down what this means for your organisation and how you can prepare.

What's Changing?

The PIMS

The biggest change in the upcoming ISO/IEC 27701 standard is the decoupling of the PIMS from ISO/IEC 27001. In the 2019 version, implementing a PIMS was tied to having an existing ISO/IEC 27001 Information Security Management System (ISMS). This is no longer the case.

Standalone

  • Organisations will now be able to implement a PIMS independently, without needing to have ISO/IEC 27001 in place. This opens the door for a wider range of organisations to adopt robust privacy management practices.

Advantage for Existing ISO/IEC 27001

  • If your organisation already has ISO/IEC 27001 certification, you'll be well-positioned to implement the new ISO/IEC 27701 standard. You'll already have many of the foundational elements in place, giving you a head start.

Why This Change Matters?

This shift reflects the growing importance of data privacy as a distinct discipline. By making the PIMS standalone, the ISO/IEC aims to:

Increase Accessibility

Make robust privacy management more accessible to organisations of all sizes, regardless of their information security maturity.

Focus on Privacy

Allow organisations to focus specifically on privacy risks and controls, without the prerequisite of a full ISMS.

Reflect Industry Best Practices

Align the standard with evolving best practices in data privacy management.
Lead the Way in PIMS

Preparing for ISO/IEC 27701

With the new standard on its way, now is the time to start preparing. Here are some key steps you can take:

Review Your Current Privacy Practices

Assess your existing privacy policies, procedures, and controls to identify any gaps.

Update Your Scope, Policies, and Responsibilities

Ensure your documentation reflects the standalone nature of the PIMS and clearly defines roles and responsibilities related to privacy management.

Revisit Your Risk Management Approach

Adapt your risk assessment and management processes to specifically address privacy risks.

Stay Informed

Keep up-to-date with the latest developments regarding the ISO/IEC 27701 standard and any guidance released by ISO.

Who Does This

The ISO/IEC 27701 standard is designed for any organisation that processes Personally Identifiable Information (PII), including:

Public & private companies

Government Entities

Non-profit organisations

Lead the Way in

The upcoming ISO/IEC 27701 standard represents a significant step forward in data privacy management. By embracing the standalone PIMS, organisations can demonstrate a strong commitment to protecting personal information and building trust with their stakeholders. Don't miss the opportunity to enhance your privacy strategy and lead the way in data protection – contact Risk Associates today!

Connect with us today!
Together Towards Secure Digital Frontier
Quick Links
Home About Us RA-Academy Careers Contact Us
Services
PCI Services ISO/IEC Services Data Protection Cybersecurity Services Cybersecurity Solutions
Get In Touch
Copyright ©2024. All Rights Reserved Risk Associates

pci serVICES

PCI DSS

PCI Secure software

PCI 3DS

PCI PIN

PCI ASV

PCI SSLC

ISO/IEC Services

ISO/IEC 27001

ISO/IEC 27701

ISO/IEC 22301

ISO/IEC 20000

ISO/IEC 42001

daTA pROTECTION

GDPR

NDMO

Data Protection Assessment

Australian Privacy Principles

Bahrain Personal Data Protection Law

CYBERSECURITY services

SAMA Frameworks

cMA Frameworks

NCA Frameworks

SOC II

WLA Security

CITC

vCISO

SWIFT

CSA Star

ACSC Essential 8

ASD ISM

IRAP Assessment

Risk Assessment

Cybersecurity Awareness Certified Training

CYBERSECURITY SOLUTIONS

OT & IOT Risk Management

File Integrity Monitoring

Risk & Threat Management

Web & Network Security

Application Security

SIEM & SOAR

Endpoint Management & Protection

Priviledged Access Management

Hardware Security & Encryption

Secure Remote Access, NAC & 0 trust

Threat Intelligence & Brand Protection

Data Discovery, Classification & Leakage Prevention