top of page

Enhance Your Organization's Data Privacy with Effective Management


In a world where data privacy is increasingly crucial, implementing effective Privacy Information Management Systems (PIMS) is an absolute must for all organizations. Whether you're an experienced privacy officer or a novice in the field, "Mastering ISO 27701" by Kris Hermans offers a comprehensive, step-by-step guide to understanding, implementing, and optimizing the ISO 27701 standard.


What You'll Learn from "Mastering ISO 27701"

  • Decipher the ISO 27701 Standard: Unravel the complexities of ISO 27701 and understand its requirements with ease.


  • Practical Implementation Guidance: Discover how to efficiently implement ISO 27701 within your organization, irrespective of its size or industry.


  • Continuous Improvement Opportunities: Learn how to identify and integrate continuous improvements into your privacy information management system.


  • Audit Readiness: Equip yourself to prepare for and handle ISO 27701 audits with confidence and minimal stress.


  • Promote Data Privacy & Security: Leverage ISO 27701 to enhance your organization’s data privacy, improve regulatory compliance, and bolster data security.

Mastering ISO 27701

  • Chapter 1: Introduction to ISO 27701

    • Overview of ISO 27701 and its significance in managing privacy information
    • Understanding the relationship between ISO 27701, ISO 27001, and GDPR
    • Benefits of implementing ISO 27701 for organizations

    Chapter 2: Key Principles and Requirements of ISO 27701

    • Exploring the core principles and concepts of ISO 27701
    • Understanding the scope, objectives, and applicability of the standard
    • Navigating the key requirements of ISO 27701 in relation to privacy information management

    Chapter 3: Preparing for ISO 27701 Implementation

    • Gaining leadership commitment and support for the implementation process
    • Establishing an implementation team and defining roles and responsibilities
    • Conducting a gap analysis to assess current privacy practices and identify areas for improvement

    Chapter 4: Scoping and Planning the Privacy Information Management System (PIMS)

    • Defining the scope of the PIMS implementation based on organizational needs and legal requirements
    • Developing a comprehensive project plan, including timelines, resource allocation, and milestones
    • Identifying privacy objectives and determining metrics for measuring success

    Chapter 5: Privacy Risk Assessment and Management

    • Conducting a privacy risk assessment to identify and evaluate privacy risks and vulnerabilities
    • Establishing controls and safeguards to mitigate identified risks
    • Implementing a risk treatment plan and monitoring effectiveness of controls

    Chapter 6: Implementing Privacy Controls and Processes

    • Designing and implementing privacy controls in alignment with ISO 27701 requirements
    • Establishing procedures and processes for handling personal information, including consent management, data subject rights, and breach notification
    • Integrating privacy considerations into business processes and activities

    Chapter 7: Training, Awareness, and Communication

    • Developing a privacy training program to enhance employees' understanding of privacy principles, legal obligations, and organizational policies
    • Raising awareness among employees about privacy risks, data protection, and their roles and responsibilities
    • Establishing effective communication channels for privacy-related matters, including reporting incidents and concerns

    Chapter 8: Supplier and Third-Party Management

    • Assessing and managing privacy risks associated with suppliers and third-party relationships
    • Developing a process for evaluating and monitoring the privacy practices of external entities
    • Establishing contractual provisions and safeguards to ensure compliance with privacy requirements

    Chapter 9: Monitoring, Measurement, and Continuous Improvement

    • Establishing a monitoring and measurement framework to assess the effectiveness of the PIMS
    • Conducting internal audits to evaluate compliance and identify areas for improvement
    • Implementing a process for continuous improvement, including corrective actions and preventive measures

    Chapter 10: Documentation and Record Keeping

    • Developing the necessary documentation for the PIMS, including policies, procedures, and records
    • Establishing a document control system to ensure the accuracy, accessibility, and version control of privacy-related documents
    • Maintaining records of incidents, audits, training, and other privacy-related activities

    Chapter 11: Certification and Beyond

    • Preparing for ISO 27701 certification audits and selecting a reputable certification body
    • Understanding the certification process and requirements
    • Leveraging ISO 27701 certification to demonstrate compliance with privacy regulations and enhance trust with stakeholders


    • Sample forms, templates, and checklists to support ISO 27701 implementation
    • Additional resources and references for further reading and guidance
bottom of page