Privacy Compliance

The ISO 27701 Standard has been introduced to help organisations protect and manage the control and processing of personal information. In conjunction with ISO 27001, ISO 27701 can be applied to companies of all sizes, in any sector, and in any country.

Achieving certification provides independent assurance to your existing and potential customers that you have appropriate data protection controls in place. It can give you that vital edge over your competitors.

Staff and regulatory bodies will also know that you are an organisation that has the highest standards of personal information management.

• Supports compliance with privacy regulations
• A core requirement for engaging and building trust with customers to manage their personal information
• Supports organisations in the effective identification and management of privacy and organisational risks
• Drives the formalisation of data protection/privacy and information security processes, procedures and documentation
• Support employees and contractors in fulfilling contractual, legislative and company-specific privacy management responsibilities
• Shows ethical responsibility and commitment to protecting information to stakeholders, customers and the public
• Provides a framework for meeting future regulatory requirements

Siguiente consultants will review your organisation’s current data protection and information security processes against the requirements of the ISO 27701 Standard, and work with you to identify the necessary controls to achieve compliance. If required, our consultants will then assist you in ultimately achieving ISO 27701 certification.

Are you considering achieving combined certifications for ISO 27701 alongside other Standards such as ISO 27001 (Information Security), ISO 9001 (Quality) or ISO 20000 (IT Service Management) for example? Do you already have certification to other ISO Standards and want to integrate ISO 27701 requirements with them? Siguiente consultants specialise in this combined approach, that is, implementing Integrated Management Systems.

For organisations who need to achieve two or more ISO standards, there are significant advantages in implementing these standards in parallel rather than taking a phased approach, in particular the internal and external incremental costs can be significantly reduced. There are also significant resource economies to be achieved with projects addressing multiple ISO standards e.g. one gap analysis, one implementation programme, less potential for duplication and more effective integration of your management systems. Maintenance of an integrated management system is also more efficient in terms of audits, management review, documentation, and continued assessment.

ISO/IEC 27701 is a privacy extension to ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Security Controls. The Standard provides a framework for ensuring the appropriate protection and management of personal information and assists in demonstrating an ongoing commitment to compliance with privacy regulations around the world.

Our consultants will conduct reviews of your current level of compliance, including current data protection and information security policies, procedures and practices within your organisation and examine their effectiveness.

Siguiente can then help your organisation to implement a compliant privacy information management system ensuring the selection of adequate and proportionate data protection controls which support your organisation in the protection of the privacy of existing and potential customers, staff and any other applicable data subjects.

Ahead of embarking on a certification, you may be looking to seek guidance on the identification of any compliance gaps and/or the implementation of controls.
Siguiente can support you with any of the following: –

• General Data Protection/Privacy Consultancy
• GDPR Gap Analysis
• Development and/or integration of Data Protection and Information Security related Policies and Procedures (e.g. Data Protection Overview (Policy), Subject Access Requests, DPIAs, Risk Assessment, Data Breach/Incident Response etc)
• Data Protection Auditing (which can be integrated with Company’s existing audit plans e.g. ISO 27001).
• Support with development of Privacy Notices/Statements
• Support with Data Protection Impact Assessments (DPIAs)
• Support with Legitimate Interest Assessments (LIAs)
• Support with Data Breach Incident Response Testing
• Development, Issue and Review of Supplier (Processor) Data Protection & Security Questionnaires
• Supplier (Processor) Data Protection & Security Auditing
• Data Protection Training Services
• Support with the development of Records of Processing Activities (ROPA)
• ISO 27001 Posture Assessment– Information Security Management System (ISMS) Requirements
• ISO 27017 Posture Assessment – Cloud Services, Code of Practice for Information Security Controls
• ISO 27018 Posture Assessment –Code of Practice for Personally Identifiable Information (PII) in Public Clouds Acting as PII Processors

To find out more about our ISO 27701 certification process, please click here

If you already have ISO 27701 certification, please click here to find out more about how we can help you maintain and improve your existing management system.

In addition to ISO 27701 consultancy, we also provide a comprehensive service to assist organisations in achieving compliance and certification with the PCI DSS (Payment Card Industry Data Security Standard) including QSA Assessments, Cyber Essentials, DSP Toolkit submissions (for NHS Partners), Supply Chain Security Audits and Assessments, and Physical Security Assessments.

Our knowledge and experience across a broad base of management and technical Standards make us uniquely equipped to help organisations to develop an information security management system and integrate with existing management systems to achieve all the associated economies and efficiencies in the system design, implementation and maintenance.

Since 2007, Siguiente consultants have been instilling absolute quality into the delivery processes of a huge range of organisations, from SMEs to large corporates. Our team of qualified professionals including CISSP, PCI Security Standards Council QSA, MBCI, GDPR, IEMA, ESOS and CMIOSH qualified consultants) have developed and led UKAS accredited ISO and other standards-based service improvement programmes for private and public-sector organisations across the UK, EMEA, US and beyond, from 5 to over 20,000 people businesses.

Our knowledge and experience across a broad base of management and technical Standards make us uniquely equipped to help organisations to develop an information security management system and integrate with existing management systems to achieve all the associated economies and efficiencies in the system design, implementation and maintenance.

This experience, and the huge success of both the project delivery and maintenance phases of our standards-based practices, has been firmly based on two key principles: the ability of Siguiente consultants to look beyond the standard in question and identify, define and align with the real business drivers of our customers, and our innate ability to become one with our customer’s own management teams.