Privacy Information ISO 27701

Implement, manage and maintain all requirements required by ISO 27701 in an automated manner

Discover our PII software

With GlobalSUITE® you can implement the requirements to manage, manage data and protect the privacy of personally identifiable information (PII) without the need to develop a new management system. The platform is designed to allow the addition of industry-specific requirements by complementing the requirements and controls established by the ISO 27001 standard and the ISO 27002 Best Practice Guide

Processing of personal information

The processing of personal information is not something new today, but it is the exponential use that is being given due to the need for exchange between departments of the same company or more if possible, between different organizations for the correct provision of services, which makes it necessary to verify that this information is properly managed and protected by a Privacy Information Management System (PIMS),in accordance with country-specific legislation and regulations.

It allows the implementation of the entire WITHOUT Papers system,since everything is registered on the platform and has a document manager that will help you to manage all the documentation inherent in the Data Protection Regulations and with full traceability of all actions performed.

Request a demo

Features

Risk Identification

Guidance of services and processes through asset inventory. Configuration of dimensions and valuation levels.

Risk Management

Catalogue of configurable controls and summary of them, management settings, risk reassessment, parameterizable questionnaires.

Risk Analysis

Parameterization of probability and impact, risk assessment, cost analysis, asset threats and configurable.

Risk Assessment

Definition of acceptable risk, acceptable risk levels, risk listing, risk map, simultaneous or dependent risks.

SGSI processes

It allows to manage the proposal of indicators, Differential Analysis, Declaration of Applicability, capacity management, management of changes and acquisitions, etc.

Continuity, Capacity and Training Plans

It allows you to track a history of each plan and assign metrics for tracking.

Integration with Power BI

It exploits GlobalSUITE data to the maximum® by making an executive dashboard in a Business Intelligence tool such as PowerBI.

Documentary Manager

It allows the control of all the documentation, in different formats, to support the management of the continuity of the company.

Balanced Scorecard

The comprehensive dashboard enables the management and strategic control of the organization through different metrics and indicators.

ISO 27001 + ISO 27701 Integrated security and privacy model

Watch video

The solution at a glance

Thanks to GlobalSUITE’s integrated approach®, the solution’s foundation can be leveraged to grow with the different modules and tools that make up the platform, thereby taking advantage of synergies and corresponding cost and time savings. The platform can be licensed in an integrated form or separately from each of its products.

Product sheet

Request a demo

Our customers get more than software

In our organization we had been with the Systems of Continuity, Security and Protection of Data implemented for several years. Each was taken separately with its manager until we saw that it was no longer efficient to manage it as well. GlobalSUITE® was key in advising us throughout the implementation process on how to operate the systems in an integrated way, helping us achieve significant time savings and gain efficiency in the day to day.

CIO

GlobalSUITE® has been a great help in the process of continuous improvement and monitoring of our information security management system. We are very happy with the team about how they accompanied us in this transition from Excel to optimized management.

Director of Security

World-class companies and organizations already trust us

Information privacy consulting

Do you know how you need to extend the requirements of ISO 27001 and ISO 27002 to take cloud privacy protection into account?

Reference consulting

Thanks to the experience in our consulting and auditing services of ISO 27001 and ISO 27002 in all types of organizations and sectors of activity we will work on the execution of a consultancy to ensure that your company takes into account the protection of the potentially affected by the processing and processing of personal information.

Our Team

Our team has more than 15 years of experience and consists of: Lawyers and Engineers Lead Auditor, ISO 27001, ISO 20000, ISO 22301, Lead Implementer. CERTIFICATION of DPD CISA, CISM, CGEIT, CRISC PMP, ITIL, CDPP, COBIT 5 Foundations

ISO 27701 refers to the data protection legislation in force in the country where it is implemented, which is an ideal basis for all those organizations that want to provide a trust in their customers, supported by a process of continuous improvement and transparency of their processes and procedures, as it is estimated that this standard can cover future certifications associated with the General Data Protection Regulation (GDPR) as it is a certifiable standard associated with ISO 27001.

In a more detailed way ISO 27701 extends the requirements of ISO 27001 and ISO 27002 to take into account the protection of privacy, potentially affected by the processing and processing of personal information, in the following sections:

Clause 5: The requirements set out in this section are traceable with paragraphs 4 to 10 of ISO 27001, extending the requirements on information protection specifically for paragraph 4 on the organizational context and paragraph 6 planning for risk management, not providing additional needs in the rest of the paragraphs.
Clause 6: This section extends the requirements set out in the ISO 27002 Good Practice Guide and the controls set out in Annex A to ISO 27001, reviewing the 114 controls and extending the requirements on the protection of information in controls domains 5 through 18, with the exception of domain 17 (Information Security in Business Continuity) where no additional measures are established to existing ones.
Clause 7: Determines additional controls and implementation guidance for Personally Identifiable Information (PII) owners. These controls must not be implemented in their entirety, but their applicability or exclusion must be duly justified.
Clause 8: Similar to the requirements of clause 7, this section establishes additional controls and an implementation recommendation for those responsible for processing personal information of contracted third parties, also taking into account whether they, in turn, outsource services.

The standard is intended to be used by all types of organizations, regardless of their size, complexity or the country in which they operate.

Our role in carrying out the Consulting of your organization for the implementation, management and maintenance of all the requirements required by ISO 27701 in its sector of action.

''We adapt your organization to the new ISO 27701 standard to obtain successful certification''

Let’s start a new project together

Learn more

Discover our PII software

Information privacy consulting

What is ISO 27701 and what does it bring to your company?

Structure of the standard

Destination of the standard

Working methodology