ISO 27701 Privacy of Personally Identifiable Information
Implement, manage and maintain all requirements required by ISO 27701 in an automated manner

Discover our PII software

With GlobalSuite® you can implement the requirements to administer, manage data and protect the privacy of personally identifiable information (PII) without the need to develop a new management system. The platform is designed to allow the addition of industry-specific requirements by complementing the requirements and controls established by the ISO 27001 standard and the ISO 27002 Best Practice Guide

Processing of personal information

The processing of personal information is not something new today, but it is the exponential use that is being given due to the need for exchange between departments of the same company or more if possible, between different organizations for the correct provision of services, which makes it necessary to verify that this information is properly managed and protected by a Privacy Information Management System (PIMS),in accordance with country-specific legislation and regulations.

It allows the implementation of the entire PAPERLESS system, since everything is recorded on the platform and has a document manager that will help you when managing all the documentation inherent to the Data Protection regulations and with full traceability of all actions carried out.


Risk Identification

Guidance of services and processes through asset inventory. Configuration of dimensions and valuation levels.

Risk Management

Catalogue of configurable controls and summary of them, management settings, risk reassessment, parameterizable questionnaires.

Risk Analysis

Parameterization of probability and impact, risk assessment, cost analysis, asset threats and configurable.

Risk Assessment

Definition of acceptable risk, acceptable risk levels, risk listing, risk map, simultaneous or dependent risks.

SGSI processes

It allows to manage the proposal of indicators, Differential Analysis, Declaration of Applicability, capacity management, management of changes and acquisitions, etc.

Continuity, Capacity and Training Plans

It allows you to track a history of each plan and assign metrics for tracking.

Integration with Power BI

It exploits GlobalSUITE data to the maximum® by making an executive dashboard in a Business Intelligence tool such as PowerBI.

Documentary Manager

It allows the control of all the documentation, in different formats, to support the management of the continuity of the company.

Balanced Scorecard

The comprehensive dashboard enables the management and strategic control of the organization through different metrics and indicators.

World-class companies and organizations already trust us
GlobalSUite imagen fondo Producto
Information Privacy Consulting and Auditing

Do you know how you need to extend the requirements of ISO 27001 and ISO 27002 to take cloud privacy protection into account?

ISO 27701 refers to the data protection legislation in force in the country where it is implemented, which is an ideal basis for all those organizations that want to provide a trust in their customers, supported by a process of continuous improvement and transparency of their processes and procedures, as it is estimated that this standard can cover future certifications associated with the General Data Protection Regulation (GDPR) as it is a certifiable standard associated with ISO 27001.

In a more detailed way ISO 27701 extends the requirements of ISO 27001 and ISO 27002 to take into account the protection of privacy, potentially affected by the processing and processing of personal information, in the following sections:

  • Clause 5: The requirements set out in this section are traceable with paragraphs 4 to 10 of ISO 27001, extending the requirements on information protection specifically for paragraph 4 on the organizational context and paragraph 6 planning for risk management, not providing additional needs in the rest of the paragraphs.
  • Clause 6: This section extends the requirements set out in the ISO 27002 Good Practice Guide and the controls set out in Annex A to ISO 27001, reviewing the 114 controls and extending the requirements on the protection of information in controls domains 5 through 18, with the exception of domain 17 (Information Security in Business Continuity) where no additional measures are established to existing ones.
  • Clause 7: Determines additional controls and implementation guidance for Personally Identifiable Information (PII) owners. These controls must not be implemented in their entirety, but their applicability or exclusion must be duly justified.
  • Clause 8: Similar to the requirements of clause 7, this section establishes additional controls and an implementation recommendation for those responsible for processing personal information of contracted third parties, also taking into account whether they, in turn, outsource services.

The standard is intended to be used by all types of organizations, regardless of their size, complexity or the country in which they operate.

Our role in carrying out the Consulting of your organization for the implementation, management and maintenance of all the requirements required by ISO 27701 in its sector of action.

GSS Fondo chica con ordenador

The solution at a glance
Thanks to the integrated approach of GlobalSuite®, you can take advantage of the foundation of the solution to grow with the different modules and tools that make up the platform, and thus take advantage of the synergies and the corresponding savings in costs and time. The platform can be licensed in an integrated form or separately from each of its products.
Let's start a new project together