Data Breach Support

ISO 27701 Implementation

Home / ISO 27701 Implementation

Personal Information Management System (PMIS)

ISO 27701 provides organisations with a data protection add-on to their existing ISO 27001 certification.  This can be applied to current ISO 27001 certifications or be implemented at the same time as ISO 27001.

This certification is the only certifiable standard that is available to demonstrate compliance with various data protection legislation including EU GDPR and the UK Data Protection Act 2018.

There are significant commercial benefits to be obtained from having this certification. This will offer your organisation a competitive advantage in future procurement scenarios.  Most organisations don’t have this, so getting a head of the game will make you stand out from the crowd.  Obviously, it will also enable you to manage data protection in a formal and structured manner, demonstrating compliance to your clients and business prospects.

Get a Quote
  • Skilled and Experienced
  • Pre-built Microsoft Team
  • Qualified Implementors
  • Monthly Payment Options

Our Implementation Process

Gap Analysis

We start the process by undertaking a detailed gap analysis of the organisation and its approach to controlled data protection measures.

The assessment is done aligned to the control requirements of the ISO 27701 standard.

Statement of Applicability (SoA)

Once the gaps are reviewed and documented the next step is to apply the required controls.

This is documented in a ‘statement of applicability’ which defines how the standard is going to apply to your organisation and sit alongside the controls for ISO 27001.

Implementation Plan

At this point, we have understood the gaps in compliance and we have documented and agreed the controls we need to implement.

The obvious next step is to develop a suitable plan for control implementation and the required change management and target operating model changes that will be required.

Documentation Development

We would then adopt our ISO 27701 toolkit of documentation to fast track this key stage of the implementation.

Documentation would need to be fully aligned with the desired working practices and involves significant effort to review and refine as required.

Change Management

Apart from documentation, the standard requires a significant change to many privacy operational processes and procedures.

The lead implementer is heavily involved at this stage in managing that change within the organisation.

Internal Audit

Usually after a few months the organisation is ready for its internal audit.  This is then undertaken as it it was a certification audit and requires a total review of the implementation.

The audit findings are then produced and a report is issued with all observations and any non-conformities.

Certification Support

Once the internal audit has been completed successfully, the organisation is then ready for its external certification audit which is undertaken by an authorised third-party.

We are on hand to support our clients during this phase of the implementation including being in attendance during the actual certification audit itself.

cyber insurance

What is required under the standard?

The standard involves the creation of additional controls for data protection and the creation of a Personal Information Management System (PIMS).

The ISO 27701 implementation requires an additional 49 controls to be implemented, focused on the protection of personal data.  Other existing ISO 27001 controls will need to be amended in conjunction with the implementation of the new ones.

Annex A – This focuses on obligations of the Data Controller.

Annex B – This focuses on the obligations of the Data Processor.

Annex C – This focuses on the data privacy principles as outlined in ISO 29100.

Annex D – This focuses on the alignment with the General Data Protection Regulation (GDPR).

Annex E – This covers other legislation such as HIPAA and CCPA.

Our Experience

We have years of experience in implementing ISO 27701.  Our customer base is broad and covers many different types and sizes of organisations.

Schedule a Call

Other Services

Virtual CISO
Cyber Security Services
Incident Management
Penetration Testing
Forensic Analysis
Security Operations Centre
Cyber Insurance Consultancy
Project Delivery
Free Cyber Risk Assessment
ISO 27001 Management
ISO 27001 Auditing
DPO as a Service
GDPR Compliance
ISO 27701 Implementation
Data Breach Support

Are you ready to handle a data breach?

We can support you through the process.

Project Delivery Services

THE POWER OF AN ISO 27701 CERTIFICATION

Sets you apart from the competition

Contact Us

OUR CURRENT INCENTIVES

We are offering a free gap analysis of your current control status flexible payment terms over 6 months

CERTIFICATIONS

Certifications include:

DPO Certifications

ARRANGE A CALL

Schedule a call to discuss ISO 27701 implementation

Contact us

ISO 27710 Implementation Services
First
Last
Please state your current status
Data Protection - Please give your explicit consent for the processing of your personal data.
logo

Office Hours

We are available during UK office hours.

Call Us : +44 330 027 2161
We are open from Monday to Friday
9.00 AM - 5.00 PM

Quick Links

Services

Company Overview

Cyber Security 4 you is a trading name of Cyber21 Limited, a UK registered Limited Company.

The company provides affordable and cost-effective cyber security and data protection services and solutions.

Cyber21 Limited © Copyright 2025