Call for expressions of interest
Accreditation for Certification to ISO 27701: 2019 Security Techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and guidelines
ISO 27701 was published in August 2019. It is an extension standard to ISO 27001 and 27002 for Privacy Information Management Systems (PIMS) and is applicable to all types and sizes of organisations which are Personally Identifiable Information (PII) controllers and/or PII processors processing PII within an Information Security Management System (ISMS).
BQMS is seeking feedback from certification bodies about the standard to determine the need for BQMS to develop accreditation services to support accredited certification to ISO 27701. The accreditation would be under ISO 17021-1 for the certification of a management system.
As the new standard relates to personally identifiable data, there is a mapping (in Annex D) to the EU GDPR (General Data Protection Regulation). Please note that accredited certification for the GDPR must be based on accreditation to ISO 17065 using a certification scheme approved by the Information Commissioners Office (see GDPR, Art 42 and 43). Accredited certification of a management system for ISO 27701 under ISO 17021-1 would not meet these criteria.
In responding to this call for expressions of interest, could you please provide the following information: