ISO/IEC 27001 objectives for leadership, planning, support, operation, performance assessment, and growth must be examined and expanded as necessary to provide privacy protection. Risks to information and the processing of PII, in particular, must now be examined and addressed accordingly. The key requirements of ISO/IEC 27701 include: Scope, References to norms, Terms and conditions, Specific ISO/IEC 27001 and ISO/IEC 27002 criteria for PIMS, Additional information and recommendation for PII controllers.

Guidance is provided to assist you identify and keep the documents you need to establish compliance with the agreed-upon PII processing you do. Also, thorough guidance on PII sharing, transfer, and disclosure is provided to handle jurisdictional transfers, third-party and subcontractor responsibilities, and the management of legally enforceable PII disclosures.