ISO/IEC 27701: INTRODUCTION
The ISO/IEC 27701: Introduction course provides a structured overview of Privacy Information Management Systems (PIMS) based on ISO/IEC 27701, the international standard that extends ISO/IEC 27001 and ISO/IEC 27002 to address privacy protection and personal data management. ISO/IEC 27701 is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It offers guidance for organizations acting as Personally Identifiable Information (PII) Controllers and PII Processors, helping them establish, implement, maintain, and continually improve privacy management practices. This introductory course builds foundational awareness of privacy concepts, terminology, principles, and the structure of ISO/IEC 27701, and explains how PIMS integrates with an existing Information Security Management System (ISMS). It is ideal for professionals involved in data protection, privacy governance, information security, risk, and compliance. Course Objectives By the end of this course, participants will be able to: Understand the purpose and scope of ISO/IEC 27701 Explain key privacy and personal data protection concepts Understand the relationship between ISO/IEC 27701, ISO/IEC 27001, and ISO/IEC 27002 Recognize the roles of PII Controllers and PII Processors Understand the principles of a Privacy Information Management System (PIMS) Identify how ISO/IEC 27701 supports privacy governance and compliance
Course Curriculum
1
- Privacy concepts and definitions
- Personally Identifiable Information (PII)
- Privacy vs information security
- Importance of privacy management for organizations
2
- Purpose and scope of ISO/IEC 27701
- Intended users of the standard
- Benefits of implementing a PIMS
- Applicability to different organizational roles
3
- ISO/IEC 27701 as an extension to ISMS
- Integration with existing management systems
- Alignment of security and privacy controls
- Shared governance structures
4
- Lawfulness, fairness, and transparency
- Purpose limitation and data minimization
- Accuracy, storage limitation, and confidentiality
- Accountability and continual improvement
5
- Roles and responsibilities
- Accountability and governance expectations
- Relationship management between controllers and processors
- Contractual and operational considerations
6
- High-Level Structure (Annex SL alignment)
- Clauses extending ISO/IEC 27001 requirements
- Annex A and Annex B overview
- Control objectives and guidance
7
- Identifying privacy risks
- Relationship with information security risk management
- High-level treatment of privacy risks
- Supporting decision-making
8
- Privacy awareness and training
- Roles and responsibilities for privacy
- Building a privacy-conscious culture
- Supporting secure handling of personal data
9
- Supporting privacy governance frameworks
- Alignment with legal and regulatory obligations
- Role of audits and reviews
- Continual improvement of privacy practices
10
- Instructor-led classroom or virtual training
- Interactive discussions and examples
- Scenario-based illustrations
11
- Privacy and data protection professionals
- Information security and ISMS practitioners
- Governance, risk, and compliance (GRC) professionals
- Legal and compliance staff
- IT and business managers handling personal data
- Professionals new to ISO/IEC 27701
12
- No formal prerequisites
- Basic understanding of information security or privacy concepts is beneficial
13
- Knowledge checks and quizzes
- Participation in discussions
- Optional final assessment
This course includes
- 13+ Activity Modules
- 40 hours + lessons
- Lifetime access
- Certificate of completion
- Available on desktop and mobile
Some of Our Partners
