» Call for expressions of interest – ISO 27701: 2019 Security Techniques

03 October, 2019

Call for expressions of interest

Accreditation for Certification to ISO 27701: 2019 Security Techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management - Requirements and guidelines

ISO 27701 was published in August 2019. It is an extension standard to ISO 27001 and 27002 for Privacy Information Management Systems (PIMS) and is applicable to all types and sizes of organisations which are Personally Identifiable Information (PII) controllers and/or PII processors processing PII within an Information Security Management System (ISMS).

UKAS is seeking feedback from certification bodies about the standard to determine the need for UKAS to develop accreditation services to support accredited certification to ISO 27701. The accreditation would be under ISO 17021-1 for the certification of a management system.

As the new standard relates to personally identifiable data, there is a mapping (in Annex D) to the EU GDPR (General Data Protection Regulation). Please note that accredited certification for the GDPR must be based on accreditation to ISO 17065 using a certification scheme approved by the Information Commissioners Office (see GDPR, Art 42 and 43). Accredited certification of a management system for ISO 27701 under ISO 17021-1 would not meet these criteria.

In responding to this call for expressions of interest, could you please provide the following information:

  1. Is your organisation already accredited to certify to ISO 27001?
  2. What level of interest has your organisation had for certification to ISO 27701?
  3. Why do your potential customers want to be certified to ISO 27701?
  4. How many certificates have you issued already?
  5. How many certificates do you expect to issue in the future?
  6. What sectors are your customers for ISO 27701 working in?
  7. What integration with other management system standards do you envisage?
  8. Would you be interested in attending an initial meeting on ISO 27701 to discuss the issues arising from this call for expressions of interest? A tentative date for this meeting has been set as 21 November 2019, at UKAS offices in Staines-upon-Thames. This may need to be rearranged depending on the level of interest.

Please send your responses to Emily Robinson (DevelopmentEnquiries@ukas.com) by 31 October 2019.