ISO/IEC 27701:2019 is designed to help organizations better understand, manage and reduce their risks around personal information. ISO/IEC 27701:2019 is designed to specify requirements and provide guidance for establishing, implementing, maintaining and continually improving a PIMS in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of your organization.

Once an organization has implemented ISO/IEC 27701:2019, it is imperative that it measures the effectiveness of its implementation efforts to better understand what is working well and where things might be improved. The framework has been designed with flexibility in mind, which will enable organizations to respond to the results of their measuring efforts by making adjustments to their implementation.

By attending this one-day course, you’ll understand why measurement and analysis of the framework implementation is so important and what areas internal audit should focus on to ensure its effectiveness.

This course will provide you with sufficient information on auditing your ISO/IEC 27701:2019 implementation to enable you and your organization to understand, detect, correct and monitor the effectiveness of the framework. You will be provided with a series of practical exercises and class discussions, which will develop your internal audit ability.

Course Aim

To ensure that delegates are able to effectively audit the policies, processes and procedures that their organizations have implemented in order to meet the requirements of ISO/IEC 27701:2019, and as defined in their organization’s privacy information management system (PIMS).

How will I benefit?

The benefits of attending this BSI training course include:

• Gaining a greater understanding of some of the key operational requirements of ISO 27701 (Clause 5) and how to go about assessing them
• Practicing your internal auditing skills by conducting four detailed process audits
• Understanding what areas of the standard should be audited, and techniques and approaches to consider
• Establishing an understanding of the issues organizations face when maintaining and auditing framework processes
• Interpreting some of the more subjective requirements of the standard

What will I learn?

You will be able to:

• Recognize the key operational requirements of ISO/IEC 27701:2019 and how to go about assessing them
• Identify what and who should be audited and why
• Recall where to look for evidence when conducting audits
• Determine how to take a pragmatic business-focused approach to auditing your organization against requirements which can be open to interpretation

You will have the skills to:

• Conduct audits in all aspects of PIMS processes
• Conduct audits in all aspects of privacy control selection, implementation and effectiveness

Who should attend?

Anyone who wants to learn:

• How to audit and assess the effectiveness of an organization’s PIMS designed to conform to ISO/IEC 27701:2019
• Practical techniques and methods which can be adopted in order to effectively internally audit and maintain a PIMS

The course is applicable to representatives from any size or type of organization who are currently involved in planning, implementing and maintaining a PIMS to the ISO/IEC 27701:2019 standard.

Duration

One day

How will I learn?

Our unique accelerated learning approach fast tracks learning by improving your knowledge retention and skill application. This course involves practical activities, group discussions and classroom learning to help you develop a deeper understanding of the material and have a greater impact on job performance.

What will I gain?

On completion, you'll be awarded an internationally recognized BSI Training Academy certificate.

Prerequisites

The course is aimed at anyone already involved and qualified in auditing management systems such as ISO/IEC 27001 and ISO 9001 and is interested in gaining experience and knowledge in conducting ISO/IEC 27701:2019 process audits.

Apart from having an understanding of the key principles of auditing, you should already have a good knowledge of ISO/IEC 27701 and the key principles of a privacy* information management system (PIMS), equivalent to having attended our ISO/IEC 27701 Requirements course.

*While ISO/IEC 27701 addresses personally identifiable information (PII) and a predecessor standard, BS 10012, used the term ‘personal information management system’, the immediate predecessor standard, ISO/IC 27552, introduced ‘privacy information management system’.

Related training

You may also be interested in our ISO/IEC 27701:2019 Implementation Course.