ISMS-PIMS Certification

What is ISMS-PIMS Certification?

ISMS-PIMS Certification is to certify organizations for their conformance to the requirements of Privacy Information Management System based on ISO/IEC 27701 with a prior condition that they already conform to ISMS (ISO/IEC 27001:2013).
Organizations need to have achieved ISMS Certification prior to their extension to ISMS-PIMS Certification.
When an organization is not certified against ISO/IEC 27001 yet, it can apply for certification of both ISMS and ISMS-PIMS at the same time.

The criteria for ISMS-PIMS Certification

The criteria for ISMS-PIMS certification is;

ISO/IEC 27701:2019 Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines

The standard is prepared as additional requirements and guidelines respectively to ISO/IEC 27001*1 and ISO/IEC 27002*2 for privacy information management system.
*1 ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
*2 ISO/IEC 27002:2013 Information technology — Security techniques — Code of practice for information security controls

Extension to ISO/IEC 27001 and ISO/IEC 27002

The roles in the organization (as PII controller and/or PII processor)

The roles in organizations are specified as follows in ISMS-PIMS certification;

 PII controller:
privacy stakeholder (or privacy stakeholders) that determines the purposes and means for processing personally identifiable information (PII) other than natural persons who use data for personal purposes

 PII processor:
privacy stakeholder that processes personally identifiable information (PII) on behalf of and in accordance with the instructions of a PII controller

(Source; ISO/IEC 29100:2011 Information technology - Security techniques - Privacy framework, 2.10, 2.12)

When organizations are to achieve ISMS-PIMS Certification, they need to specify the roles within themselves; PII controller and/or PII processors.
ISMS-PIMS Certification is to certify organizations for appropriate implementation of the Privacy Information Management System based on ISO/IEC 27701 in addition to ISMS Certification (ISO/IEC 27001).

ISMS-PIMS Accredited Certification Bodies and Certified Organizations