What is ISMS-PIMS Certification?
ISMS-PIMS Certification is to certify organizations for their conformance to the requirements of Privacy Information Management System based on ISO/IEC 27701 with a prior condition that they already conform to ISMS (ISO/IEC 27001:2013).
Organizations need to have achieved ISMS Certification prior to their extension to ISMS-PIMS Certification.
When an organization is not certified against ISO/IEC 27001 yet, it can apply for certification of both ISMS and ISMS-PIMS at the same time.
The criteria for ISMS-PIMS Certification
The criteria for ISMS-PIMS certification is;
The standard is prepared as additional requirements and guidelines respectively to ISO/IEC 27001*1 and ISO/IEC 27002*2 for privacy information management system.
*1 ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
*2 ISO/IEC 27002:2013 Information technology — Security techniques — Code of practice for information security controls
The roles in the organization (as PII controller and/or PII processor)
The roles in organizations are specified as follows in ISMS-PIMS certification;
（Source; ISO/IEC 29100:2011 Information technology - Security techniques - Privacy framework, 2.10, 2.12）
When organizations are to achieve ISMS-PIMS Certification, they need to specify the roles within themselves; PII controller and/or PII processors.
ISMS-PIMS Certification is to certify organizations for appropriate implementation of the Privacy Information Management System based on ISO/IEC 27701 in addition to ISMS Certification (ISO/IEC 27001).