ISO 27701 is an international standard that outlines specific requirements to help organizations ensure Personally Identifiable Information (PII) confidentiality, integrity, and availability per a wide range of data protection and privacy laws, including HIPAA and the CCPA. This standard expands on the existing ISO 27001.
While ISO 27001 provides a comprehensive framework for information security, it doesn’t explicitly address the protection of PII. ISO 27701 fills this gap by providing additional guidance on securing PII in compliance with international privacy regulations.
As a board of directors, it’s your responsibility to safeguard the sensitive information of your stakeholders, which includes:
- Social Security numbers
- Credit card information
- Personal health information
A customer data breach or other security incident involving PII can result in significant financial and reputational damage to your organization. Therefore, implementing effective risk management strategies is crucial for minimizing the likelihood of such an incident occurring.
Before implementing new software that will store PII, boards should verify the software is ISO 27701 certified. At OnBoard, we believe boards should make informed decisions on complicated company matters with ease. That’s why we provide an ISO 27701-compliant online platform that ensures your board meetings not only run smoothly and effectively, but also makes it easy for boards to fulfill their compliance obligations.