ISO/IEC 27701: FOUNDATION
The ISO/IEC 27701: Foundation course provides participants with a comprehensive understanding of the requirements, structure, and practical application of a Privacy Information Management System (PIMS) based on ISO/IEC 27701. ISO/IEC 27701 is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The standard extends ISO/IEC 27001 and ISO/IEC 27002 by introducing privacy-specific requirements and controls for organizations acting as Personally Identifiable Information (PII) Controllers and/or PII Processors. This Foundation-level course moves beyond awareness and introduces participants to core ISO/IEC 27701 clauses, roles, privacy risk concepts, and control requirements, preparing them to support PIMS implementation, audits, and continual improvement, or to progress to advanced ISO/IEC 27701 certifications. Course Objectives By the end of this course, participants will be able to: Understand the purpose, scope, and benefits of ISO/IEC 27701 Interpret the structure and key requirements of a PIMS Understand roles of PII Controllers and PII Processors Identify privacy-specific controls and responsibilities Understand privacy risk assessment principles Support implementation and operation of a PIMS Prepare for the ISO/IEC 27701 Foundation certification examination
Course Curriculum
1
- Privacy and personal data protection concepts
- Personally Identifiable Information (PII)
- Relationship between privacy and information security
- Importance of PIMS
2
- Purpose and scope of ISO/IEC 27701
- Applicability to organizations and roles
- Benefits of implementing a PIMS
- Relationship with ISO/IEC 27001 and ISO/IEC 27002
3
- High-Level Structure (Annex SL alignment)
- Clauses extending ISO/IEC 27001 requirements
- Annex A (PII Controller controls)
- Annex B (PII Processor controls)
4
- PII Controller and PII Processor roles
- Accountability and leadership responsibilities
- Privacy governance structures
- Assignment of responsibilities
5
- Identifying privacy risks
- Assessing likelihood and impact
- Relationship with information security risk management
- Defining privacy risk treatment actions
6
- Lawful processing and consent management
- Data subject rights management
- Data retention and deletion
- Data sharing and disclosure controls
7
- Managing PII processors
- Contractual and assurance requirements
- Monitoring and oversight
- Cross-border data considerations (overview)
8
- Privacy awareness programs
- Training requirements
- Internal and external communication
- Promoting privacy-by-design culture
9
- Monitoring PIMS performance
- Internal audits (overview)
- Management review
- Continual improvement
10
- Certification process overview
- Audit expectations and evidence
- Common nonconformities
- Maintaining certification
11
- Review of ISO/IEC 27701 Foundation syllabus
- Sample questions and exam techniques
- Certification exam guidance
12
- Instructor-led classroom or virtual training
- Interactive discussions and privacy scenarios
- Case-based learning
13
- Privacy and data protection officers
- Information security and ISMS professionals
- Governance, risk, and compliance (GRC) professionals
- Legal and compliance staff
- IT and business managers handling personal data
- Professionals preparing for ISO/IEC 27701 Foundation certification
14
- Basic understanding of information security concepts
- ISO/IEC 27001 Foundation knowledge is beneficial but not mandatory
15
- Knowledge checks and quizzes
- Scenario-based discussions
- ISO/IEC 27701 Foundation certification examination
This course includes
- 15+ Activity Modules
- 40 hours + lessons
- Lifetime access
- Certificate of completion
- Available on desktop and mobile
Some of Our Partners
