Book Course

Home Book Course ISO Management Systems ISO/IEC 27701:2019 Privacy Information Management System Expert Training

ISO/IEC 27701:2019 Privacy Information Management System Expert Training


Organizations globally are caught in a trap between – “managing their compliance problem” and “solving their compliance problem”.


It is essential to privacy regulations, data subject rights and awareness are raising globally. Every organization must be audit-ready for this new-age test with regards toto sustainable privacy program.


A well thought-out privacy program simplifies privacy management by providing an inclusive framework which allows for proactive administration at an organization level.


Why should you take this training?

This training program will help you increase your knowledge of the requirements and guidance contained within ISO/IEC 27701 standard, from an implementation perspective for the personally identifiable information (PII) controller and PII processor implementation role.


This program will help you to extend your ISO/IEC 27001 ISMS to include specific requirements and guidance for protecting personally identifiable information (PII) and implementing a formal and structured PIMS.


The purpose of this training is:

  • To provide the candidate with a complete understanding of ISO/IEC 27701:2019 standard and its implementation structure;
  • To provide the candidates with a comprehensive implementation knowledge of PIMS-specific guidance related to ISO/IEC 27002 standard;
  • To provide the candidates with a complete set of activities required both as a PII Controller and PII Processor with regards to the ISO/IEC 27002 standard;
  • To provide the candidates with a complete activity list of PII controller and PII processor;
  • To provide the candidate with practical insights on International data transfers.


Who should attend this training?

This program is ideally suited to those in a variety of job roles including:

  1. Data Privacy professionals
  2. Information Security and IT professionals
  3. Information System and Security Auditors
  4. Compliance Officers, Legal Counsels
  5. Designated Data Protection Officers
  6. Senior Management / Leadership roles


What you will learn in this training?

This training program prepares the candidates to first conduct a gap analysis of your organization’s current compliance with the requirements of ISO/IEC 27701 and subsequently to implement the key requirements and guidance of ISO/IEC 27701.


Through this program, you`ll be able to establish an understanding of the issues organizations face when maintaining and improving processes in a PIMS framework.


Course duration: 4-days of Learning. (Each day is about 8 hours).


Bloom Level: BL3, BL4, BL5 and BL6


Course agenda: 

Day 1:


  • Principles of information security and privacy
  • Application of ISO/IEC 27001 requirements
  • Application of ISO/IEC 27001 guidelines


Gap Assessment

  • Conducting gap assessment of the organization with regards to ISO/IEC 27701 criteria
  • Recording the outcomes of gap assessment
  • Reporting to Management


PIMS-specific requirements to ISO/IEC 27001

  • Understanding the organization and its context
  • The needs and expectations of interested parties
  • The scope of the ISMS
  • Leadership role and its commitment
  • PIMS Statement of Applicability
  • Action to address risks and opportunities
  • Required resources, competence and awareness
  • Information security risk assessment and treatment


Day 2:

PIMS-specific guidance to ISO/IEC 27002

  • Information security policy
  • Organization of information security
  • Human resource security
  • Asset management
  • Access control
  • Cryptography
  • Physical and Environmental security
  • Operations security
  • Communications security
  • Information security incident management
  • Information security aspects of business continuity
  • Compliance


Day 3:

ISO/IEC 27001 guidance for PII controllers

  • Conditions for collection and processing
  • Identifying and documenting the purpose
  • Identifying Lawful basis
  • Obtaining and recording consent
  • Conducting privacy impact assessment
  • Determining and fulfilling the obligations to PII principals
  • Mechanism to modify or withdraw consent
  • Mechanism to object to PII processing
  • Access, correction and erasure
  • Informing 3rd parties as a PII controller
  • Automated decision making
  • Privacy by design and privacy by default
  • PII sharing, transfer and disclose


Continuous improvement of a PIMS based on ISO/IEC 27701


Preparing for a PIMS certification audit


Day 4:

ISO/IEC 27001 guidance for PII processors

  • Conditions for collection and processing
  • Customer agreement
  • Infringing instruction
  • Customer obligation
  • Records related to processing PII
  • Obligations to PII principals
  • Privacy by design and privacy by default
  • PII transmission controls
  • Return, transfer or disposal of PII
  • Basis for PII transfer between jurisdiction
  • Countries and International transfers
  • Notification of PII disclosure requests
  • Legally binding PII disclosures


Performance evaluation, monitoring and measurement of a PIMS based on ISO/IEC 27701


Mapping to

  • ISO/IEC 27018 and ISO/IEC 29151
  • ISO/IEC 29100
  • GDPR


Applying ISO/IEC 27701 to ISO/IEC 27002


How you will learn?

This training program is delivered in a classroom or online setting using case study and class exercises that are designed to enhance the participants’ interpretation of ISO/IEC 27701:2019 standard.


Candidates, who complete this training program, are suitably prepared to take the 1WCERT ISO/IEC 27701:2019 PIMS Expert certification exam.


Supporting material for this training:

Candidates will receive an electronic copy (PDF) of the training program slides deck along with classroom notes, case study and sample exam preparation questions.


An integral part of the training material is free 90 days access to our online LMS (Learning Management System).


What are the prerequisites for this training?

For this course, the candidate has completed the ISO/IEC 27701 Foundation training and passed the exam.

It’s essential to have a basic fundamental working knowledge of ISO 27001 Information Security Management system, although it’s not mandatory.



On passing the 1WCERT exam you become, ISO/IEC 27701 PIMS Expert certified.