ISO in the Sun: PECB ISO/IEC 27701 Privacy Information Management System Lead Implementer

This five day course provides an overview to the structure of an Privacy Information Management System (PIMS) based on ISO/IEC 27701:2025, and how to implement the same in an organisation, e.g. for the purpose of certification.

Overview:

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing an Privacy Information Management System based on ISO/IEC 27701:2025.

Participants will also gain a thorough understanding of requirements and guidance of ISO/IEC 27701:2025 as well as their relationship ISO/IEC 27001:2022 et al and thus that between a PIMS and an ISMS.

Moreover, participants will gain a comprehensive understanding of best practices of privacy information management and learn how to manage and process data while complying with various data privacy regimes.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline:

Introduction to PIMS Concepts per ISO/IEC 27701:2025

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security and Privacy
• Privacy Information Management System (PIMS)

Planning the PIMS Implementation

• PIMS Scope and Privacy Policy
• Privacy Risk Assessment
• Privacy Impact Assessment
• PIMS Statement of Applicability
• Selection of Controls

Implementing the PIMS

• Implementation of a Document Management Framework
• Awareness, Training und Communication
• Documentation Management
• Implementation of Controls
• Implementation of Controls specific to Controllers of Personally Identifiable Information (PII)
• Implementation of Controls specific to PII Controllers

Performance Evaluation and Improving the PIMS

• Monitoring the PIMS with Metrics, Performance Indicators etc
• Internal Audit, Management Review and Corrective Actions
• Implementation of a Continual Improvement Program
• Preparing for the Certification Audit

Objectives:

Completion of this course will enable students to

• Understand the principles of a PIMS conforming to ISO/IEC 27701:2025, including the relationship to and ISMS, ISO/IEC 27001:2022, ISO/IEC 27002:2022 etc and regulatory frameworks
• Apply concepts, approaches, standards, methods and techniques for the effective operation of a PIMS
• Advise organisations on PIMS best practices
• Manage teams implementing ISO/IEC 27701:2025

Audience:

This course is aimed at students with (future) roles like

• Project managers, consultants and team members implementing privacy and data management
• Data and privacy officers
• CxO and senior managers of a PIMS and ISMS scope
• Auditors requiring more PIMS implementation insight

Prerequisites:

General understanding of common business processes.

Some past exposure to information or IT security, management systems and / or project management helpful, but not required.

Examination and Certification:

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Exam and first year certification fees are included in the course fees.