arrow-left Back to Announcements
DATE:
AUTHOR:
The folks at Scrut
New Feature

New framework: ISO/IEC 27701:2025 now available in Scrut

DATE:
AUTHOR: The folks at Scrut

What's new?

Scrut now supports ISO/IEC 27701:2025 in the Frameworks module. The 2025 version is the definitive update for organizations looking to integrate privacy controls into their existing ISO 27001 management system. It provides a structured framework for both PII Controllers and PII Processors, ensuring that personal data is handled securely and in compliance with global privacy expectations (including GDPR, CCPA, and more.

Why was this needed?

ISO 27701:2025 enables your organization to move beyond "security-by-chance" to "privacy-by-design." It provides a verifiable way to demonstrate to partners, regulators, and customers that you treat personal data with technical rigor and legal compliance. This framework encompasses:

  • Data Sovereignty: Focuses on where data is stored and how it is processed.

  • Transparency: Ensures customers are informed about how their PII (Personally Identifiable Information) is used and who has access to it.

  • Accountability: Provides clear guidelines for notifying of data breaches and for handling government requests for data.

  • Privacy-First Culture: Integrates privacy requirements directly into your existing security operations.

  • Regulatory Alignment: Simplifies the process of proving compliance with complex, overlapping global privacy regulations.

  • Trust and Reputation: Provides an internationally recognized seal of approval that you treat personal data with the care it requires.

How it works

  • Access the ISO/IEC 27701:2025 framework from the Frameworks module in Scrut.

  • Link your existing ISO 27001 controls to the additional PIMS-specific privacy requirements using integrated controls mapping.

  • Review the comprehensive breakdown of technical and procedural requirements, with evidence and policy suggestions to guide your validation strategy.

  • Connect requirements to your internal policies, risk management processes, and technical documentation in one centralized location.

  • Use the default Statement of Applicability (SOA) for ISO 27018, with pre-suggested in-scope controls and pre-filled out-of-scope justifications, to reduce manual setup.

  • Generate detailed readiness reports to share compliance status with internal and external stakeholders.

Need help?

Your Customer Success Manager (CSM) is always ready to help if you need assistance. Explore all recent product updates → View now.

Powered by LaunchNotes