ISO27701:2019 vs NIST Privacy Frameworks

While both standards have many similarities in that both are voluntary and designed to be mapped to most privacy regulations and are not prescriptive about specific technologies to use. There are differences in approach.

  1. NIST leverages it’s own CSF (Cyber Security Framework) while ISO27701 leverages it’s ISO27001 ISMS standard.
  2. The NIST Privacy framework is composed of three parts: Core, Profiles, and Implementation Tiers (Same format as it’s CSF) while the ISO framework uses clauses and control mapping annexes