ISO 27701

ISO 27701 certification is a standard for privacy management. Privacy protection has become increasingly important with the introduction of the GDPR. However, managing this effectively requires more than just a law; it also requires insight into compliance status. The ISO 27701 standard addresses this by defining a certifiable PIMS, or Privacy Information Management System

About ISO 27701 certification

ISO 27701 certification expands on the international information security standard, ISO 27001. This has advantages, as both standards utilize the same measures and structure. ISO 27001 forms the foundation for information security, upon which ISO 27701 is based. In addition, ISO 27701 offers additional measures aimed at safeguarding privacy for both controllers and processors.

The privacy standard requires several things that are also defined as requirements in the GDPR. For example, you are required to maintain a register of processing activities and ensure that processing agreements are in order. You are also required to establish a formal privacy policy and to clearly prioritize this as a topic during internal audits. ISO 27701 certification contributes to GDPR compliance.

Contact us

Do you have questions about this audit, or have your customers requested an assurance statement? Or would you like to discuss the possibilities for improving the control of your own processes? We would be happy to discuss the possibilities with you.

Contact

Advantages of ISO 27701 certification for your organisation

Just as ISO 27001 certification helps companies gain a handle on information security, ISO 27701 certification provides guidance for the careful handling of privacy-sensitive information. The standard places a clear focus on determining what privacy entails for the organisation and how this translates into processes and procedures.

A PIMS therefore provides standardization and oversight, reducing the risk of deviations and errors. This ultimately significantly reduces the risk of data breaches.

A second advantage is its commercial value: With a certified privacy management system, you demonstrate to your (potential) customers that you are committed to protecting privacy. Especially in a world where privacy is frequently violated, this is a powerful signal.

What can you expect from ISO27701 Certification?

Because the ISO 27701 Assessment is effectively an extension of ISO 27001, the standard may only be assessed in combination with ISO 27001. This means that a combined audit is required.

During an audit, the wording of the policy will be examined and the policy and associated processes and procedures will be assessed to determine whether they are appropriate for the organisation. The auditor will therefore look at what information is processed, what types of processing take place and what measures have been taken to protect privacy. A second check is that of the functioning: the auditor will assess whether the organisation complies with the defined processes aimed at safeguarding the privacy protection of the data of those involved.

Lastly, they check whether all documentation and records are in order, such as the processing register and processing agreements.

Your auditor is therefore an important part of your privacy management: this external perspective provides confirmation of all matters that are well organised and a clear overview of areas that still need improvement.