The internet explorer is no longer supported. Please switch browsers for better website experience.
In order to provide you with a convenient online experience, our website uses cookies. By using our website, you agree that we may use the cookies described in detail in our Cookie Settings
. You may manually adjust your cookie preferences at any time on that page.
Comprehensive privacy management system for more security
Since the introduction of the GDPR (General Data Protection Regulation), the topic of data protection has become increasingly important for many companies.
Under the circumstances, it makes good sense to introduce an appropriate data protection management system. ISO 27701 offers extended protection for companies’ IT security based on an existing ISO 27001 certification.
The benefits you get from the ISO 27701 certification
Heightened trust among customers and business partners
Increased transparency in data management
Compliance with data protection regulations
Less risk of data breaches
About ISO 27701 certification
ISO 27701 supplements ISO 27001, outlining further requirements for enhanced information security. Certification is achieved in accordance with ISO 27001 and extended to fulfill ISO 27701 stipulations. In both cases, management systems and requirements take center stage. ISO 27701 also contains supplements to ISO 27002, the implementation guidelines for the measures in Appendix A of ISO 27001.
Features of ISO 27701 include:
Data protection measures
Appointment of a person responsible for the privacy information management system (PIMS)
Data protection training for employees
Access and modification log
Encryption of special categories of personal data (e.g. health data)
Consideration of the "Privacy by Design" principle
Review of security incidents for data breaches
It is important to note that certificates in accordance with ISO 27001 and ISO 27002 do not meet the requirements of the GDPR. However, ISO 27701 forms the basis for a later GDPR audit and includes rules for data protection in the processing of personal data as well as data protection management i.e. contextual analysis, risk assessment and review of the company's control environment.
Privacy information management system in 6 steps
Information discussion Meeting to determine the scope of the system and application
Readiness assessment Readiness analysis with evaluation and review of the management system description
Certification audit On-site review to evaluate the implementation and effectiveness of the information security management system (ISMS) and the privacy information management system (PIMS)
Certificate After successful completion, companies receive a certificate and the DEKRA test seal.
First and second surveillance audit A surveillance audit is carried out annually to ensure continued practical implementation.
Recertification Recertification before expiration of the three-year validity period.
Gain from our expertise
We offer a global network of experts accessible at any time
We have many years of experience and comprehensive know-how
Together we develop effective solutions, specially adapted to your needs
As an independent third party we offer objective, reliable services
We provide combined certifications that save time and money
Did you know DEKRA can perform remote audits?
DEKRA offers remote audit solutions that increase flexibility, while decreasing setup time and travel costs. Remote audits include the same processes as on-site audits, but use secure technology to conduct interviews and tours, review documents, and inspect systems remotely. An audit may be fully remote or utilize a blended approach, depending on your needs and capabilities. Our remote audits meet ISO 19011:2018 and IAF MD 4:2018 standards for security and are accepted by ANAB.