ISO 27701 Certification: Privacy Management
Comprehensive privacy management system for more security
Since the introduction of the GDPR (General Data Protection Regulation), the topic of data protection has become increasingly important for many companies.
Under the circumstances, it makes good sense to introduce an appropriate data protection management system. ISO 27701 offers extended protection for companies’ IT security based on an existing ISO 27001 certification.
About ISO 27701 certification
ISO 27701 supplements ISO 27001, outlining further requirements for enhanced information security. Certification is achieved in accordance with ISO 27001 and extended to fulfill ISO 27701 stipulations. In both cases, management systems and requirements take center stage. ISO 27701 also contains supplements to ISO 27002, the implementation guidelines for the measures in Appendix A of ISO 27001.
Features of ISO 27701 include:
- Data protection measures
- Appointment of a person responsible for the privacy information management system (PIMS)
- Data protection training for employees
- Access and modification log
- Encryption of special categories of personal data (e.g. health data)
- Consideration of the "Privacy by Design" principle
- Review of security incidents for data breaches
It is important to note that certificates in accordance with ISO 27001 and ISO 27002 do not meet the requirements of the GDPR. However, ISO 27701 forms the basis for a later GDPR audit and includes rules for data protection in the processing of personal data as well as data protection management i.e. contextual analysis, risk assessment and review of the company's control environment.
Privacy information management system in 6 steps
- Information discussion
Meeting to determine the scope of the system and application - Readiness assessment
Readiness analysis with evaluation and review of the management system description - Certification audit
On-site review to evaluate the implementation and effectiveness of the information security management system (ISMS) and the privacy information management system (PIMS) - Certificate
After successful completion, companies receive a certificate and the DEKRA test seal. - First and second surveillance audit
A surveillance audit is carried out annually to ensure continued practical implementation. - Recertification
Recertification before expiration of the three-year validity period.
Gain from our expertise
- We offer a global network of experts accessible at any time
- We have many years of experience and comprehensive know-how
- Together we develop effective solutions, specially adapted to your needs
- As an independent third party we offer objective, reliable services
- We provide combined certifications that save time and money
DEKRA offers remote audit solutions that increase flexibility, while decreasing setup time and travel costs. Remote audits include the same processes as on-site audits, but use secure technology to conduct interviews and tours, review documents, and inspect systems remotely. An audit may be fully remote or utilize a blended approach, depending on your needs and capabilities. Our remote audits meet ISO 19011:2018 and IAF MD 4:2018 standards for security and are accepted by ANAB.