The exponential growth of the collection of personal information and the increase in data processing has led to concerns about privacy. Keeping data safe is becoming a growing challenge, so organizations are required to implement appropriate controls to ensure that personal data is protected.
Therefore, ISO (International Organization for Standardization) has developed the first international standard that supports organizations so that they can safely manage confidential information and can comply with legal requirements: ISO/IEC 27701.
About ISO/IEC 27701
ISO/IEC 27701:2021 – ”Security Techniques. Extension to ISO/IEC 27001 and ISO/IEC 27002 for the management of privacy information. Requirements and Guidelines"
The standard is an extension of ISO 27001 on data privacy and provides guidance for organizations that want to implement systems that support GDPR compliance and other data privacy requirements, allowing organizations to evaluate, treat and reduce the risks associated with the collection, maintenance and processing of personal information.
The standard defines the requirements for an information security management system adapted to protect personal data, called the Privacy Information Management System, in short PIMS.
Certification of a confidentiality information management system shall:
- assure stakeholders that your organization takes data privacy seriously
- allow you to take your information security management system to the next level
- be applicable to any organization that controls or processes personal data and has an ISO 27001 system
- allow organizations of all sizes and from all sectors of activity to adopt a comprehensive, risk-based approach to data protection.
Advantages of certification
- provide trust and ensure a competitive advantage by protecting consumers' personal information;
- demonstrate and support your efforts to comply with various privacy laws and regulations;
- identify and reduce risks by implementing rigorous confidentiality controls;
- prove continuous improvement of the privacy information management system.
Who should implement ISO/IEC 27701?
ISO/IEC 27701 has been designed to be used by all data controllers and data processors. Like ISO 27001, it supports a risk-based approach, so that each organization addresses the specific risks it faces, as well as the risks both for personal data and for the integrity and confidentiality of this data.
Do you want to know the costs of certification?
Please fill in the online INQUIRY and you will receive our answer in the shortest time possible or please contact Sales Department: sales@srac.ro |