Personal data protection with ISO/IEC 27701
What is ISO/IEC 27701?
ISO/IEC 27701 buillds on ISO/IEC 27001. It is a compliance standard for GDPR (General Data Protection Regulation) and specifies the requirements for, and provides guidance for establishing, implementing, maintaining and continuously improving an information management system for privacy (PIMS) based on the requirements of the information security standard. It is extended with privacy-specific requirements and controls.
What types of organizations should consider ISO/IEC 27701?
ISO/IEC 27701 is for organizations that process personal data, in addition to personally identifiable information (PII), which is information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual.
Is ISO/IEC 27701 accreditation offered in addition to ISO/IEC 27001?
Nemko offers non-accredited certification in accordance with ISO/IEC 27701 solely in combination with or after accredited certification in accordance with ISO/IEC 27001.
- Nemko has a lean organization with an effective decision-making process and quick turnaround
- Auditors have valuable experience and inspire a culture of constant improvement
- They value communication with customers
- Observations and comments are clearly expressed to ensure measurable improvement
- The approach is practical and down-to-earth
- The auditor is responsible for the customer during the entire audit process and audit cycle
The certification process consists of two phases:
- Phase 1consists of an audit of the business in order to review the status of the organization, system documentation, infrastructure, etc. This assesses the maturity of the system.
- Phase 2is the certification audit, aiming to verify that the system documentation meets the requirements of the standard. The certification audit will give feedback to the organization on issues that are not in conformance with the standard and that need to be corrected before a certificate can be issued.