ISO 27701 Certification

Comprehensive privacy management system for more security

Since the introduction of the GDPR (General Data Protection Regulation), the topic of data protection has become increasingly important for many companies.

Under the circumstances, it makes good sense to introduce an appropriate data protection management system. ISO 27701 offers extended protection for companies’ IT security based on an existing ISO 27001 certification.

The benefits you get from the ISO 27701 certification

  • Heightened trust among customers and business partners

  • Increased transparency in data management

  • Compliance with data protection regulations

  • Less risk of data breaches

ISO 27701 Certification

About ISO 27701 certification

ISO 27701 supplements ISO 27001, outlining further requirements for enhanced information security. Certification is achieved in accordance with ISO 27001 and extended to fulfill ISO 27701 stipulations. In both cases, management systems and requirements take center stage. ISO 27701 also contains supplements to ISO 27002, the implementation guidelines for the measures in Appendix A of ISO 27001.

Features of ISO 27701 include:

  • Data protection measures
  • Appointment of a person responsible for the privacy information management system (PIMS)
  • Data protection training for employees
  • Access and modification log
  • Encryption of special categories of personal data (e.g. health data)
  • Consideration of the "Privacy by Design" principle
  • Review of security incidents for data breaches

It is important to note that certificates in accordance with ISO 27001 and ISO 27002 do not meet the requirements of the GDPR. However, ISO 27701 forms the basis for a later GDPR audit and includes rules for data protection in the processing of personal data as well as data protection management i.e. contextual analysis, risk assessment and review of the company's control environment.

Privacy information management system in 6 steps

  1. Information discussion
    Meeting to determine the scope of the system and application
  2. Readiness assessment
    Readiness analysis with evaluation and review of the management system description
  3. Certification audit
    On-site review to evaluate the implementation and effectiveness of the information security management system (ISMS) and the privacy information management system (PIMS)
  4. Certificate
    After successful completion, companies receive a certificate and the DEKRA test seal.
  5. First and second surveillance audit
    A surveillance audit is carried out annually to ensure continued practical implementation.
  6. Recertification
    Recertification before expiration of the three-year validity period.

ISO 27701 certification
Increased protection in your organization, thanks to ISO 27701.

Gain from our expertise

  • We offer a global network of experts accessible at any time
  • We have many years of experience and comprehensive know-how
  • Together we develop effective solutions, specially adapted to your needs
  • As an independent third party we offer objective, reliable services
  • We provide combined certifications that save time and money

Download

Share page
Contact