* Carlos Borella
ISO / IEC 27701: 2019 - What is its importance? And how can she assist you with customers and partners?
THE ISO / IEC 27701: 2019 is a privacy focused extension for information security management systems (SGSI based on ISO / IEC 27001) and is intended to specify requirements and provide guidance for establishment, implementation, maintenance and continuous improvement for information privacy management systems, or in English, PMIS (Privacy Information Management System).
The regulations (GDPR, UK DPA, LGDP, among others) require organizations to take steps to ensure the privacy of processed personal data, but broadly none of them guide the controls that should be implemented in a practical manner.
THE ISO 27001 lays down the requirements for a SGSI, through a risk-based approach that encompasses people, processes and technology. The organizations that implemented the ISO 27001 may use the ISO 27701 to extend their security efforts to cover the privacy management - including the processing of personal data / PII (personally identifiable information).
Organizations that do not have a SGSI can implement the ISO 27001 and ISO 27701 as a single implementation project.
Have an environment ISO 27001 Independent certification provides stakeholders (customers, partners, suppliers, and others) with assurance that data is being adequately protected. And the extension ISO 27701, enables controllers and data processors to demonstrate that reasonable steps have been taken to comply with data protection regulations and that international best practices when it comes to protecting personal data / PII are being applied.
In general, ISO 27701 can present organizations:
- Raising the maturity level of the organizationregarding privacy, as the organization following the guidelines of the ISO 27701 will be implementing data protection controls following an internationally known standard;
- Certification will allow the organization to demonstrate to its customers, suppliers, partners, among others, that maintains personal data security controls in its environment, and this has been audited and certified by an independent body.
Schedule a conversation with one of our experts and understand how we can support you on this journey.
* Carlos Borella is a SAFEWAY Partner
Regarding the [SAFEWAY]
SAFEWAY is an Information Security company, recognized by its customers for offering high value added solutions through Information Security projects that fully meet business needs. During these years of experience, we have proudly accumulated several successful projects that have earned us credibility and prominence in our clients, which constitute in large part the 100 largest companies in Brazil.
Today through more than 17 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.
Let's make the world a safer place to live and do business!