ISO 27701
Certified Privacy Information Management Systems (PIMS) for GDPR-compliant data protection
The ISO 27701 standard serves as proof of compliance with data protection regulations and is an extension of the generally recognised ISO 27001. The benefits of certification in the area of data protection for companies and organisations include control, management and positioning, as the risk-based approach helps to identify areas of liability and problems at an early stage and avoid them in a targeted manner. The standard is internationally valid and ensures that legal requirements are met.
CIS is one of the first internationally accredited providers to offer the certificate for data protection management in accordance with ISO 27701 – as an extension to ISO 27001 – which is regarded as objective and recognised proof of GDPR-oriented data protection in your company. The certificate creates trust both internally and externally and thus creates a clear positioning on the market.
What is ISO/IEC 27701?
In short: ISO/IEC 27701 is a standard for the protection and correct handling of personal data.
With ISO 27701 certification, companies and organisations can prove that they comply with data protection regulations. It is considered an extension of ISO 27001. It supplements the standard for information security management systems (ISMS) with a number of key data protection aspects.
The certificate creates trust and offers protection – both internally and externally – and sends a clear signal to the market.
GDPR legal certainty
How can GDPR legal certainty be realised by means of ISO 27701 certification?
Certification is not explicitly required by the GDPR. What counts here is valid proof of how carefully the company handles data protection requirements. With this in mind, ISO 27701 certification provides a high degree of legal certainty. The structured documentation and technical logs make it possible to provide the necessary proof of due diligence. This is ultimately decisive for fines and liability issues.</p
Utilising synergies with the integrated approach
Integrated approach based on ISO 27001 and ISO 27701
The official title of the standard already reveals the basic content: “ISO/IEC 27701:2019-08 – Information technology – Security procedures – Extension to ISO/IEC 27001 and ISO/IEC 27002 for data protection management – Requirements and guidance”.
It is not only the title that shows the thematic affiliation within the ISO 27000 family of standards and how closely information security and data protection are linked: Both standards and the joint management system are based on the principles of confidentiality, integrity and availability of data and information. Joint implementation is therefore not only particularly efficient, but also recommended.
Your advantages with ISO 27701
- Objective proof with official certificate
- Increased legal certainty and transparency
- Ensuring solid data protection mechanisms
- Increasing data protection expertise
- Risk minimisation in the event of data protection violations and their consequences
- Building trust with existing and potential customers
For whom does ISO 27701 certification make sense?
ISO 27701 certification can be used as evidence in proceedings with the data protection authority in the event of a data protection incident or problem. Certification proves that data protection measures have been implemented and tested. In today’s working world, a comprehensive approach to data protection is not only advisable for all companies, but can also minimise any penalties in the event of an incident.
Organisations that have already implemented a management system and wish to expand it to include data protection are best placed to obtain certification. Integration into an existing information security management system and/or a data protection management system is efficient and easy due to the overlap in content.
Why is data protection important now?
Increasing digitalisation means that more and more sensitive data is available and therefore also exposed to potential cyberattacks. Since the GDPR came into force, additional and stricter requirements apply in the event of a data protection incident, such as reporting within 72 hours. Neglect or late reporting can result in high penalties and fines.
What is the difference between ISO 27701 and ISO 27001?
ISO 27701 certification for data protection management is considered an add-on to the internationally recognised ISO 27001 standard for information security. Both belong to the same family of standards and follow the high-level structure (they have a consistent structure and can be integrated).
Building on an existing ISO 27001 certification, some additional standard points and a set of controls (measures and specifications) for data controllers and processors must be implemented.
How long does ISO 27701 certification take
The time required is only 30-40% longer than for ISO 27001 certification alone. A certificate is based on the validity of the ISO 27001 certificate, it is valid for 3 years and is checked annually for compliance. Information on the project phases and the certification process can be found here.
An overview of our certifications
Request
We are delighted that you are interested in our services. We will be happy to send you further information. Please provide us with the following information:
