ANAB recently accredited two ISO/IEC 17021-1 certification bodies to ISO/IEC 27701:2019, the world’s first international standard to help organizations manage privacy information and meet regulatory requirements.
The first certification bodies to attain ANAB accreditation to offer ISO/IEC 27701 certification are:
- A-LIGN Compliance and Security, Inc., dba A-LIGN, based in Tampa, FL, a security, privacy, and compliance provider specializing in mitigating cybersecurity risks by assessing organizations with multiple compliance standards.
- Coalfire ISO Inc., based in Atlanta, GA, a cybersecurity advisor that helps private and public sector organizations avert threats close gaps, and effectively manage risk.
Privacy Information Management Systems
The digital world makes us more connected than ever. But there are risks to personal privacy associated with being connected. ISO/IEC 27701 specifies requirements and guidelines for establishing, implementing, maintaining, and continually improving an organization’s privacy information management system. The continuous improvement component is especially important given that technology is constantly evolving.
ISO/IEC 27701 is an extension to two other standards:
- ISO/IEC 27001:2013, Information technology – Security techniques – Information security management systems – Requirements
- ISO/IEC 27002:2013, Information technology security techniques code of practice for information security controls
Response to a Universal Need
Protecting personally identifiable information (PII) is a universal need and a topic of international regulation and legislation. According to research sponsored by IBM, the average cost of a data breach is $3.6 million. Cybersecurity attacks on businesses have increased in recent years.
Governments around the world are introducing various privacy regulations. One of the most familiar is the European Union’s General Data Protection Regulation (GDPR), to which organizations must adhere. ISO/IEC 27701 will help businesses meet such requirements.
ISO/IEC 27701 certification allows organizations to demonstrate their adherence to privacy requirements and controls. Certification also streamlines compliance obligations for ISO/IEC 27001 and GDPR. It does this by integrating privacy into the certified organization’s information security management system.
This groundbreaking standard for privacy is suitable for organizations of all sizes, in all industries, and in any location. ISO/IEC 27001 allows organizations to effectively protect and manage the personal data they handle.