2 June 2020

Kiwa enables organizations to certify their privacy management system with ISO / IEC 27701

With the new ISO / IEC 27701 certificate from Kiwa, organizations can demonstrate that they have properly regulated the protection of privacy in the processing of data. This way they can show that they handle privacy-sensitive information in a careful manner.

The new ISO / IEC 27701 standard focuses on controlling all relevant privacy aspects in a management system. The standard contributes to the necessary measures for compliance with the General Data Protection Regulation (GDPR). Organizations that are ISO / IEC 27701 certified demonstrate that they play a pioneering role in this area.

ISO 27001 - ISO / IEC 27701

ISO / IEC 27701 is an extension of the already existing standards for information security ISO 27001 and ISO 27002. It offers organizations handles for setting up, implementing, maintaining and improving a Privacy Information Management System (PIMS).

In recent months, Kiwa has joined a working group for the development of the certification scheme for ISO / IEC 27701. The scheme applies to a variety of organizations of all sizes, including public and private companies, government agencies and non-profit organizations that are personally identifiable data controllers and / or PII processors and process PII within an ISMS.

Protection of privacy-sensitive information

The ISO / IEC 27701 standard contains specific control measures for the protection of privacy-sensitive information. Organizations that already work with an Information Security Management System can upgrade this to a Privacy Information Management System (PIMS) based on ISO 27701.

An organization that already works according to the ISO 27001 standard can extend this with the ISO 27701 by drawing up and implement various guidelines and procedures. This is a continuous cycle, in which changes that have an impact on the PIMS are correctly processed, implemented and monitored in the meantime. This keeps the PIMS up-to-date, which is important to continue to meet the requirements for certification.

Added value for any organization

“Certification based on ISO / IEC 27701 is of added value to any organization that wants or must demonstrate that it handles privacy-sensitive information in a responsible manner. Especially if this information can be traced back to an individual. Certification may also be required in case of a tender or quotation process”, says Ronald Westerveen, manager of the Expert Center for Cyber Security at Kiwa. “We support organizations in this and provide training in which the standard is explained in detail. During a GAP analysis, we can also identify the steps that organizations must take to be certified.”

Register for a pilot audit

For the validation of the certification scheme, Kiwa is looking for organizations that want to participate in pilot audits for ISO / IEC 27701 certification in the coming months. When completed successfully, you can count yourselve among the first certificate holders of this new standard. Are you interested to participate? Please contact Ronald Westerveen from Kiwa via the contact form on this page. You can register until June 26.