16 December 2020

Hartis telecare receives first Kiwa ISO/IEC 27701 certification

Kiwa today awarded the first certification for privacy information management to Hartis Telezorg. This new standard was developed by experts from Kiwa in close cooperation with NEN. Organisations that have made visibly good arrangements for the protection of privacy in the processing of personal data and meet the requirements of the ISO/IEC 27701 standard are eligible for the certification. Hartis Telezorg from Bussum was the first organisation to receive the certificate from Ronald Westerveen, manager of Kiwa's Cyber Security Expert Centre.

"The new standard contributes to taking the necessary measures to comply with the specific control measures for protection of privacy-sensitive information", says Westerveen. "Organisations such as Hartis Telezorg, which are certified on the basis of ISO 27701, show that they are at the forefront in this area. When it comes to this information ISO 27701 goes a big step further than the well-known international standard ISO 27001. Where this focuses on data security in general, NCS 27701 explicitly focuses on the way in which the security of privacy sensitive data is regulated. At a time when we hear about incidents involving personal data on a daily basis, a certification such as this one offers trust".

Gigi Rikmans, Director of Hartis, adds: "We process special personal data, including medical data, on a large scale. In order to provide our customers, but especially our patients, with the highest possible reliability in addition to the best possible cardiac rhythm diagnosis, in addition to our ISO 27001 and NEN 7510 certifications, we have also chosen to have our privacy processes audited to this latest international standard. We already had the AVG certificate from Kiwa, but an ISO standard provides even more transparency and clarity for all parties involved. This is in line with our continuous pursuit of the best and safest care for our patients".

Certification has a great deal of added value for any organisation that wants or has to demonstrate that it handles privacy-sensitive information in a responsible manner. "Certainly if this information can be traced back to individuals. It may also be necessary if certification by an independent body is desired, such as in a tender or tender process," says Westerveen. Kiwa points out that there is a lot of enthusiasm among organisations to be considered for the new certification.

ISO 27701 is an extension of the already known standards for information security ISO 27001 and ISO 27002 and offers organisations tools for setting up, implementing, maintaining and improving a Privacy Information Management System (PIMS).  

Photo: Ronald Westerveen, manager Kiwa Expert Center Cybersecurity and Gigi Rikmans, director of Hartis Telecare.