ISO 27701:2019 is the international standard for privacy information security management systems.

This standard, officially states the requirements for a management system designed to secure the private information under the organizationp.

Expected Outcomes for Accredited Certification to ISO 27701

Ronet is accredited by an American accreditation body ANAB for ISO 27701:2019.

(From the perspective of the organization’s customers) the expected outcomes  from an accredited certification “For the defined certification scope, an organization with a certified information security management system consistently provides products that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction.”

Notes:

  1. “Products” also include “services.”
  2. Customer requirements for the product may either be stated (for example in a
    contract or an agreed specification) or generally implied (for example in the
    organization’s  promotional material, or by common practice for that
    economic/industry sector).
  3. Requirements for the product may include requirements for delivery and post-
    delivery activities.

What accredited certification to ISO 27701 means

To achieve conforming system, the accredited certification process is expected to provide confidence that the organization has an information security management system that conforms to the applicable requirements of ISO 27701. In particular, it is to be expected that the organization:

  • Has established an information security management system that is suitable for the type of information that needs to be secured.
  • analyzes and understands customer needs and expectations, as well as the relevant statutory and regulatory requirements related to its information security scope
  • Identifies and analyzes the risks related to information security and applies the activities needed to reduce those risks.
  • Applies the controls required by the standard in order to protect the information
  • has ensured the availability of resources necessary to support the operation and monitoring of these processes
  • identifies and handles nonconformities and information security incidents
  • has implemented an effective internal audit and management review process

The audit is based on a sampling process of the available information and that consequently there will always be an element of uncertainty present in auditing evidence, which may be reflected in the audit findings. 

What accredited certification to ISO 27701 does not mean

  • That the information is secured in 100%
  • That any breaches or events can occur
  • That the technologies used by the organization were checked by the certification body and were found 100% effective

To fill in the application for ISO 27701 please press here